Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Started to repair System Fix virus... now Microsoft SS scan and Win Defender have found 4 trojans


  • Please log in to reply
17 replies to this topic

#1 djdaclwn

djdaclwn

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 11 February 2013 - 03:05 PM

Hi,

I have been all over the site over the weekend with what look like the fake Security Fix virus. After all was said and done I started to get a false Adobe Flash player update with the blue and yellow sheild. It wouldn't go away. I did not allow any updates. I removed Adobe Flash player but the alert persisted. I re-ran iexplore,TDDS killer, and Malwarebytes. If found nothing additional. I downloaded the Microsoft Security Scanner ran that and it found 3 Trojans and a trojan downloader. Windows defender is running now....what a mess. Can you help me? Should I restart this whole process? Or ?

Thanks for all the help in advance,

Debbie    



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:12:10 PM

Posted 11 February 2013 - 03:22 PM

Hi Debbie!! Welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. smile.png

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue!
  • Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download
  • a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    • Because of this, you must reply within 3 days
    failure to reply will result in the topic being closed!
  • I like chocolate chip cookies.

  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.
    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.
  • ____________________________________________________

    OTL Custom Scan

    We need to run an OTL Custom Scan
    • Please download OTL from one of the following mirrors:
    • Save it to your desktop.
    • Double click on the otlicon.png icon on your desktop.
    • Click the "Scan All Users" checkbox.
    • Copy and Paste the following code into the customscanfix.png textbox.

      msconfig
      safebootminimal
      activex
      drivers32
      netsvcs
      CreateRestorePoint
      "%WinDir%\$NtUninstallKB*$." /30
      C:\Program Files\Common Files\ComObjects\*.* /s
      %systemroot%\*. /mp /s
      %systemroot%\*. /rp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\system32\drivers\*.sys /lockedfiles
      %systemroot%\System32\config\*.sav
      %systemroot%\system32\drivers\*.sys /90
      %SYSTEMDRIVE%\*.exe
      %systemdrive%\$Recycle.Bin|@;true;true;true /fp
      /md5start
      volsnap.sys
      atapi.sys
      explorer.exe
      winlogon.exe
      wininit.exe
      svchost.exe
      tdx.sys
      afd.sys
      netbt.sys
      services.exe
      /md5stop
      hklm\software\clients\startmenuinternet|command /rs
      hklm\software\clients\startmenuinternet|command /64 /rs
      HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s

    • Push the qscan.png button.
    • A report will open. Copy and Paste that report in your next reply.
    • NEXT:



      Running aswMBR.exe
    Download aswMBR.exe ( 1.8mb ) to your desktop.
    Double click the aswMBR.exe to run it Click the "Scan" button to start scan

    aswMBRScan.gif

    On completion of the scan click save log, save it to your desktop and post in your next reply

    aswMBRsavelog.gif



    NEXT:



    Please make sure you include the following items in your next post:

    1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
    2. OTL.txt & Extras.txt log files.
    3. aswMBR.txt log file.
    4. An update on how your computer is currently running.

    It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 djdaclwn

djdaclwn
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 11 February 2013 - 03:42 PM

Dear ST,

Thanks for your reply and I am glad you are a chocolate chip cookie fan :). I have a log from Microsoft Security Scan, and Windows Defender is stil running a scan but reporting issues. I am going to let that finish. In the mean time since I am writing from another computer can you tell me how to copy the log files from the afected computer? Should I copy them to word and a flashdrive? Also in my above post I asked if we should begin this whole process over meaning re scan everything since I obviously didn't get anything before. Anyway in a little bit I will begin the first scan you asked me to. Should I disable anything before running an OTL scan?

Thanks,

Debbie  



#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:12:10 PM

Posted 11 February 2013 - 03:52 PM

Hi Debbie!

Lets be careful with how we retrieve these log files. What's the present status of the infected computer? Are you able to access the internet from that computer? If so, could you please post the log files directly from the infected computer?

Could you tell me the location of where Microsoft Security Scanner found the 3 threats?

We don't need to worry about starting over. I will be having you run a variety of tools that will provide me with the information I need to assist with the clean-up process.

