Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MBAM - Rootkit.0Access; Exploit.Drop.GS; Trojan.Agent; Trojan.Downloader; Trojan.Lameshield.124


  • This topic is locked This topic is locked
16 replies to this topic

#1 iseeker

iseeker

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 29 December 2012 - 08:02 PM

Noticed this morning that Microsoft Security Essentials real-time protection was turned off and that I could not get it to turn back on. Also could not get windows update to run. Went to Services and tried disabling and then enabling windows installer. Also tried uninstalling and reinstalling MSE, but still the same problem.

Next ran MBAM full scan and found the first Rootkit.0Access; Exploit.Drop.GS; Trojan.Agent; Trojan.Downloader. Clicked remove selected and let it reboot. MBAM log created below. Ran MBAM (quick scan this time) again and found Trojan.Lameshield.124. About to hit "remove selected" and reboot. Will post log after reboot.

I have backup drives that I use (2.5" USB drives). Should I scan those as well (at same time)? Thank you for any help!!!

MBAM log attached. Ran DDS but didn't see any option to save the log. Will figure that out and post after reboot. EDIT: rebooted, and reran DDS. The program ran, but then shut down without allowing me to save a log. Any ideas to get more information about my issue?

I run Windows Vista 32-bit. Dell Inspiron E1505 (5 years old). I run MSE and windows firewall (firewall still active as far as I can tell). Removed other malware before reinstalling MSE and followed procedures on microsoft articles about reinstalling MSE.

Attached File  mbam-log-2012-12-29 (15-25-09).txt   5.9KB   3 downloads
Attached File  mbam-log-2012-12-29 (18-25-47).txt   2.05KB   2 downloads

Edited by iseeker, 29 December 2012 - 08:29 PM.


BC AdBot (Login to Remove)

 


#2 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:58 PM

Posted 30 December 2012 - 10:21 AM

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days. :)


Hello there, iseeker

:welcome:

I'm Conspire, I'll be glad to help you with your computer problems.

Please observe these rules while we work:
  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.

IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#3 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:58 PM

Posted 30 December 2012 - 10:22 AM

Hello there,

Please download DDS by sUBs from one of the following links and save it to your desktop.
  • Disable any script blocking protection (How to Disable your Security Programs)
  • Double click DDS icon to run the tool (may take up to 3 minutes to run)
  • When done, DDS.txt will open.
  • After a few moments, attach.txt will open in a second window.
  • Save both reports to your desktop.
---------------------------------------------------
  • Post the contents of the DDS.txt report in your next reply
  • Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.
===================================================

Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
  • Allow it to update where necessary
  • Click Scan

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
===================================================

Download TDSSKiller.exe and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

===================================================

On your next reply please post :
DDS log
aswMBR log
TDSSKiller log

Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#4 iseeker

iseeker
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 30 December 2012 - 12:08 PM

Hello! And thank you. Here is what I've done:

1) DDS -- I am only running MSE. It still says real-time protection is off even though in the settings the radio button is checked that says it enables real-time protection. To be safe I unchecked that button and then ran DDS (should note that even with the button unchecked, a box still popped up when I downloaded asking if I wanted to download it and it still said it ran a security scan on it). Tried downloading DDS from both sites and running. Both times the programmed opened and looked to be working but each time it shut down and never produced the logs. Is there another program that can get you the same info?
2) aswMBR.exe -- installed but it says scan error. The log is posted below.

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-30 10:52:35
-----------------------------
10:52:35.188 OS Version: Windows 6.0.6002 Service Pack 2
10:52:35.188 Number of processors: 2 586 0xF06
10:52:35.188 ComputerName: DALELAPTOP UserName:
10:52:53.472 Initialze error C0000001 - driver not loaded
10:53:51.244 AVAST engine defs: 12123000
10:54:57.591 Scan error: Incorrect function.
10:56:13.828 The log file has been saved successfully to "C:\Users\Dale&Alison\Desktop\Malware Logs\aswMBR.txt"


3) TDSSKiller.exe - while installed it said "can't load driver" but it still installed and I scanned. It found one item ("rootkit.Win32.Necurs.gen"). I skipped. Log is posted below:

11:00:38.0536 4272 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
11:00:39.0238 4272 ============================================================
11:00:39.0238 4272 Current date / time: 2012/12/30 11:00:39.0238
11:00:39.0238 4272 SystemInfo:
11:00:39.0238 4272
11:00:39.0238 4272 OS Version: 6.0.6002 ServicePack: 2.0
11:00:39.0238 4272 Product type: Workstation
11:00:39.0238 4272 ComputerName: DALELAPTOP
11:00:39.0238 4272 UserName: Dale&Alison
11:00:39.0238 4272 Windows directory: C:\Windows
11:00:39.0238 4272 System windows directory: C:\Windows
11:00:39.0238 4272 Processor architecture: Intel x86
11:00:39.0238 4272 Number of processors: 2
11:00:39.0238 4272 Page size: 0x1000
11:00:39.0238 4272 Boot type: Normal boot
11:00:39.0238 4272 ============================================================
11:00:46.0133 4272 !crdlk
11:00:46.0164 4272 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
11:00:46.0180 4272 Drive \Device\Harddisk1\DR1 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:00:46.0211 4272 ============================================================
11:00:46.0211 4272 \Device\Harddisk0\DR0:
11:00:46.0211 4272 MBR partitions:
11:00:46.0211 4272 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
11:00:46.0211 4272 \Device\Harddisk1\DR1:
11:00:46.0211 4272 MBR partitions:
11:00:46.0211 4272 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0xB635800
11:00:46.0242 4272 ============================================================
11:00:46.0289 4272 C: <-> \Device\Harddisk0\DR0\Partition1
11:00:46.0320 4272 ============================================================
11:00:46.0320 4272 Initialize success
11:00:46.0320 4272 ============================================================
11:00:49.0518 4092 ============================================================
11:00:49.0518 4092 Scan started
11:00:49.0518 4092 Mode: Manual;
11:00:49.0518 4092 ============================================================
11:00:50.0048 4092 ================ Scan system memory ========================
11:00:50.0048 4092 System memory - ok
11:00:50.0048 4092 ================ Scan services =============================
11:00:50.0236 4092 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
11:00:50.0236 4092 ACPI - ok
11:00:50.0314 4092 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:00:50.0314 4092 AdobeFlashPlayerUpdateSvc - ok
11:00:50.0360 4092 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
11:00:50.0376 4092 adp94xx - ok
11:00:50.0423 4092 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
11:00:50.0423 4092 adpahci - ok
11:00:50.0454 4092 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
11:00:50.0454 4092 adpu160m - ok
11:00:50.0485 4092 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
11:00:50.0485 4092 adpu320 - ok
11:00:50.0532 4092 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:00:50.0548 4092 AeLookupSvc - ok
11:00:50.0579 4092 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
11:00:50.0594 4092 AFD - ok
11:00:50.0626 4092 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
11:00:50.0641 4092 agp440 - ok
11:00:50.0657 4092 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
11:00:50.0672 4092 aic78xx - ok
11:00:50.0719 4092 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
11:00:50.0719 4092 ALG - ok
11:00:50.0750 4092 [ 3A99CB23A2D326FD532618705D6E3048 ] aliide C:\Windows\system32\drivers\aliide.sys
11:00:50.0750 4092 aliide - ok
11:00:50.0797 4092 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
11:00:50.0797 4092 amdagp - ok
________________________________________________________________________________________________________________

Side note -- before finding this site I did run mbam and logs are attached in first post (I note this only b/c your instructions say don't attempt any fixes). Just fyi.

Question - do you want me to post logs or attach logs?

Edited by iseeker, 30 December 2012 - 12:29 PM.


#5 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:58 PM

Posted 30 December 2012 - 10:40 PM

The instruction refers to the moment where you have a helper who is helping you, because any attempt on self fixes while receiving help will confuse both sides and dragging the time.

It would be great to post the logs instead of attaching it unless specifically requested. It will make my research and review a whole lot easier. ;)

Try running this alternative tool for DDS.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Minimal Output at the top
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click OK to load a custom scan from a file or Cancel to cancel"
  • Click the OK button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic
===================================================

On your next reply please post :
OTL log
Extra log


Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#6 iseeker

iseeker
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 31 December 2012 - 12:10 AM

Great. Here are the logs:

OTL.txt
OTL logfile created on: 12/30/2012 10:49:35 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dale&Alison\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 56.53% Memory free
4.24 Gb Paging File | 2.84 Gb Available in Paging File | 66.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 133.52 Gb Free Space | 44.79% Space Free | Partition Type: NTFS

Computer Name: DALELAPTOP | User Name: Dale&Alison | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Dale&Alison\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
PRC - C:\Users\Dale&Alison\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe (Western Digital )
PRC - C:\Program Files\Western Digital\WD SmartWare\WDLockedFiles.exe (Western Digital )
PRC - C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe (Western Digital )
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital)
PRC - C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe (Western Digital)
PRC - C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe (Verizon)
PRC - C:\Program Files\Quicken\bagent.exe (Intuit Inc.)
PRC - C:\Program Files\FingerPrint\FingerPrintService.exe (Collobos Software)
PRC - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Users\Dale&Alison\AppData\Local\CrossLoop\CrossLoopService.exe (CrossLoop Inc)
PRC - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ac05afefb5b28893d44ec451da0e6d4e\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2633dbf77be293b3a8693b6b062fd787\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll ()
MOD - C:\Program Files\Evernote\Evernote\libxml2.dll ()
MOD - C:\Program Files\Evernote\Evernote\libtidy.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\System32\bcmwlrmt.dll ()


========== Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (WDRulesService) -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe (Western Digital )
SRV - (WDBackup) -- C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe (Western Digital )
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (WDDriveService) -- C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital)
SRV - (IHA_MessageCenter) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe (Verizon)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (FingerPrint) -- C:\Program Files\FingerPrint\FingerPrintService.exe (Collobos Software)
SRV - (IntuitUpdateServiceV4) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
SRV - (CrossLoopService) -- C:\Users\Dale&Alison\AppData\Local\CrossLoop\CrossLoopService.exe (CrossLoop Inc)
SRV - (Creative Labs Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
SRV - (uvnc_service) -- C:\Users\Dale&Alison\AppData\Local\CrossLoop\winvnc.exe (UltraVNC)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (BCM42RLY) -- system32\drivers\BCM42RLY.sys File not found
DRV - (NisDrv) -- C:\Windows\System32\DRIVERS\NisDrvWFP.sys ()
DRV - (volsnap) -- C:\Windows\System32\drivers\volsnap.sys ()
DRV - (Wdf01000) -- C:\Windows\System32\drivers\Wdf01000.sys ()
DRV - (WudfPf) -- C:\Windows\System32\drivers\WudfPf.sys ()
DRV - (WUDFRd) -- C:\Windows\System32\DRIVERS\WUDFRd.sys ()
DRV - (KSecDD) -- C:\Windows\System32\Drivers\ksecdd.sys ()
DRV - (RDPWD) -- C:\Windows\System32\drivers\rdpwd.sys ()
DRV - (Tcpip6) -- C:\Windows\System32\DRIVERS\tcpip.sys ()
DRV - (Tcpip) -- C:\Windows\System32\drivers\tcpip.sys ()
DRV - (tcpipreg) -- C:\Windows\System32\drivers\tcpipreg.sys ()
DRV - (partmgr) -- C:\Windows\System32\drivers\partmgr.sys ()
DRV - (Fs_Rec) -- C:\Windows\System32\drivers\fs_rec.sys ()
DRV - (WDC_SAM) -- C:\Windows\System32\DRIVERS\wdcsam.sys ()
DRV - (dc3d) -- C:\Windows\System32\DRIVERS\dc3d.sys ()
DRV - (Point32) -- C:\Windows\System32\DRIVERS\point32.sys ()
DRV - (mrxsmb10) -- C:\Windows\System32\DRIVERS\mrxsmb10.sys ()
DRV - (srv2) -- C:\Windows\System32\DRIVERS\srv2.sys ()
DRV - (srvnet) -- C:\Windows\System32\DRIVERS\srvnet.sys ()
DRV - (mrxsmb20) -- C:\Windows\System32\DRIVERS\mrxsmb20.sys ()
DRV - (mrxsmb) -- C:\Windows\System32\DRIVERS\mrxsmb.sys ()
DRV - (DfsC) -- C:\Windows\System32\Drivers\dfsc.sys ()
DRV - (srv) -- C:\Windows\System32\DRIVERS\srv.sys ()
DRV - (DXGKrnl) -- C:\Windows\System32\drivers\dxgkrnl.sys ()
DRV - (HTTP) -- C:\Windows\System32\drivers\HTTP.sys ()
DRV - (tunnel) -- C:\Windows\System32\DRIVERS\tunnel.sys ()
DRV - (WpdUsb) -- C:\Windows\System32\DRIVERS\wpdusb.sys ()
DRV - (MSHUSBVideo) -- C:\Windows\System32\Drivers\nx6000.sys ()
DRV - (volmgrx) -- C:\Windows\System32\drivers\volmgrx.sys ()
DRV - (pci) -- C:\Windows\System32\drivers\pci.sys ()
DRV - (TermDD) -- C:\Windows\System32\DRIVERS\termdd.sys ()
DRV - (Ntfs) -- C:\Windows\System32\drivers\ntfs.sys ()
DRV - (NDIS) -- C:\Windows\System32\drivers\ndis.sys ()
DRV - (CLFS) -- C:\Windows\System32\CLFS.sys ()
DRV - (FltMgr) -- C:\Windows\System32\drivers\fltmgr.sys ()
DRV - (iScsiPrt) -- C:\Windows\System32\DRIVERS\msiscsi.sys ()
DRV - (MsRPC) -- C:\Windows\System32\drivers\msrpc.sys ()
DRV - (Ecache) -- C:\Windows\System32\drivers\ecache.sys ()
DRV - (disk) -- C:\Windows\System32\drivers\disk.sys ()
DRV - (Mup) -- C:\Windows\System32\Drivers\mup.sys ()
DRV - (RasSstp) -- C:\Windows\System32\DRIVERS\rassstp.sys ()
DRV - (NdisWan) -- C:\Windows\System32\DRIVERS\ndiswan.sys ()
DRV - (RasPppoe) -- C:\Windows\System32\DRIVERS\raspppoe.sys ()
DRV - (tdx) -- C:\Windows\System32\DRIVERS\tdx.sys ()
DRV - (PSched) -- C:\Windows\System32\DRIVERS\pacer.sys ()
DRV - (netbt) -- C:\Windows\System32\DRIVERS\netbt.sys ()
DRV - (Smb) -- C:\Windows\System32\DRIVERS\smb.sys ()
DRV - (NativeWifiP) -- C:\Windows\System32\DRIVERS\nwifi.sys ()
DRV - (usbhub) -- C:\Windows\System32\DRIVERS\usbhub.sys ()
DRV - (RFCOMM) -- C:\Windows\System32\DRIVERS\rfcomm.sys ()
DRV - (HidBth) -- C:\Windows\System32\DRIVERS\hidbth.sys ()
DRV - (ohci1394) -- C:\Windows\System32\DRIVERS\ohci1394.sys ()
DRV - (HdAudAddService) -- C:\Windows\System32\drivers\HdAudio.sys ()
DRV - (USBSTOR) -- C:\Windows\System32\DRIVERS\USBSTOR.SYS ()
DRV - (usbaudio) -- C:\Windows\System32\drivers\usbaudio.sys ()
DRV - (usbehci) -- C:\Windows\System32\DRIVERS\usbehci.sys ()
DRV - (HidUsb) -- C:\Windows\System32\DRIVERS\hidusb.sys ()
DRV - (cdrom) -- C:\Windows\System32\DRIVERS\cdrom.sys ()
DRV - (sffp_sd) -- C:\Windows\System32\DRIVERS\sffp_sd.sys ()
DRV - (kbdhid) -- C:\Windows\System32\DRIVERS\kbdhid.sys ()
DRV - (sdbus) -- C:\Windows\System32\DRIVERS\sdbus.sys ()
DRV - (MRxDAV) -- C:\Windows\System32\drivers\mrxdav.sys ()
DRV - (rdbss) -- C:\Windows\System32\DRIVERS\rdbss.sys ()
DRV - (Npfs) -- C:\Windows\System32\drivers\npfs.sys ()
DRV - (udfs) -- C:\Windows\System32\DRIVERS\udfs.sys ()
DRV - (exfat) -- C:\Windows\System32\drivers\exfat.sys ()
DRV - (fastfat) -- C:\Windows\System32\drivers\fastfat.sys ()
DRV - (FileInfo) -- C:\Windows\System32\drivers\fileinfo.sys ()
DRV - (MountMgr) -- C:\Windows\System32\drivers\mountmgr.sys ()
DRV - (volmgr) -- C:\Windows\System32\drivers\volmgr.sys ()
DRV - (kbdclass) -- C:\Windows\System32\DRIVERS\kbdclass.sys ()
DRV - (mouclass) -- C:\Windows\System32\DRIVERS\mouclass.sys ()
DRV - (mssmbios) -- C:\Windows\System32\DRIVERS\mssmbios.sys ()
DRV - (spldr) -- C:\Windows\System32\drivers\spldr.sys ()
DRV - (Compbatt) -- C:\Windows\System32\DRIVERS\compbatt.sys ()
DRV - (intelide) -- C:\Windows\System32\drivers\intelide.sys ()
DRV - (msisadrv) -- C:\Windows\System32\drivers\msisadrv.sys ()
DRV - (swenum) -- C:\Windows\System32\DRIVERS\swenum.sys ()
DRV - (StillCam) -- C:\Windows\System32\DRIVERS\serscan.sys ()
DRV - (tssecsrv) -- C:\Windows\System32\DRIVERS\tssecsrv.sys ()
DRV - (RDPENCDD) -- C:\Windows\System32\drivers\rdpencdd.sys ()
DRV - (TDTCP) -- C:\Windows\System32\drivers\tdtcp.sys ()
DRV - (RDPCDD) -- C:\Windows\System32\DRIVERS\RDPCDD.sys ()
DRV - (TDPIPE) -- C:\Windows\System32\drivers\tdpipe.sys ()
DRV - (Modem) -- C:\Windows\System32\drivers\modem.sys ()
DRV - (ws2ifsl) -- C:\Windows\System32\drivers\ws2ifsl.sys ()
DRV - (Rasl2tp) -- C:\Windows\System32\DRIVERS\rasl2tp.sys ()
DRV - (PptpMiniport) -- C:\Windows\System32\DRIVERS\raspptp.sys ()
DRV - (Wanarpv6) -- C:\Windows\System32\DRIVERS\wanarp.sys ()
DRV - (Wanarp) -- C:\Windows\System32\DRIVERS\wanarp.sys ()
DRV - (RasAcd) -- C:\Windows\System32\DRIVERS\rasacd.sys ()
DRV - (IPNAT) -- C:\Windows\System32\DRIVERS\ipnat.sys ()
DRV - (NDProxy) -- C:\Windows\System32\drivers\ndproxy.sys ()
DRV - (NdisTapi) -- C:\Windows\System32\DRIVERS\ndistapi.sys ()
DRV - (IpFilterDriver) -- C:\Windows\System32\DRIVERS\ipfltdrv.sys ()
DRV - (QWAVEdrv) -- C:\Windows\System32\drivers\qwavedrv.sys ()
DRV - (nsiproxy) -- C:\Windows\System32\drivers\nsiproxy.sys ()
DRV - (NetBIOS) -- C:\Windows\System32\DRIVERS\netbios.sys ()
DRV - (tunmp) -- C:\Windows\System32\DRIVERS\tunmp.sys ()
DRV - (Ndisuio) -- C:\Windows\System32\DRIVERS\ndisuio.sys ()
DRV - (IRENUM) -- C:\Windows\System32\drivers\irenum.sys ()
DRV - (rspndr) -- C:\Windows\System32\DRIVERS\rspndr.sys ()
DRV - (lltdio) -- C:\Windows\System32\DRIVERS\lltdio.sys ()
DRV - (mpsdrv) -- C:\Windows\System32\drivers\mpsdrv.sys ()
DRV - (umbus) -- C:\Windows\System32\DRIVERS\umbus.sys ()
DRV - (usbvideo) -- C:\Windows\System32\Drivers\usbvideo.sys ()
DRV - (usbccgp) -- C:\Windows\System32\DRIVERS\usbccgp.sys ()
DRV - (usbuhci) -- C:\Windows\System32\DRIVERS\usbuhci.sys ()
DRV - (drmkaud) -- C:\Windows\System32\drivers\drmkaud.sys ()
DRV - (monitor) -- C:\Windows\System32\DRIVERS\monitor.sys ()
DRV - (VgaSave) -- C:\Windows\System32\drivers\vga.sys ()
DRV - (sffdisk) -- C:\Windows\System32\DRIVERS\sffdisk.sys ()
DRV - (MSKSSRV) -- C:\Windows\System32\drivers\MSKSSRV.sys ()
DRV - (MSTEE) -- C:\Windows\System32\drivers\MSTEE.sys ()
DRV - (i8042prt) -- C:\Windows\System32\DRIVERS\i8042prt.sys ()
DRV - (MSPCLOCK) -- C:\Windows\System32\drivers\MSPCLOCK.sys ()
DRV - (MSPQM) -- C:\Windows\System32\drivers\MSPQM.sys ()
DRV - (sermouse) -- C:\Windows\System32\drivers\sermouse.sys ()
DRV - (mouhid) -- C:\Windows\System32\DRIVERS\mouhid.sys ()
DRV - (Null) -- C:\Windows\System32\drivers\null.sys ()
DRV - (CmBatt) -- C:\Windows\System32\DRIVERS\CmBatt.sys ()
DRV - (WmiAcpi) -- C:\Windows\System32\DRIVERS\wmiacpi.sys ()
DRV - (luafv) -- C:\Windows\System32\drivers\luafv.sys ()
DRV - (Filetrace) -- C:\Windows\System32\drivers\filetrace.sys ()
DRV - (Msfs) -- C:\Windows\System32\drivers\msfs.sys ()
DRV - (cdfs) -- C:\Windows\System32\drivers\cdfs.sys ()
DRV - (intelppm) -- C:\Windows\System32\DRIVERS\intelppm.sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\DRIVERS\nvlddmkm.sys ()
DRV - (msahci) -- C:\Windows\System32\drivers\msahci.sys ()
DRV - (pciide) -- C:\Windows\System32\drivers\pciide.sys ()
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\DRIVERS\rimmptsk.sys ()
DRV - (rimsptsk) -- C:\Windows\System32\DRIVERS\rimsptsk.sys ()
DRV - (rismxdp) -- C:\Windows\System32\DRIVERS\rixdptsk.sys ()
DRV - (pcmcia) -- C:\Windows\System32\drivers\pcmcia.sys ()
DRV - (nv_agp) -- C:\Windows\System32\drivers\nv_agp.sys ()
DRV - (isapnp) -- C:\Windows\System32\drivers\isapnp.sys ()
DRV - (msdsm) -- C:\Windows\System32\drivers\msdsm.sys ()
DRV - (mpio) -- C:\Windows\System32\drivers\mpio.sys ()
DRV - (sbp2port) -- C:\Windows\System32\drivers\sbp2port.sys ()
DRV - (gagp30kx) -- C:\Windows\System32\drivers\gagp30kx.sys ()
DRV - (uliagpkx) -- C:\Windows\System32\drivers\uliagpkx.sys ()
DRV - (uagp35) -- C:\Windows\System32\drivers\uagp35.sys ()
DRV - (viaagp) -- C:\Windows\System32\drivers\viaagp.sys ()
DRV - (i2omp) -- C:\Windows\System32\drivers\i2omp.sys ()
DRV - (crcdisk) -- C:\Windows\System32\drivers\crcdisk.sys ()
DRV - (Wd) -- C:\Windows\System32\drivers\wd.sys ()
DRV - (usbprint) -- C:\Windows\System32\drivers\usbprint.sys ()
DRV - (PEAUTH) -- C:\Windows\System32\drivers\peauth.sys ()
DRV - (rdpdr) -- C:\Windows\System32\drivers\rdpdr.sys ()
DRV - (usbcir) -- C:\Windows\System32\drivers\usbcir.sys ()
DRV - (circlass) -- C:\Windows\System32\drivers\circlass.sys ()
DRV - (usbohci) -- C:\Windows\System32\drivers\usbohci.sys ()
DRV - (HidIr) -- C:\Windows\System32\drivers\hidir.sys ()
DRV - (vga) -- C:\Windows\System32\DRIVERS\vgapnp.sys ()
DRV - (WacomPen) -- C:\Windows\System32\drivers\wacompen.sys ()
DRV - (sfloppy) -- C:\Windows\System32\drivers\sfloppy.sys ()
DRV - (sffp_mmc) -- C:\Windows\System32\drivers\sffp_mmc.sys ()
DRV - (fdc) -- C:\Windows\System32\DRIVERS\fdc.sys ()
DRV - (flpydisk) -- C:\Windows\System32\DRIVERS\flpydisk.sys ()
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys ()
DRV - (Parport) -- C:\Windows\System32\drivers\parport.sys ()
DRV - (Serenum) -- C:\Windows\System32\drivers\serenum.sys ()
DRV - (Parvdm) -- C:\Windows\System32\drivers\parvdm.sys ()
DRV - (IPMIDRV) -- C:\Windows\System32\drivers\ipmidrv.sys ()
DRV - (ViaC7) -- C:\Windows\System32\drivers\viac7.sys ()
DRV - (Crusoe) -- C:\Windows\System32\drivers\crusoe.sys ()
DRV - (Processor) -- C:\Windows\System32\drivers\processr.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A9 20 60 C3 6E 9B CA 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {EEEC374E-977B-4E91-8706-E742485387FC}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{EEEC374E-977B-4E91-8706-E742485387FC}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_1.2.0.39\coFFFw\