Thanks,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 djdaclwn

djdaclwn
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 11 February 2013 - 06:41 PM

Hi ST,

Ok the three files found are as follows, not sure of the location as it does not state it:

Trojan:DOS/Alureon.L (partially removed manual steps required)

Trojan:JS/Medfos.B (partially removed)

TrojanDownloader:Java/Toniper (Removed)

 

Windows defender is almost (ugh) done. Really really close. It says it has detected malicious software but to wait till end of scan...

Deb

P.S. I think I am able to access the internet on the affected computer.  



#6 djdaclwn

djdaclwn
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 11 February 2013 - 08:05 PM

Ok Windows defender despite what it said preliminarily says it did not find anything? Anyway I am going to download OTL now and get started on your instructions



#7 djdaclwn

djdaclwn
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 11 February 2013 - 09:04 PM

Doing quick scan now will post blog as soon as it is done



#8 djdaclwn

djdaclwn
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 11 February 2013 - 10:20 PM

 

 OTL.txt

OTL logfile created on: 2/11/2013 8:58:06 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Debbie\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.61 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 62.71% Memory free
7.21 Gb Paging File | 5.38 Gb Available in Paging File | 74.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 577.62 Gb Total Space | 536.97 Gb Free Space | 92.96% Space Free | Partition Type: NTFS
Drive D: | 14.38 Gb Total Space | 1.60 Gb Free Space | 11.12% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.10 Gb Free Space | 27.75% Space Free | Partition Type: FAT32
Drive F: | 3.24 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 7.47 Gb Total Space | 7.10 Gb Free Space | 95.01% Space Free | Partition Type: FAT32
 
Computer Name: DEBBIE-HP | User Name: Debbie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/02/11 20:09:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Debbie\Desktop\OTL.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/08/10 15:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/05 12:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/03/05 12:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/08/19 13:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/06/26 20:41:08 | 000,168,504 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2011/06/15 19:58:28 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/01/11 15:05:24 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012/12/26 09:52:34 | 000,182,312 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012/12/26 09:49:32 | 000,218,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012/12/26 09:47:40 | 000,241,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2012/11/16 21:10:22 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2012/07/11 13:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2011/09/28 10:12:18 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/07/05 13:27:04 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/06/08 14:58:48 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/10/11 04:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/30 14:42:00 | 000,220,528 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\McAfee\MSC\McAWFwk.exe -- (McAWFwk)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/05/29 11:19:29 | 001,053,104 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdlcoms.exe -- (lxdl_device)
SRV:64bit: - [2007/05/29 11:19:16 | 000,033,712 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdlserv.exe -- (lxdlCATSCustConnectService)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/28 18:12:44 | 000,832,664 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Windows\Temp\0060371360631052mcinst.exe -- (0060371360631052mcinstcleanup)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/08/10 15:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/05 12:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/03/07 19:43:30 | 002,375,168 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/29 11:19:56 | 000,598,960 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxdlcoms.exe -- (lxdl_device)
SRV - [2007/05/29 11:19:16 | 000,033,712 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxdlserv.exe -- (lxdlCATSCustConnectService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/12/26 09:55:26 | 000,069,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2012/12/26 09:52:44 | 000,339,776 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012/12/26 09:51:24 | 000,106,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012/12/26 09:50:48 | 000,771,096 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012/12/26 09:49:42 | 000,515,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012/12/26 09:49:00 | 000,309,400 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012/12/26 09:48:30 | 000,178,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/04/20 16:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2012/04/12 18:45:04 | 001,860,672 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/09/28 10:52:48 | 010,210,304 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/09/28 09:34:54 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/20 23:12:50 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/20 23:12:50 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/08 14:58:52 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/05/25 11:55:58 | 000,533,096 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/16 05:37:50 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/04/16 05:37:50 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/04/08 14:25:18 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/03/30 17:46:46 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/11/29 19:50:38 | 000,044,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/07/28 11:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/02/18 11:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 15:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{B866E9B5-254F-446F-81C7-E53E393955D3}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{5a1d0d31-749c-4186-a295-4106e6e7b26a}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^AFA^xdm069^YY^us&si=101497&ptb=000EB6C1-8C7B-41C8-B854-D57C10262177&ind=2012111617&n=77ee6301&psa=&st=sb&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{B866E9B5-254F-446F-81C7-E53E393955D3}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2291088986-3992219928-4107107958-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-2291088986-3992219928-4107107958-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cbn.com/
IE - HKU\S-1-5-21-2291088986-3992219928-4107107958-1002\..\SearchScopes,DefaultScope = {9B9F5CAD-07E5-4B34-88A6-1946409120F9}
IE - HKU\S-1-5-21-2291088986-3992219928-4107107958-1002\..\SearchScopes\{5a1d0d31-749c-4186-a295-4106e6e7b26a}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^AFA^xdm069^YY^us&si=101497&ptb=000EB6C1-8C7B-41C8-B854-D57C10262177&ind=2012111617&n=77ee6301&psa=&st=sb&searchfor={searchTerms}
IE - HKU\S-1-5-21-2291088986-3992219928-4107107958-1002\..\SearchScopes\{9B9F5CAD-07E5-4B34-88A6-1946409120F9}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-2291088986-3992219928-4107107958-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Debbie\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/02/09 12:42:58 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKU\S-1-5-21-2291088986-3992219928-4107107958-1002\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [lxdlamon] .EXE" File not found