O1 HOSTS File: ([2006/09/18 15:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPToolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [WD Drive Unlocker] C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe (Western Digital)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Dale&Alison\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [DriverMax_RESTART] File not found
O4 - HKCU..\Run: [QuickenScheduledUpdates] C:\Program Files\Quicken\bagent.exe (Intuit Inc.)
O4 - Startup: C:\Users\Dale&Alison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Users\Dale&Alison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\My Program.lnk = C:\Program Files\FingerPrint\FingerPrint.exe (Collobos Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: LastPass - file://C:\Users\Dale&Alison\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\Dale&Alison\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPToolbar.dll ()
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPToolbar.dll ()
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC54D56A-CA8E-4155-A969-DA5AA696C4E3}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF379C48-D678-4F8B-B6B7-4CDBDCC660E1}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Dale&Alison\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Dale&Alison\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{c94b6467-0760-11df-8018-0019b96f98f1}\Shell - "" = AutoRun
O33 - MountPoints2\{c94b6467-0760-11df-8018-0019b96f98f1}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
System Restore Service not available.

========== Files/Folders - Created Within 30 Days ==========

[2012/12/30 22:43:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon
[2012/12/30 22:39:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dale&Alison\Desktop\OTL.exe
[2012/12/29 18:08:13 | 000,000,000 | ---D | C] -- C:\Users\Dale&Alison\Desktop\Malware Logs
[2012/12/29 18:03:24 | 000,000,000 | ---D | C] -- C:\Program Files\Magical Jelly Bean
[2012/12/29 18:03:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyFinder
[2012/12/29 17:53:36 | 000,000,000 | ---D | C] -- C:\Users\Dale&Alison\AppData\Local\Innovative Solutions
[2012/12/29 17:53:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverMax
[2012/12/29 17:53:29 | 000,000,000 | ---D | C] -- C:\Program Files\Innovative Solutions
[2012/12/29 17:43:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SIW
[2012/12/29 17:43:41 | 000,000,000 | ---D | C] -- C:\Program Files\SIW 2011 Home Edition
[2012/12/29 17:34:25 | 000,000,000 | ---D | C] -- C:\Users\Dale&Alison\AppData\Local\Akamai
[2012/12/29 15:12:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/12/29 15:12:45 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/12/29 15:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/12/29 14:29:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/12/29 10:05:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/12/29 10:05:02 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/12/29 10:04:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/12/29 10:04:59 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/12/29 09:59:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/12/29 09:59:44 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/12/29 08:50:12 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2012/12/20 22:51:13 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012/12/15 11:44:38 | 000,000,000 | ---D | C] -- C:\Users\Dale&Alison\AppData\Roaming\Soluto
[2012/12/15 11:10:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Soluto
[2012/12/13 17:58:12 | 000,000,000 | ---D | C] -- C:\Users\Dale&Alison\AppData\Roaming\Malwarebytes
[2012/12/13 17:57:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/12/11 20:18:26 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/12/11 20:18:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/12/11 20:18:24 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/12/11 20:18:24 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/12/11 20:18:24 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/12/11 20:18:22 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/12/11 20:18:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/12/11 20:18:20 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/12/11 20:14:00 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2012/12/11 20:13:57 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winusb.dll
[2012/12/11 20:13:56 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2012/12/11 20:13:53 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2012/12/11 20:13:51 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2012/12/11 19:03:19 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2012/12/11 19:03:19 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnsvr.exe
[2012/12/11 19:02:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/12/09 10:01:55 | 000,022,912 | ---- | C] (IObit) -- C:\Windows\System32\RegistryDefragBootTime.exe
[2012/12/09 08:59:07 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2012/12/09 08:59:00 | 000,000,000 | ---D | C] -- C:\Users\Dale&Alison\AppData\Roaming\IObit
[2012/12/09 08:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2012/12/05 22:27:07 | 000,000,000 | ---D | C] -- C:\Users\Dale&Alison\AppData\Roaming\Catalina Marketing Corp
[2012/12/05 22:27:04 | 000,000,000 | ---D | C] -- C:\Users\Dale&Alison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp
[2012/12/04 08:09:21 | 000,000,000 | ---D | C] -- C:\Users\Dale&Alison\AppData\Roaming\Amazon
[2012/12/04 08:09:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
[2012/12/04 08:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[2011/09/27 19:32:57 | 006,221,896 | ---- | C] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/30 22:41:48 | 000,643,730 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/12/30 22:41:48 | 000,119,890 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/12/30 22:39:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dale&Alison\Desktop\OTL.exe
[2012/12/30 22:37:28 | 000,027,905 | ---- | M] () -- C:\Users\Dale&Alison\AppData\Roaming\nvModes.001
[2012/12/30 22:37:02 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/30 22:34:15 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/30 22:34:15 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/30 22:34:08 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/30 22:34:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/30 22:33:54 | 2145,849,344 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/30 12:32:02 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/12/30 12:12:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/30 12:10:30 | 000,002,651 | ---- | M] () -- C:\Users\Dale&Alison\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2012/12/30 11:50:41 | 000,002,609 | ---- | M] () -- C:\Users\Dale&Alison\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2012/12/29 17:43:42 | 000,000,864 | ---- | M] () -- C:\Users\Dale&Alison\Desktop\SIW.lnk
[2012/12/29 17:30:12 | 000,023,159 | ---- | M] () -- C:\Users\Dale&Alison\AppData\Roaming\Comma Separated Values (Windows).ADR
[2012/12/29 14:31:20 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/12/29 13:29:39 | 000,000,193 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012/12/29 11:20:09 | 000,027,905 | ---- | M] () -- C:\Users\Dale&Alison\AppData\Roaming\nvModes.dat
[2012/12/29 10:05:55 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/12/29 09:59:52 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/12/29 08:49:57 | 000,000,983 | ---- | M] () -- C:\Users\Dale&Alison\Desktop\Dropbox.lnk
[2012/12/28 20:48:41 | 000,062,080 | ---- | M] () -- C:\Windows\System32\drivers\d97dad1e33de778e.sys
[2012/12/20 22:57:19 | 000,380,880 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/12/16 07:12:54 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012/12/16 04:50:29 | 000,293,376 | ---- | M] () -- C:\Windows\System32\atmfd.dll
[2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/12/13 09:58:26 | 000,051,144 | ---- | M] () -- C:\Windows\System32\drivers\Soluto.sys
[2012/12/12 10:12:28 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/12/12 10:12:28 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/12/09 10:21:43 | 000,000,000 | ---- | M] () -- C:\asc_rdflag
[2012/12/04 08:09:09 | 000,001,992 | ---- | M] () -- C:\Users\Public\Desktop\Amazon Cloud Player.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/29 17:43:42 | 000,000,864 | ---- | C] () -- C:\Users\Dale&Alison\Desktop\SIW.lnk
[2012/12/29 14:30:46 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/12/29 10:05:55 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/12/29 09:59:52 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/12/28 20:48:41 | 000,062,080 | ---- | C] () -- C:\Windows\System32\drivers\d97dad1e33de778e.sys
[2012/12/20 22:51:13 | 000,293,376 | ---- | C] () -- C:\Windows\System32\atmfd.dll
[2012/12/15 11:12:54 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012/12/15 11:12:11 | 000,051,144 | ---- | C] () -- C:\Windows\System32\drivers\Soluto.sys
[2012/12/11 20:14:09 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/12/11 20:14:09 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/12/11 20:13:57 | 000,155,136 | ---- | C] () -- C:\Windows\System32\drivers\WUDFRd.sys
[2012/12/11 20:13:57 | 000,066,560 | ---- | C] () -- C:\Windows\System32\drivers\WUDFPf.sys
[2012/12/11 20:13:55 | 000,526,952 | ---- | C] () -- C:\Windows\System32\drivers\Wdf01000.sys
[2012/12/11 20:13:55 | 000,047,720 | ---- | C] () -- C:\Windows\System32\drivers\WdfLdr.sys
[2012/12/11 19:03:21 | 002,048,000 | ---- | C] () -- C:\Windows\System32\win32k.sys
[2012/12/11 19:03:14 | 000,224,640 | ---- | C] () -- C:\Windows\System32\drivers\volsnap.sys
[2012/12/11 06:44:05 | 2145,849,344 | -HS- | C] () -- C:\hiberfil.sys
[2012/12/09 10:21:43 | 000,000,000 | ---- | C] () -- C:\asc_rdflag
[2012/12/04 08:09:09 | 000,001,992 | ---- | C] () -- C:\Users\Public\Desktop\Amazon Cloud Player.lnk
[2012/10/09 18:20:05 | 003,602,816 | ---- | C] () -- C:\Windows\System32\ntkrnlpa.exe
[2012/09/28 10:32:56 | 000,044,544 | ---- | C] () -- C:\Windows\System32\drivers\usbaapl.sys
[2012/08/30 22:03:50 | 000,099,272 | ---- | C] () -- C:\Windows\System32\drivers\NisDrvWFP.sys
[2012/07/15 11:39:46 | 000,000,725 | ---- | C] () -- C:\Users\Dale&Alison\Evernote.lnk
[2012/07/11 07:05:31 | 000,440,704 | ---- | C] () -- C:\Windows\System32\drivers\ksecdd.sys
[2012/06/13 06:46:11 | 000,180,736 | ---- | C] () -- C:\Windows\System32\drivers\rdpwd.sys
[2012/05/10 17:18:41 | 000,053,120 | ---- | C] () -- C:\Windows\System32\drivers\partmgr.sys
[2012/05/10 17:18:40 | 000,914,304 | ---- | C] () -- C:\Windows\System32\drivers\tcpip.sys
[2012/05/10 17:18:39 | 000,031,232 | ---- | C] () -- C:\Windows\System32\drivers\tcpipreg.sys
[2012/04/18 09:05:32 | 000,015,720 | ---- | C] () -- C:\Windows\System32\drivers\grmnusb.sys
[2012/04/18 09:05:30 | 000,025,448 | ---- | C] () -- C:\Windows\System32\drivers\grmngen.sys
[2012/04/12 02:10:25 | 000,012,800 | ---- | C] () -- C:\Windows\System32\drivers\fs_rec.sys
[2012/02/25 08:24:40 | 000,000,590 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/12/16 13:18:56 | 000,011,520 | ---- | C] () -- C:\Windows\System32\drivers\wdcsam.sys
[2011/12/14 14:23:06 | 000,049,152 | ---- | C] () -- C:\Windows\System32\csrsrv.dll
[2011/08/10 16:39:48 | 000,045,288 | ---- | C] () -- C:\Windows\System32\drivers\dc3d.sys
[2011/08/10 14:05:02 | 000,214,016 | ---- | C] () -- C:\Windows\System32\drivers\mrxsmb10.sys
[2011/08/01 15:56:42 | 000,040,936 | ---- | C] () -- C:\Windows\System32\drivers\point32.sys
[2011/07/13 06:29:08 | 000,508,416 | ---- | C] () -- C:\Windows\System32\drivers\bthport.sys
[2011/07/13 06:29:08 | 000,030,208 | ---- | C] () -- C:\Windows\System32\drivers\BTHUSB.SYS
[2011/06/16 18:16:06 | 000,075,264 | ---- | C] () -- C:\Windows\System32\drivers\dfsc.sys
[2011/06/16 18:16:04 | 000,273,408 | ---- | C] () -- C:\Windows\System32\drivers\afd.sys
[2011/06/16 18:16:02 | 000,146,432 | ---- | C] () -- C:\Windows\System32\drivers\srv2.sys
[2011/06/16 18:16:02 | 000,102,400 | ---- | C] () -- C:\Windows\System32\drivers\srvnet.sys
[2011/06/16 18:15:43 | 000,106,496 | ---- | C] () -- C:\Windows\System32\drivers\mrxsmb.sys
[2011/06/16 18:15:43 | 000,079,872 | ---- | C] () -- C:\Windows\System32\drivers\mrxsmb20.sys
[2011/04/14 06:09:03 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\bowser.sys
[2011/04/14 06:08:57 | 000,305,152 | ---- | C] () -- C:\Windows\System32\drivers\srv.sys
[2011/03/14 17:04:01 | 000,023,159 | ---- | C] () -- C:\Users\Dale&Alison\AppData\Roaming\Comma Separated Values (Windows).ADR
[2011/03/10 18:26:25 | 000,213,187 | ---- | C] () -- C:\Users\Dale&Alison\AppData\Roaming\MMUpgrade.jpg
[2011/03/09 20:37:49 | 000,000,106 | ---- | C] () -- C:\Windows\VaultMediaClient.INI
[2011/02/09 18:02:24 | 000,638,336 | ---- | C] () -- C:\Windows\System32\drivers\dxgkrnl.sys
[2011/02/09 18:02:20 | 000,037,376 | ---- | C] () -- C:\Windows\System32\cdd.dll
[2011/01/29 07:54:02 | 000,221,568 | ---- | C] () -- C:\Windows\System32\drivers\netio.sys
[2010/01/22 22:18:50 | 000,059,904 | ---- | C] () -- C:\Users\Dale&Alison\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/22 21:39:02 | 000,027,905 | ---- | C] () -- C:\Users\Dale&Alison\AppData\Roaming\nvModes.001
[2010/01/22 21:12:57 | 000,027,905 | ---- | C] () -- C:\Users\Dale&Alison\AppData\Roaming\nvModes.dat
[2010/01/21 23:24:22 | 000,000,632 | RHS- | C] () -- C:\Users\Dale&Alison\ntuser.pol