O4:64bit: - HKLM..\Run: [lxdlmon.exe] .EXE" File not found
O4:64bit: - HKLM..\Run: [SetDefault] CHBOX\SETDEFAULT.EXE File not found
O4:64bit: - HKLM..\Run: [SynTPEnh] H.EXE File not found
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Lexmark 7500 Series] C:\Program Files (x86)\Lexmark 7500 Series\fm3032.exe ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2291088986-3992219928-4107107958-1002..\Run: [Facebook Update] C:\Users\Debbie\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-2291088986-3992219928-4107107958-1002..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2291088986-3992219928-4107107958-1002\Software\Policies\Microsoft\Internet Explorer\Recovery present
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab (GMNRev Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C71CA073-5762-404F-BA5A-084297C6B075}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/05 13:06:14 | 000,000,000 | R--D | M] - F:\AutoPlay -- [ UDF ]
O32 - AutoRun File - [2011/09/07 03:16:34 | 000,189,808 | R--- | M] (Adobe Systems Incorporated) - F:\Autoplay.exe -- [ UDF ]
O32 - AutoRun File - [2011/10/05 13:00:55 | 000,000,027 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{3a98d38f-0c73-11e1-8c92-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3a98d38f-0c73-11e1-8c92-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Start.exe -- [2011/10/05 13:00:54 | 002,830,336 | R--- | M] (PC Treasures, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
SafeBootMin:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin:64bit: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: WudfRd - Driver
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WudfRd - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/02/11 20:37:51 | 000,688,992 | ---- | C] (Swearware) -- C:\Users\Debbie\Desktop\dds.com
[2013/02/11 20:36:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Debbie\Desktop\OTL.exe
[2013/02/10 18:45:07 | 000,196,440 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\HipShieldK.sys
[2013/02/10 15:01:18 | 000,771,096 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfehidk.sys
[2013/02/10 15:01:18 | 000,178,840 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeapfk.sys
[2013/02/10 11:11:42 | 000,000,000 | ---D | C] -- C:\Users\Debbie\AppData\Roaming\PC Utility Kit
[2013/02/10 11:11:42 | 000,000,000 | ---D | C] -- C:\Users\Debbie\AppData\Roaming\DriverCure
[2013/02/10 11:11:22 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Utility Kit
[2013/02/09 21:08:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013/02/09 20:04:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/02/09 19:46:25 | 000,000,000 | ---D | C] -- C:\4d8c186776b53e614e2b5ba5b00e
[2013/02/09 18:22:05 | 000,000,000 | ---D | C] -- C:\AMD
[2013/02/09 11:29:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee.com
[2013/02/09 11:28:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McAfee
[2013/02/09 11:28:50 | 000,010,288 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeclnk.sys
[2013/02/09 11:28:21 | 000,515,528 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfefirek.sys
[2013/02/09 11:28:21 | 000,339,776 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfewfpk.sys
[2013/02/09 11:28:21 | 000,309,400 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeavfk.sys
[2013/02/09 11:28:21 | 000,106,112 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mferkdet.sys
[2013/02/09 11:28:21 | 000,069,672 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\cfwids.sys
[2013/02/09 08:44:23 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/02/08 21:01:00 | 000,000,000 | ---D | C] -- C:\Users\Debbie\AppData\Local\ElevatedDiagnostics
[2013/02/08 19:28:23 | 000,398,752 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Debbie\Desktop\unhide.exe
[2013/02/08 15:38:19 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/02/08 15:37:28 | 000,000,000 | ---D | C] -- C:\Users\Debbie\AppData\Local\Programs
[2013/02/08 15:26:18 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/02/08 14:51:34 | 000,000,000 | ---D | C] -- C:\Users\Debbie\Desktop\rkill
[2013/02/08 14:49:32 | 001,752,992 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Debbie\Desktop\iExplore.exe
[2013/02/06 11:24:25 | 000,000,000 | ---D | C] -- C:\Users\Debbie\AppData\Roaming\Individual Software
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/02/11 20:37:21 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/11 20:37:21 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/11 20:37:21 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/11 20:09:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Debbie\Desktop\OTL.exe
[2013/02/11 20:09:39 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/11 20:09:39 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/11 20:06:36 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
[2013/02/11 20:01:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/11 20:01:41 | 2903,826,432 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/11 19:33:03 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2291088986-3992219928-4107107958-1002UA.job
[2013/02/11 19:33:03 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2291088986-3992219928-4107107958-1002Core.job
[2013/02/11 13:20:14 | 000,688,992 | ---- | M] (Swearware) -- C:\Users\Debbie\Desktop\dds.com
[2013/02/09 21:06:19 | 378,793,387 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/02/08 19:19:54 | 000,398,752 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Debbie\Desktop\unhide.exe