========== ZeroAccess Check ==========

[2006/11/02 06:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[2012/12/09 10:30:54 | 000,000,000 | ---D | M] -- C:\Windows\assembly\NativeImages_v2.0.50727_32\EGaD.Desktop

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2010/01/22 01:10:19 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2010/01/22 01:10:19 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2010/01/22 01:10:18 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2010/01/22 01:48:19 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2010/01/22 01:48:19 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2010/01/22 01:10:19 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 03:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 01:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SERVICES.EXE >
[2008/01/19 01:33:28 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2006/11/02 03:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2009/04/11 00:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 00:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 03:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/01/19 01:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 01:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 01:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 01:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 03:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 03:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 01:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /rp /s >

< %systemdrive%\$Recycle.Bin|@;true;true;true >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD3200BEKT-00F3T0 ATA Device
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 298.00GB
Starting Offset: 1048576
Hidden sectors: 0


< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-12-21 04:52:07

< End of report >


Extras.Txt


OTL Extras logfile created on: 12/30/2012 10:49:35 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dale&Alison\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 56.53% Memory free
4.24 Gb Paging File | 2.84 Gb Available in Paging File | 66.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 133.52 Gb Free Space | 44.79% Space Free | Partition Type: NTFS

Computer Name: DALELAPTOP | User Name: Dale&Alison | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2688503831-3471454516-4100852496-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F19B428-ACA4-4D01-A0B4-81A8BDA95DE3}" = rport=139 | protocol=6 | dir=out | app=system |
"{11610390-9C3D-4706-A675-9D4A5F82512A}" = rport=137 | protocol=17 | dir=out | app=system |
"{24F45474-D3CE-4549-AFDF-B344C3F195B3}" = lport=137 | protocol=17 | dir=in | app=system |
"{26D812AA-1DB2-4AF7-B7D1-2122D5BB5D2F}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{2909454C-2195-48A4-9CB0-659A10B54B1A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{379C753B-9F0A-4849-9AB9-3E2382EA319D}" = lport=139 | protocol=6 | dir=in | app=system |
"{4008F667-4A34-434F-A645-E403AEDCBEBD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{554D402D-87FF-4CC1-8DB3-F1A707F3399F}" = lport=50023 | protocol=6 | dir=in | name=akamai netsession interface |
"{5AB92A0B-2F53-4427-BBC0-94CF305F2A04}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |
"{60DF1EB2-60D1-449D-B60C-5EA9B0B5DEDB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{77F1DC43-FAFD-4BA9-B43D-016CE20A247C}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service v4\intuitupdater.exe |
"{7C6E9EA3-4759-4C23-A2D8-F73FEDC3B4B3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{84FD73FF-F138-461D-A504-153E4A51DA53}" = rport=445 | protocol=6 | dir=out | app=system |
"{A0F59F4C-4AB1-4F25-9FA5-A8AE224A9021}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A1E76A0F-AB61-4377-B8B4-7F53C181E8B9}" = lport=445 | protocol=6 | dir=in | app=system |
"{A7A8BAF7-3AFD-484D-AD01-7BF9D6BF528E}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{B2835C89-1576-4CAF-9CE6-11EB417A5A4A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{B529B8C1-9173-4F27-8403-FB647A60EEF4}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |
"{C10F0B2F-CBD2-455D-AE17-CBE9D5325CE8}" = rport=138 | protocol=17 | dir=out | app=system |
"{E58D3E8D-306E-4FA1-8AE9-BAC0D5892E46}" = lport=138 | protocol=17 | dir=in | app=system |
"{F4ECA996-A5B2-42C3-8B8D-11395F388FDD}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service v4\intuitupdateservice.exe |
"{F62D0E70-9279-49AC-A182-82278E342997}" = lport=49225 | protocol=6 | dir=in | name=akamai netsession interface |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{050E9994-666F-4B50-9A33-F1F041C0963A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{05D205CE-D831-472B-9185-7EDD09E1F489}" = protocol=17 | dir=in | app=c:\users\dale&alison\appdata\local\temp\7zs28b4.tmp\symnrt.exe |
"{05EF7682-D44D-4FBF-86AE-7D157C0C51A6}" = dir=out | name=core networking - system ip core |
"{07389D40-6CD3-4DC3-AD07-3BAFCCFDB983}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0C47A592-7033-4DD6-8183-5755E13FEA2B}" = protocol=17 | dir=in | app=c:\users\dale&alison\appdata\roaming\dropbox\bin\dropbox.exe |
"{11D73F6F-413C-42C8-8B9C-C476CFF78D0A}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{12B287A6-E357-463B-8F29-6E2EE0A52AEF}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{13157DA5-2B1E-4983-A066-5FD2B1372CC3}" = protocol=17 | dir=in | app=c:\users\dale&alison\appdata\local\microsoft\windows\temporary internet files\content.ie5\mxhq54ql\solutoinstaller-_wk2tfs94dds.exe |
"{167AE0DD-D49F-47BC-9356-DDCFC3790840}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{189EFA27-6A35-4C79-8CE9-68DEDD07ABE6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{190366BF-ACAE-4804-A2CA-772ECAECE245}" = dir=in | app=c:\program files\fingerprint\fingerprintservice.exe |
"{1934B66A-D1EE-4F53-9FCB-6854F626C53F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1C18CB7A-5DBD-4175-A686-F8E39E71F1BB}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{2077DFCC-F6C8-4FDA-92C3-6FAB44F84086}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2EC28AAA-1A0E-4816-981C-FA2AA7C013E4}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{31AC231F-2F1C-41E0-91D6-AFFB685C6594}" = protocol=6 | dir=in | app=c:\users\dale&alison\appdata\roaming\dropbox\bin\dropbox.exe |
"{3725EDA5-CF6D-4601-833F-E0C6DD381AAC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{3B577A2A-74F8-4052-8245-0CCB5D14ECD9}" = protocol=6 | dir=in | app=c:\users\dale&alison\appdata\local\temp\7zs28b4.tmp\symnrt.exe |
"{3E4272BA-37FC-4435-8C70-865D828F57E6}" = protocol=17 | dir=in | app=c:\users\dale&alison\appdata\local\temp\7zse291.tmp\symnrt.exe |
"{3EA65596-82CF-4760-9EB9-F7FFC58FD367}" = protocol=17 | dir=in | app=c:\users\dale&alison\appdata\roaming\spotify\spotify.exe |
"{4485225E-ADA1-49EA-A67A-4C7AD4246213}" = protocol=17 | dir=in | app=c:\users\dale&alison\appdata\local\crossloop\vncviewer.exe |
"{5289FCA3-405F-4FE9-A6F6-426CD446A3DD}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{6004C89B-5B26-41FB-B484-26F59CD05B83}" = protocol=6 | dir=in | app=c:\users\dale&alison\appdata\local\temp\7zsc036.tmp\symnrt.exe |
"{631766C9-7148-474E-AA21-DF14F6668A8F}" = protocol=6 | dir=in | app=c:\users\dale&alison\appdata\local\temp\7zsb894.tmp\symnrt.exe |
"{6AF21F5D-7D61-4CA5-BE96-9A4AE36EB7AE}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{71C99313-E692-4A5E-BF7C-2EB0BBFFEB69}" = protocol=6 | dir=in | app=c:\users\dale&alison\appdata\local\temp\7zse291.tmp\symnrt.exe |
"{7BE4625C-496B-4B98-8646-D1B0AA9F15A6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{83DD23B9-1EE9-46D8-8656-1B023CA8F2C4}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{860D4AE7-3C3B-40EE-A005-88ED72383085}" = protocol=6 | dir=in | app=c:\users\dale&alison\appdata\local\crossloop\vncviewer.exe |
"{86893975-01DF-46BA-9C2C-70A1A8CD25D4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{89BE1046-BF6E-4C5D-A561-D2EACA16E2D1}" = protocol=17 | dir=in | app=c:\users\dale&alison\appdata\local\temp\7zsb894.tmp\symnrt.exe |
"{8FCFAFE0-B69C-4D93-9612-6AE0EEA8EB64}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{94928A2D-426D-4CF2-B97D-7A22A54D661D}" = protocol=6 | dir=in | app=c:\users\dale&alison\appdata\local\temp\7zs4430.tmp\symnrt.exe |
"{997761C8-DF55-4E58-AB59-5422770A4D78}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9F379869-EEC2-45C9-B919-08E3C0F09F96}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{A041954A-5220-4B01-96FF-552E359615C2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A3347A27-20AF-4D38-8477-7E77D340E3F5}" = protocol=17 | dir=in | app=c:\users\dale&alison\appdata\local\temp\7zs4430.tmp\symnrt.exe |
"{A6D616A6-2F21-4AEA-BC95-CF9519E37018}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{AA44B74B-27E2-4179-A5C3-C26BC04D5A99}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{BAB41959-C5C7-4400-942E-1D55546572A0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C24933BE-F8A6-4758-B8D7-00D8EABEFC99}" = dir=in | name=core networking - system ip core |
"{C58D58D7-6BE7-4C6F-BA9B-19FBEB52F887}" = protocol=6 | dir=in | app=c:\users\dale&alison\appdata\local\microsoft\windows\temporary internet files\content.ie5\mxhq54ql\solutoinstaller-_wk2tfs94dds.exe |
"{D0529B62-B336-4D1F-9A12-B502C1D637E8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D2832327-0505-41E9-A852-1F6D7C72B243}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D528A0BF-8034-4575-9FB0-1AC45C78EB14}" = dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D6CC2F2F-EDC3-4A61-91F3-C0E05BD35804}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E22F099B-D8E3-4196-B2A7-93747EA34A34}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E6E162A7-0B33-42F1-87E9-180D09D548B8}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{E7BCD374-D142-433A-BCBC-97C7AE5A1793}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E8E7307F-FAF0-47C4-8BA9-1B57BF9DA210}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{ECFEA829-5D4D-4E45-98D5-E0BFB6A96EEC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EFC16C83-DBC0-45D6-B17E-B8072F087FFE}" = protocol=6 | dir=in | app=c:\users\dale&alison\appdata\roaming\spotify\spotify.exe |
"{F05AD8AA-0245-4784-B7C3-753885648D69}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{F4277E8A-E7A1-45CB-AC17-A44A06B43F7A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FF3036D9-1A6B-46C5-9ACD-53347D1CB48A}" = protocol=17 | dir=in | app=c:\users\dale&alison\appdata\local\temp\7zsc036.tmp\symnrt.exe |
"TCP Query User{2C52A439-0C8B-4148-8272-59974AC6FD77}C:\users\dale&alison\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\dale&alison\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{2C719F6F-C834-479F-86B3-1E35FF567E27}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{392446D2-B055-46B9-A8C5-28D985F179DC}C:\users\dale&alison\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\dale&alison\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{4142F273-A220-4DFD-8833-F1B260B3C9F0}C:\program files\mediamall\playlater.exe" = protocol=6 | dir=in | app=c:\program files\mediamall\playlater.exe |
"TCP Query User{5F8C604F-9E94-40D4-9298-92B91CBC6251}C:\program files\verizon\verizon media manager\release\verizon media manager.exe" = protocol=6 | dir=in | app=c:\program files\verizon\verizon media manager\release\verizon media manager.exe |
"TCP Query User{8038E667-5FF5-4117-8045-45CB08A1A6D2}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{A0250BF8-B8CC-48CE-A970-BF23D67B492F}C:\users\dale&alison\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\dale&alison\appdata\local\akamai\netsession_win.exe |
"TCP Query User{A4CDFB9F-6788-47CE-92AF-0FD8FF62FD84}C:\users\dale&alison\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\dale&alison\appdata\local\akamai\netsession_win.exe |
"TCP Query User{B4D27DC6-5F27-48F5-BFF7-F0ECDB99E3F1}E:\techwizard.exe" = protocol=6 | dir=in | app=e:\techwizard.exe |
"UDP Query User{0AB87EF8-1F75-4824-BE1B-3D41C996E849}C:\users\dale&alison\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\dale&alison\appdata\local\akamai\netsession_win.exe |
"UDP Query User{256C479F-8850-4F84-97DD-FE9777D59C2D}C:\users\dale&alison\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\dale&alison\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{26466F35-41C1-4311-A027-D6ACB069EA3C}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{9879F7F8-8C89-44CE-AC38-59D06617C64A}E:\techwizard.exe" = protocol=17 | dir=in | app=e:\techwizard.exe |
"UDP Query User{A4171F8A-6F39-4921-A868-163E1B1CB168}C:\program files\verizon\verizon media manager\release\verizon media manager.exe" = protocol=17 | dir=in | app=c:\program files\verizon\verizon media manager\release\verizon media manager.exe |
"UDP Query User{A85C78E2-B9D9-4C19-9ED5-EA13EFFACD52}C:\users\dale&alison\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\dale&alison\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{AB2E7EB5-3110-4DBA-B088-9F3398B93309}C:\users\dale&alison\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\dale&alison\appdata\local\akamai\netsession_win.exe |
"UDP Query User{E5C5D289-6E95-4297-8A3E-1A89C9B20864}C:\program files\mediamall\playlater.exe" = protocol=17 | dir=in | app=c:\program files\mediamall\playlater.exe |
"UDP Query User{F22BFBD9-4502-4741-8E85-82077647156D}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00FE2935-FB56-4410-AB5F-D6E70C1771D2}" = Garmin WebUpdater
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{07FF08D2-C0CD-4B02-B9A6-E2E7E5762AA9}" = Vz In Home Agent
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}" = Quicken 2012
"{0EC7C406-B592-4686-BAC1-AD29A85EAE6A}" = HP Driver Diagnostics
"{0F052922-4BCE-4763-A540-00857554336D}" = Redist
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{13F054F3-0B07-4D15-9E80-C55B496AB557}" = Garmin Communicator Plugin
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java™ 6 Update 30
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{328687A2-2504-49FA-AE3E-08B0DEDB51EC}" = MSRedist
"{329445EA-EBA3-45A0-A7A7-B6A6555DB881}" = IHA_MessageCenter
"{36C97B5B-5593-45B8-B50E-DAD87036BD9D}" = Microsoft LifeCam
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3E9C9EE1-1964-4519-BF80-652E7F415ECF}" = WD Drive Utilities
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide
"{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63688C0C-441B-B09B-97A3-B059D79A84F7}" = Shutterfly Express Uploader
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71980982-AEA1-480C-B748-0CB376DACDFE}" = WD SmartWare
"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83270912-15C7-4336-822E-E8F1B1BBCA60}" = WD Security
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85D5BFBB-8BC4-467B-BADA-D574A3CDC139}_is1" = FingerPrint 1.2.0.278
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B4CA6C4-7992-4FB7-A8B2-2DD81C5F926F}" = LDS Library 2009
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9BD2DD45-8763-4F12-BDC6-958FCFEF0FCB}" = Microsoft IntelliType Pro 8.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW 2011 Home Edition
"{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}" = Garmin USB Drivers
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}" = Free DWG Viewer 7.0
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{c600ab3d-8b64-41df-bf36-b3d87ce0706b}" = C7200_Help
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CECEB0FF-5C45-4b50-9A00-C596E36D88F4}" = C7200
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E4C5B8F2-441E-4779-B5CA-3AA808567F0F}" = LDS Library 2009
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF7E46B8-1FB7-11E2-B6B3-984BE15F174E}" = Evernote v. 4.5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F95F178B-56AD-4fab-87F8-FA81E66C7D68}" = Network
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{FB3F4A45-D3F8-4A6B-8AEC-26BBB15ED0D1}" = Garmin ANT Agent
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"24DA573F901348FFDFF7717497830D45BE0C362E" = Windows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices (07/07/2009 1.12.2)
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
"Any Video Converter_is1" = Any Video Converter 3.0.3
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Catan Online Welt" = Catan Online World
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.Shutterfly.ExpressUploader" = Shutterfly Express Uploader
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"CrossLoop_is1" = CrossLoop 2.71
"DMX5_is1" = DriverMax 6
"DVD43_is1" = DVD43 v4.6.0
"HandBrake" = HandBrake 0.9.5
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"KeyFinder_is1" = Magical Jelly Bean KeyFinder
"LastPass" = LastPass (uninstall only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor for Windows" = Dell Support Center
"PhotoStitch" = Canon Utilities PhotoStitch
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Weather Channel App" = The Weather Channel App
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"TurboTax 2011" = TurboTax 2011
"ULTIMATER" = Microsoft Office Ultimate 2007
"Verizon Media Manager" = Verizon Media Manager
"Warcraft III" = Warcraft III
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Verizon Call Assistant" = Verizon Call Assistant