[2013/02/08 15:18:08 | 002,126,936 | ---- | M] () -- C:\Users\Debbie\Desktop\TDSS_Undetectable.exe
[2013/02/08 13:11:06 | 001,752,992 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Debbie\Desktop\iExplore.exe
[2013/02/07 20:27:34 | 000,001,514 | ---- | M] () -- C:\Users\Debbie\Application Data\Microsoft\Internet Explorer\Quick Launch\System Repair.lnk
[2013/02/07 18:17:38 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDebbie.job
[2013/01/24 08:23:12 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDEBBIE-HP$.job
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/02/09 11:32:55 | 000,001,828 | ---- | C] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
[2013/02/09 08:44:20 | 378,793,387 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/02/08 19:40:48 | 000,002,586 | ---- | C] () -- C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
[2013/02/08 19:40:48 | 000,002,185 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2013/02/08 19:40:48 | 000,002,109 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Office 2010.lnk
[2013/02/08 19:40:48 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/02/08 19:40:48 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Lexmark Productivity Studio - 7500 Series.LNK
[2013/02/08 19:40:47 | 000,002,486 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2013/02/08 19:40:47 | 000,002,435 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
[2013/02/08 19:40:47 | 000,002,368 | ---- | C] () -- C:\Users\Public\Desktop\Discover HP webOS.lnk
[2013/02/08 19:40:47 | 000,002,107 | ---- | C] () -- C:\Users\Public\Desktop\Blio.lnk
[2013/02/08 19:40:47 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2013/02/08 19:40:47 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2013/02/08 19:40:47 | 000,001,458 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2013/02/08 19:40:47 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2013/02/08 19:40:47 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2013/02/08 19:40:47 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013/02/08 19:40:47 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2013/02/08 19:40:47 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013/02/08 19:40:47 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2013/02/08 19:40:47 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2013/02/08 19:40:47 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2013/02/08 19:40:47 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Family Tree Heritage.lnk
[2013/02/08 19:40:47 | 000,000,585 | ---- | C] () -- C:\Users\Public\Desktop\Cook'n for PC.lnk
[2013/02/08 19:40:46 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2013/02/08 15:38:27 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/08 15:21:03 | 002,126,936 | ---- | C] () -- C:\Users\Debbie\Desktop\TDSS_Undetectable.exe
[2013/02/07 18:18:31 | 000,001,514 | ---- | C] () -- C:\Users\Debbie\Application Data\Microsoft\Internet Explorer\Quick Launch\System Repair.lnk
[2012/12/24 01:32:07 | 000,000,000 | ---- | C] () -- C:\Users\Debbie\AppData\Roaming\SharedSettings.ccs
[2012/11/16 18:25:15 | 000,179,328 | ---- | C] () -- C:\Program Files (x86)\5zres.dll
[2012/11/16 14:43:32 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\lxdlinst.dll
[2012/11/16 14:43:31 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdlcomx.dll
[2012/11/16 14:43:31 | 000,356,352 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdlinpa.dll
[2012/11/16 14:43:31 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdliesc.dll
[2012/11/16 14:43:30 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdlpmui.dll
[2012/11/16 14:43:28 | 000,950,272 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdlusb1.dll
[2012/11/16 14:43:27 | 001,200,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdlserv.dll
[2012/11/16 14:43:26 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdlhbn3.dll
[2012/11/16 14:43:26 | 000,565,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdllmpm.dll
[2012/11/16 14:43:26 | 000,320,432 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdlih.exe
[2012/11/16 14:43:26 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdlprox.dll
[2012/11/16 14:43:25 | 000,860,160 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdlcomc.dll
[2012/11/16 14:43:25 | 000,598,960 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdlcoms.exe
[2012/11/16 14:43:25 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdlcomm.dll
[2012/11/16 14:43:24 | 000,365,488 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdlcfg.exe
[2011/10/05 20:23:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/10/05 20:17:23 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011/07/05 13:47:06 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/05/13 09:33:18 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/03/18 04:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/11/16 14:54:30 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\7500 Series
[2012/12/07 16:38:11 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Blio
[2013/02/10 11:11:42 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\DriverCure
[2013/02/09 19:27:06 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\GlarySoft
[2013/02/06 11:24:25 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Individual Software
[2012/12/16 09:14:21 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Lexmark Productivity Studio
[2013/02/10 11:11:42 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\PC Utility Kit
[2011/11/11 01:56:09 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Synaptics
[2012/12/24 01:20:13 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< "%WinDir%\$NTUninstallKB*$." /30 >
 