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/29/2012 9:31:41 PM | Computer Name = DaleLaptop | Source = VSS | ID = 12289
Description =

Error - 12/29/2012 9:33:25 PM | Computer Name = DaleLaptop | Source = VSS | ID = 12289
Description =

Error - 12/29/2012 9:34:05 PM | Computer Name = DaleLaptop | Source = VSS | ID = 12289
Description =

Error - 12/29/2012 9:34:25 PM | Computer Name = DaleLaptop | Source = VSS | ID = 12289
Description =

Error - 12/29/2012 9:34:41 PM | Computer Name = DaleLaptop | Source = VSS | ID = 12289
Description =

Error - 12/29/2012 9:35:25 PM | Computer Name = DaleLaptop | Source = VSS | ID = 12289
Description =

Error - 12/29/2012 9:35:41 PM | Computer Name = DaleLaptop | Source = VSS | ID = 12289
Description =

Error - 12/30/2012 2:10:06 PM | Computer Name = DaleLaptop | Source = Application Error | ID = 1000
Description = Faulting application qw.exe, version 21.1.7.18, time stamp 0x4f8f4b45,
faulting module ole32.dll, version 6.0.6002.18277, time stamp 0x4c28d53e, exception
code 0xc0000005, fault offset 0x0004a255, process id 0x1250, application start time
0x01cde6b69a173244.

Error - 12/31/2012 12:35:38 AM | Computer Name = DaleLaptop | Source = Windows Search Service | ID = 3024
Description =

Error - 12/31/2012 12:51:40 AM | Computer Name = DaleLaptop | Source = System Restore | ID = 8193
Description =

[ Broadcom Wireless LAN Events ]
Error - 6/14/2012 4:03:58 AM | Computer Name = DaleLaptop | Source = WLAN-Tray | ID = 0
Description = 03:03:56, Thu, Jun 14, 12 Error - Unable to gain access to user store


Error - 8/16/2012 9:52:24 AM | Computer Name = DaleLaptop | Source = WLAN-Tray | ID = 0
Description = 08:52:23, Thu, Aug 16, 12 Error - Unable to gain access to user store


Error - 8/21/2012 9:30:55 AM | Computer Name = DaleLaptop | Source = WLAN-Tray | ID = 0
Description = 08:30:55, Tue, Aug 21, 12 Error - Unable to gain access to user store


Error - 9/10/2012 4:26:22 PM | Computer Name = DaleLaptop | Source = WLAN-Tray | ID = 0
Description = 15:26:22, Mon, Sep 10, 12 Error - Unable to gain access to user store


Error - 9/12/2012 1:03:41 PM | Computer Name = DaleLaptop | Source = WLAN-Tray | ID = 0
Description = 12:03:40, Wed, Sep 12, 12 Error - Unable to gain access to user store


Error - 9/16/2012 5:44:29 PM | Computer Name = DaleLaptop | Source = WLAN-Tray | ID = 0
Description = 16:44:29, Sun, Sep 16, 12 Error - Unable to gain access to user store


Error - 9/16/2012 5:49:32 PM | Computer Name = DaleLaptop | Source = WLAN-Tray | ID = 0
Description = 16:49:32, Sun, Sep 16, 12 Error - Unable to gain access to user store


Error - 9/21/2012 3:09:02 PM | Computer Name = DaleLaptop | Source = WLAN-Tray | ID = 0
Description = 14:09:01, Fri, Sep 21, 12 Error - Unable to gain access to user store


Error - 11/12/2012 10:06:57 PM | Computer Name = DaleLaptop | Source = WLAN-Tray | ID = 0
Description = 20:06:57, Mon, Nov 12, 12 Error - Unable to gain access to user store


Error - 12/6/2012 10:54:15 AM | Computer Name = DaleLaptop | Source = WLAN-Tray | ID = 0
Description = 08:54:15, Thu, Dec 06, 12 Error - Unable to gain access to user store


[ Media Center Events ]
Error - 2/10/2010 9:36:28 PM | Computer Name = DaleLaptop | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
returned 0D Process: DefaultDomain Object Name: Media Center Guide

Error - 2/10/2010 9:41:28 PM | Computer Name = DaleLaptop | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
returned 0D Process: DefaultDomain Object Name: Media Center Guide

Error - 10/28/2010 9:28:00 PM | Computer Name = DaleLaptop | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 11/5/2010 3:59:12 PM | Computer Name = DaleLaptop | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ OSession Events ]
Error - 3/26/2011 9:23:38 PM | Computer Name = DaleLaptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/6/2012 9:10:59 PM | Computer Name = DaleLaptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
lasted 2872 seconds with 1260 seconds of active time. This session ended with a
crash.

Error - 12/6/2012 9:11:45 PM | Computer Name = DaleLaptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
lasted 34 seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/7/2012 7:31:07 PM | Computer Name = DaleLaptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
lasted 1658 seconds with 1200 seconds of active time. This session ended with a
crash.

Error - 12/7/2012 7:31:57 PM | Computer Name = DaleLaptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
lasted 39 seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/13/2012 8:42:00 PM | Computer Name = DaleLaptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
lasted 1766 seconds with 1500 seconds of active time. This session ended with a
crash.

Error - 12/13/2012 8:46:51 PM | Computer Name = DaleLaptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
lasted 281 seconds with 180 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/31/2012 12:34:11 AM | Computer Name = DaleLaptop | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%886 Error Code: 0x8007001f Error description: A device attached to the system is
not functioning. Reason: %%837

Error - 12/31/2012 12:35:38 AM | Computer Name = DaleLaptop | Source = Service Control Manager | ID = 7000
Description =

Error - 12/31/2012 12:35:38 AM | Computer Name = DaleLaptop | Source = Service Control Manager | ID = 7026
Description =

Error - 12/31/2012 12:35:38 AM | Computer Name = DaleLaptop | Source = Service Control Manager | ID = 7000
Description =

Error - 12/31/2012 12:35:38 AM | Computer Name = DaleLaptop | Source = Service Control Manager | ID = 7000
Description =

Error - 12/31/2012 12:37:01 AM | Computer Name = DaleLaptop | Source = Service Control Manager | ID = 7000
Description =

Error - 12/31/2012 12:37:01 AM | Computer Name = DaleLaptop | Source = Service Control Manager | ID = 7000
Description =

Error - 12/31/2012 12:37:40 AM | Computer Name = DaleLaptop | Source = Service Control Manager | ID = 7000
Description =

Error - 12/31/2012 12:37:41 AM | Computer Name = DaleLaptop | Source = Service Control Manager | ID = 7000
Description =

Error - 12/31/2012 12:44:17 AM | Computer Name = DaleLaptop | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.141.2802.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.


< End of report >

Great instructions and thank you. If you think it would help, please add "after following the instructions below" after the last word in the first bullet point. A note: when I downloaded the file it saved as "custom_scan.txt" not "scan.txt". I just changed the file name and everything worked.

Edited by iseeker, 31 December 2012 - 12:12 AM.


#7 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:58 PM

Posted 31 December 2012 - 04:15 AM

Thank you. :)

Which last word of the bullet point are you referring to?

Please read through these instructions to familiarize yourself with what to expect when this tool runs

Refer to the ComboFix User's Guide


Download ComboFix from one of these locations:

Link 1
Link 2



* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

===================================================

On your next reply please post :
ComboFix log


Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#8 iseeker

iseeker
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 31 December 2012 - 11:10 AM

Had a little scare as programs wouldn't work after combofix ran and rebooted the computer (couldn't get on IE and post log). But once I restarted the computer everything was working again. Windows Update showed up in the icon tray with updates to install (before it wasn't working) and I could now turn on real-time protection with MSE (which I did). Important: I didn't run a scan with MSE (and didn't) but I notice it says that it quarantined a file "PWS:Win32/Fareit" today after I rebooted my computer. I didn't run MSE or take action on the quarantined item. Not sure where to find MSE logs.


Here is the combofix log:

ComboFix 12-12-31.01 - Dale&Alison 12/31/2012 9:10.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2046.950 [GMT -6:00]
Running from: c:\users\Dale&Alison\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\COUPon~1.ocx
c:\windows\system32\drivers\d97dad1e33de778e.sys
.
Infected copy of c:\windows\system32\drivers\asyncmac.sys was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-rasbase-asyncmac_31bf3856ad364e35_6.0.6001.18000_none_2457cee334d93e6f\asyncmac.sys
Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected
Restored copy from - c:\windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_syshost32
-------\Service_uvnc_service
-------\Legacy_d97dad1e33de778e
-------\Service_d97dad1e33de778e
.
.
((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-31 )))))))))))))))))))))))))))))))
.
.
2012-12-31 15:19 . 2012-12-31 15:30 -------- d-----w- c:\users\Dale&Alison\AppData\Local\temp
2012-12-31 15:19 . 2012-12-31 15:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-31 15:19 . 2012-12-31 15:19 -------- d-----w- c:\users\Roselyn\AppData\Local\temp
2012-12-30 00:03 . 2012-12-30 00:03 -------- d-----w- c:\program files\Magical Jelly Bean
2012-12-29 23:53 . 2012-12-29 23:53 -------- d-----w- c:\users\Dale&Alison\AppData\Local\Innovative Solutions
2012-12-29 23:53 . 2012-12-29 23:53 -------- d-----w- c:\program files\Innovative Solutions
2012-12-29 23:43 . 2012-12-29 23:43 -------- d-----w- c:\program files\SIW 2011 Home Edition
2012-12-29 23:34 . 2012-12-29 23:34 -------- d-----w- c:\users\Dale&Alison\AppData\Local\Akamai
2012-12-29 21:12 . 2012-12-29 21:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-29 21:12 . 2012-12-14 22:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-29 20:33 . 2012-10-23 12:04 740840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-12-29 20:33 . 2012-10-23 12:04 740840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2EA4906C-AB07-48AD-B3BF-07A0F494CEBF}\gapaengine.dll
2012-12-29 20:33 . 2012-11-19 07:04 6812136 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{36EC3431-50D1-40A0-A793-4E73F0642017}\mpengine.dll
2012-12-29 20:29 . 2012-12-29 20:30 -------- d-----w- c:\program files\Microsoft Security Client
2012-12-29 16:05 . 2012-12-29 16:05 -------- d-----w- c:\program files\iPod
2012-12-29 16:04 . 2012-12-29 16:05 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-12-29 16:04 . 2012-12-29 16:05 -------- d-----w- c:\program files\iTunes
2012-12-29 15:59 . 2012-12-29 15:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-12-29 15:59 . 2012-12-29 15:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-12-29 15:59 . 2012-12-29 15:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-12-29 15:59 . 2012-12-29 15:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-12-29 15:59 . 2012-12-29 15:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-12-29 15:59 . 2012-12-29 15:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-12-29 15:59 . 2012-12-29 15:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-12-29 15:59 . 2012-12-29 15:59 -------- d-----w- c:\program files\QuickTime
2012-12-29 14:50 . 2012-12-29 14:50 -------- d-----w- c:\program files\Dropbox
2012-12-21 04:51 . 2012-12-16 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 04:51 . 2012-12-16 10:50 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-15 17:44 . 2012-12-15 17:44 -------- d-----w- c:\users\Dale&Alison\AppData\Roaming\Soluto
2012-12-15 17:12 . 2012-12-13 15:58 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys
2012-12-15 17:10 . 2012-12-29 19:30 -------- d-----w- c:\programdata\Soluto
2012-12-13 23:58 . 2012-12-13 23:58 -------- d-----w- c:\users\Dale&Alison\AppData\Roaming\Malwarebytes
2012-12-13 23:57 . 2012-12-13 23:57 -------- d-----w- c:\programdata\Malwarebytes
2012-12-12 02:14 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-12-12 02:13 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-12-12 02:13 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-12-12 02:13 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll
2012-12-12 02:13 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-12-12 02:13 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-12-12 02:13 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-12 02:13 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-12 02:13 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-12-12 02:13 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-12-12 02:13 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-12-12 01:03 . 2012-11-13 01:36 2048000 ----a-w- c:\windows\system32\win32k.sys
2012-12-12 01:03 . 2012-11-02 10:18 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-12-12 01:03 . 2012-11-02 08:26 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2012-12-12 01:03 . 2012-08-21 11:47 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-12-12 01:02 . 2012-11-13 01:29 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-09 16:01 . 2012-10-13 01:09 22912 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-12-09 14:59 . 2012-12-09 14:59 -------- d-----w- c:\programdata\IObit
2012-12-09 14:59 . 2012-12-09 14:59 -------- d-----w- c:\users\Dale&Alison\AppData\Roaming\IObit
2012-12-09 14:58 . 2012-12-09 14:58 -------- d-----w- c:\program files\IObit
2012-12-06 04:27 . 2012-12-06 04:27 -------- d-----w- c:\users\Dale&Alison\AppData\Roaming\Catalina Marketing Corp
2012-12-06 04:27 . 2012-12-06 04:27 489712 ----a-w- c:\users\Dale&Alison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe
2012-12-04 14:09 . 2012-12-04 14:09 -------- d-----w- c:\users\Dale&Alison\AppData\Roaming\Amazon
2012-12-04 14:09 . 2012-12-04 14:09 -------- d-----w- c:\program files\Amazon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 16:12 . 2012-05-04 12:34 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 16:12 . 2011-07-05 22:36 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-25 09:12 . 2012-10-25 09:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 09:12 . 2012-10-25 09:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-06-24 13:07 . 2011-09-28 01:32 6221896 ----a-w- c:\program files\Common Files\lpuninstall.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Dale&Alison\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Dale&Alison\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Dale&Alison\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Dale&Alison\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-12-17 59872]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"QuickenScheduledUpdates"="c:\progra~1\QUICKEN\bagent.exe" [2012-04-18 74840]
"Akamai NetSession Interface"="c:\users\Dale&Alison\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-16 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-16 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-16 81920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-06-16 67584]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1313640]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"WD Quick View"="c:\program files\Western Digital\WD Quick View\WDDMStatus.exe" [2012-09-20 5236664]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-16 815104]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"WD Drive Unlocker"="c:\program files\Western Digital\WD Security\WDDriveAutoUnlock.exe" [2012-09-06 1688008]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
.
c:\users\Roselyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\users\Dale&Alison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2012-10-26 1017184]
My Program.lnk - c:\program files\FingerPrint\FingerPrint.exe [2012-3-18 924728]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
2009-10-24 00:34 827904 ----a-w- c:\program files\dvd43\DVD43_Tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2009-07-24 21:05 118640 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2688503831-3471454516-4100852496-1000]
"EnableNotificationsRef"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPFILTER
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 16:12]
.
2012-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-15 00:09]
.
2012-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-15 00:09]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
uInternet Settings,ProxyOverride = *.local;<local>
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: LastPass - file://c:\users\Dale&Alison\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\users\Dale&Alison\AppData\LocalLow\LastPass\context.html?cmd=fillforms
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-DriverMax_RESTART - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-31 09:30
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\system.ini 219 bytes
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4204)
c:\users\Dale&Alison\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\users\Dale&Alison\AppData\Local\CrossLoop\CrossLoopService.exe
c:\program files\FingerPrint\FingerPrintService.exe
c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\msiexec.exe
c:\program files\Western Digital\WD Drive Manager\WDDriveService.exe
c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe
c:\program files\Western Digital\WD SmartWare\WDBackupEngine.exe
c:\windows\system32\conime.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\Quicken\bagent.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-12-31 09:37:10 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-31 15:36
.
Pre-Run: 138,523,910,144 bytes free
Post-Run: 139,266,494,464 bytes free
.
- - End Of File - - B4B52C39EE8F2543360CEA306D59748C