< C:\Program Files\Common Files\ComObjects\*.*/s >
[2009/07/14 00:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 00:08:49 | 000,015,852 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/11/29 23:25:44 | 000,000,344 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleForDEBBIE-HP$.job
[2012/12/25 17:21:07 | 000,000,336 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleForDebbie.job
[2013/01/06 19:28:01 | 000,000,910 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2291088986-3992219928-4107107958-1002Core.job
[2013/01/06 19:28:02 | 000,000,932 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2291088986-3992219928-4107107958-1002UA.job
 
< %systemroot%\*./mp /s >
 
< %systemroot%\*./rp /s >
 
< %systemroot%\system32\*.dll/lockedfiles >
Invalid Switch: lockedfiles
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\drivers\*.sys /90 >
 
< %Systemdrive%\*.exe >
 
< %systemdrive%\$Recyclebin|@;true;true;true; /fp >
 
< MD5 for: AFD.SYS  >
[2011/12/27 22:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\SysNative\drivers\afd.sys
[2011/12/27 22:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
[2011/12/27 23:01:36 | 000,498,176 | ---- | M] (Microsoft Corporation) MD5=36A14FD1A23F57046361733B792CA8DB -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
[2010/11/20 22:24:08 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011/07/20 23:07:22 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011/07/20 23:07:22 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: EXPLORER.EXE  >
[2011/07/20 23:09:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/07/20 23:09:25 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/07/20 23:09:25 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/07/20 23:09:25 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 22:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/07/20 23:09:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/07/20 23:09:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 22:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: NETBT.SYS  >
[2010/11/20 22:23:51 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\SysNative\drivers\netbt.sys
[2010/11/20 22:23:51 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6\netbt.sys
 
< MD5 for: SERVICES.EXE  >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SVCHOST.EXE  >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
 
< MD5 for: TDX.SYS  >
[2010/11/20 22:24:32 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\SysNative\drivers\tdx.sys
[2010/11/20 22:24:32 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys
 
< MD5 for: VOLSNAP.SYS  >
[2010/11/20 22:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\drivers\volsnap.sys
[2010/11/20 22:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
[2010/11/20 22:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

 

 

 

 


 

 

< End of report >


 

   


Edited by djdaclwn, 11 February 2013 - 11:20 PM.