#9 iseeker

iseeker
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 31 December 2012 - 11:22 AM

combofix also produced this log so I though I would post. ComboFix-quarantined-files

2012-12-31 15:35:34 . 2012-12-31 15:35:34 534 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-WudfRd.reg.dat
2012-12-31 15:35:34 . 2012-12-31 15:35:34 534 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-WudfPf.reg.dat
2012-12-31 15:35:24 . 2012-12-31 15:35:24 103 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-DriverMax_RESTART.reg.dat
2012-12-31 15:18:20 . 2012-12-31 15:18:20 74 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_d97dad1e33de778e.reg.dat
2012-12-31 15:18:20 . 2012-12-31 15:18:20 1,186 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_d97dad1e33de778e.reg.dat
2012-12-31 15:15:59 . 2012-12-31 15:16:00 1,382 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_uvnc_service.reg.dat
2012-12-31 15:15:59 . 2012-12-31 15:15:59 210 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_syshost32.reg.dat
2012-12-31 15:15:44 . 2012-12-31 15:15:44 6,893 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-12-31 15:06:39 . 2012-12-31 15:21:07 861 ----a-w- C:\Qoobox\Quarantine\catchme.log
2012-12-29 02:48:41 . 2012-12-29 02:48:41 62,080 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\drivers\d97dad1e33de778e.sys.vir
2009-11-10 04:21:03 . 2009-11-19 22:16:27 68,824 ----a-w- C:\Qoobox\Quarantine\C\Windows\COUPon~1.ocx.vir

#10 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:58 PM

Posted 31 December 2012 - 11:22 AM

It's ok, I can understand that AV programs will catch something when real-time scan is turned on.

It's a common occurrence that things like internet will not work after a ComboFix run. Usually a reboot will get everything back to normal.

I know it's still new year's eve at your side, but I'm already on 2013. So happy new year to you! ;)

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
===================================================

Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
===================================================

On your next reply please post :
AdwCleaner log
JRT log


Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#11 iseeker

iseeker
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 31 December 2012 - 12:08 PM

Happy New Year to you as well! I used to live half-way around the world too.

I've posted the logs below. I had a couple of questions for after the removals:
-- With the viruses I had, do you recommend changing my windows login password? How about my lastpass password? Banking, other sensitive ones? I guess I am asking with my specific computer issues, would someone have been able to steal my sensitive passwords? Wonder if clicking on links at slickdeals.net affected this.
-- Do I need to run scans on my backup drives too? Or would it be smarter to just reformat and create backups again after finishing cleaning my main computer?
-- Do you recommend I run any other tools besides MSE when this is done? Meaning continuously run/have installed with MSE.
-- I was thinking about reformatting my laptop anyways. Maybe this is a good time to do so to start fresh.

adwCleaner

# AdwCleaner v2.104 - Logfile created 12/31/2012 at 10:26:51
# Updated 29/12/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Dale&Alison - DALELAPTOP
# Boot Mode : Normal
# Running from : C:\Users\Dale&Alison\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [538 octets] - [31/12/2012 10:26:51]

########## EOF - C:\AdwCleaner[S1].txt - [597 octets] ##########


JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.3.2 (12.29.2012:3)
OS: Windows Vista ™ Home Premium x86
Computer was rebooted
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\soluto"
Successfully deleted: [Folder] "C:\Users\Dale&Alison\AppData\Roaming\soluto"
Successfully deleted: [Folder] "C:\Program Files\coupons"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 12/31/2012 at 11:00:08.57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Edited by iseeker, 31 December 2012 - 12:12 PM.


#12 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:58 PM

Posted 31 December 2012 - 10:34 PM

Yes, definitely it is strongly recommended to change your password not just for this time, but also on a periodic basis. The infection you had certainly posed a high risk of passwords getting stolen, so you're better off changing all passwords. You could change your Lastpass as well.

Since you're thinking of reformat and reinstall, you should reformat your backup drives and transfer your important data before starting the installation.

Usually I would recommend people running one AV, one firewall (Comodo Firewall is good), and two anti-malware programs like Malwarebytes' and Super Anti Spyware.


Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
===================================================

ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

Note: If you are using Windows Vista/7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
  • Push the Back button.
  • Make sure you saved the log somewhere else. Select Uninstall application on close check box and push Posted Image
===================================================

Malwarebytes' Anti-Malware
Download Malwarebytes' Anti-Malware here and save to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program. (Note to Vista users, please right-click and select Run as Administrator.)
  • At the end, be sure a checkmark is placed next to:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
Note:
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware.


===================================================

On your next reply please post :
ESET log
MBAM log


Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#13 iseeker

iseeker
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 01 January 2013 - 10:59 AM

TCF ran the first time but the computer hung, so I manually rebooted. Ran the second time after disabling real-time protection on MSE and this time it did its job. It did not force a reboot. So I rebooted manually.

ESET did not have a link with "List of found threats" so I didn't get the log file; it did not find any threat files. It ran for 2:47.

Also, I had mbam installed before we started this together, so I just updated that one and ran it. MBAM log is below:

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.01.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Dale&Alison :: DALELAPTOP [administrator]

1/1/2013 1:38:45 PM
mbam-log-2013-01-01 (13-38-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 238505
Time elapsed: 10 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Feels like we are nearing the end, right?! :)

Edited by iseeker, 01 January 2013 - 02:58 PM.


#14 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:58 PM

Posted 01 January 2013 - 10:20 PM

Yes we are, and in fact we are closing it now. :)

Follow these steps to uninstall Combofix
  • Click START then RUN
  • Now copy/paste the code into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.
Combofix /Uninstall
Posted Image

===================================================

Clean up with OTL:
  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.
===================================================

Thank you for your patience, and performing all of the procedures requested. I would also like to take this opportunity to apologize for any delay that may have occurred.

--------------------------------------------------------------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.


Passwords
It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
Strong passwords: How to create and use them and consider a password keeper, to keep all your passwords safe.


SPYWARE PREVENTION
This is a good time to set up protection against further attacks. In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read these well written articles:
To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an add-on available for both Firefox and IE.

  • SpywareBlaster prevents the installation of ActiveX-based malware, blocks cookies, and restricts the actions of "bad" sites. See tutorial here
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting the attempted connections to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows Vista here
  • Download Host.zip and Save it to your Desktop.
  • Right-click hosts.zip and select 'Extract all files' or 'Extract files...'.
  • Follow the prompts and click 'Finish'.
  • This will open the newly created hosts folder on your Desktop.
  • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
  • Once updated you should see another prompt that the task was completed.
Follow this list and keep your antivirus program and antispyware programs updated and scan with them on a regular basis. By doing so, your potential for being infected again will reduce dramatically.

Hopefully this should take care of your problems! Good luck.

Do you have any questions or problems to ask? Please do not hesitate to do so.

**Please respond this one more time to ensure it is resolved and close this topic.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#15 iseeker

iseeker
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 02 January 2013 - 05:20 PM

Awesome! Finished it up. Thank you so much for your help!!!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users