#9 djdaclwn

djdaclwn
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 11 February 2013 - 11:21 PM

Extras

OTL Extras logfile created on: 2/11/2013 8:58:06 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Debbie\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.61 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 62.71% Memory free
7.21 Gb Paging File | 5.38 Gb Available in Paging File | 74.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 577.62 Gb Total Space | 536.97 Gb Free Space | 92.96% Space Free | Partition Type: NTFS
Drive D: | 14.38 Gb Total Space | 1.60 Gb Free Space | 11.12% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.10 Gb Free Space | 27.75% Space Free | Partition Type: FAT32
Drive F: | 3.24 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 7.47 Gb Total Space | 7.10 Gb Free Space | 95.01% Space Free | Partition Type: FAT32

Computer Name: DEBBIE-HP | User Name: Debbie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04CB49C8-87BE-4667-AA44-D7F8AEDAAD18}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{076FB48B-BB77-4BD6-8FB9-433F6D14AFE2}" = rport=10243 | protocol=6 | dir=out | app=system |
"{0DB81A32-899A-4381-BB07-0B9132777E8C}" = rport=139 | protocol=6 | dir=out | app=system |
"{1131B8AD-61B2-476D-A786-E7884E91EF58}" = rport=137 | protocol=17 | dir=out | app=system |
"{120500DB-1A18-476F-8DE8-E8FAF8A11B91}" = rport=138 | protocol=17 | dir=out | app=system |
"{124F0F80-DDCB-4E65-9D3C-0E379D74E7F9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{27501AA3-3706-41FD-B3B3-C0C7432076BF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4A4FC377-5F32-4E4C-ADBE-29AFA4BF05C7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4DA513CE-D8C2-41E4-B711-64C8A0E91480}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{58CFD3EE-D74B-436E-929D-6B31AA82744B}" = lport=139 | protocol=6 | dir=in | app=system |
"{6748B126-E114-4AC0-8644-2AD3C25B6B70}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7394D2C3-A506-4175-888B-500FD3638AF6}" = lport=445 | protocol=6 | dir=in | app=system |
"{74C6D1EE-E9B5-4903-9376-AAF10F87EAF0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{77B23A06-A560-4C2F-A379-F789E41B7534}" = lport=10243 | protocol=6 | dir=in | app=system |
"{79BA46E1-631A-4D45-8D0E-0FE6337131D5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{9F4A191E-A565-4692-AAE3-52174527D0DE}" = lport=138 | protocol=17 | dir=in | app=system |
"{D14A5D57-2305-435B-A3FE-18FF3E3CA892}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D196FF7F-3FD0-48FD-8E6B-23CBE1E5B990}" = lport=137 | protocol=17 | dir=in | app=system |
"{DB601D7D-1956-4FCA-B6E5-DF4175487105}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DFFD88D8-5087-4ABE-A2EB-A96FDB88C2B5}" = rport=445 | protocol=6 | dir=out | app=system |
"{E5262F55-5261-498B-9D32-5C63C23E73CB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F4279974-7242-4C37-8388-6BE9002742FD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FFC7D0AB-75A4-495D-84AA-58FAD83A46CC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02CBB296-AF82-4735-BD85-ADE35FE515EA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{087E40FD-F27F-4625-984C-C9F2301600E6}" = protocol=6 | dir=in | app=c:\windows\system32\lxdlcoms.exe |
"{1853C1A3-F9EC-4B62-91FE-C5F1F4D5F8E4}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdljswx.exe |
"{210CD4E6-E323-475B-A8E1-848D3F1EFCE9}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 7500 series\lxdlmon.exe |
"{22FA7D36-19FF-4A84-B340-31CDF91A0272}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{23C3E33F-72EC-42F4-9C22-5D1EAC6BFC38}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{3261036F-FE99-45D8-A4D8-48840FA1B7D6}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 7500 series\lxdlamon.exe |
"{34A44E39-846F-450A-82BC-3863FB963D56}" = protocol=17 | dir=in | app=c:\windows\system32\lxdlcfg.exe |
"{3524E761-9585-4034-997F-08FA8E648C20}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3D7E8666-079A-4999-8E7E-3DE97F37B017}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{447F78AE-1DD6-4685-BA08-93141E1AA46C}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 7500 series\lxdlfax.exe |
"{4C578A7F-6018-4077-B804-03992DE9BC98}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{51939E30-61B8-40B2-A3CB-996C5942ED69}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{566DE90C-9205-4F68-A60B-B629DD34D0C4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5F31751B-CFBA-4FBD-8CEA-BCF93425F81B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{60B2312C-ED53-40CF-9A41-8164BFDAAF89}" = protocol=6 | dir=in | app=c:\users\debbie\appdata\local\temp\7zs6e4.tmp\symnrt.exe |
"{628E136C-DC67-4B9F-B264-0DAAE2335D05}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 7500 series\lxdlamon.exe |
"{688A823C-3BA1-484C-AD00-54FBDD871609}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{68A8DB6B-3B27-4AB0-ABEB-38D01FE39E13}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdljswx.exe |
"{70AC1794-32AA-4604-A402-D18C1401F2E7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7BB0D85B-59A8-40C3-A5BD-98520FDC9A9C}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{7CBC6C7F-4E18-4C30-A54B-AFBC7E9B2EB0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7E5C3D69-DF25-479B-9D82-D3C1CCA16BCE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{80D1B9CD-A6BE-40E2-A6FD-FD14F368B4B1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{83ED8677-10E9-42D2-9667-626F95C3A91D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8FC82375-7F71-4BE9-9822-E5C6DA4C0DFE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{94833B4E-7859-4A88-8308-29EB1E4576F4}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{956E8270-7146-4BDC-A030-80E40AA4EB0E}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{9DDCB595-BFE4-4699-8EC8-94A347672DBC}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe |
"{A3B76580-F1A3-477F-A936-2412F3F282F8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A538B28E-07FA-4923-A1AE-4A9BDA666621}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{A77533D6-D4C1-4522-9CBF-F41C1A07E4B7}" = protocol=17 | dir=in | app=c:\users\debbie\appdata\local\temp\7zs6e4.tmp\symnrt.exe |
"{AF21A287-6237-45B0-B0B0-5E5193C218FE}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{B4E8EC63-4829-4296-9EB9-6B75B79B419A}" = protocol=17 | dir=in | app=c:\windows\system32\lxdlcoms.exe |
"{B95DAF30-518A-487E-851F-C9148BEA5695}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BF125CEC-0D4B-4472-B616-61046B1CA98A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{C80B25E0-0B33-4D7C-A75B-F9FCA45DC883}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{C9282F37-099F-4ECB-A3D1-A8899267FE88}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxdlcoms.exe |
"{CA6F3539-64E3-46FF-8CFB-096055C0EEB8}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 7500 series\lxdlfax.exe |
"{CA9BC350-3B45-45E3-8FD8-9876AE98E64A}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdlpswx.exe |
"{CE28A0CB-77B3-4B72-A53F-0539A7B713FD}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdlpswx.exe |
"{D4385A03-45A6-496F-97D2-5F4F5D65B1FA}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxdlcoms.exe |
"{D5D65CA2-116D-407C-92C9-7E5C7A4992F0}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdltime.exe |
"{D5F3BA8D-E269-4BA0-9A88-9074A7FF366E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E10CAFC4-5145-420C-9796-339BFB91ACD6}" = protocol=6 | dir=in | app=c:\windows\system32\lxdlcfg.exe |
"{E30F02A6-0207-483B-A7B5-8DFD89DD5880}" = dir=in | app=c:\users\debbie\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{EC2DCEE2-3A94-429E-8AE5-EFBED0BA3986}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EF8F6650-6F2C-4628-9E2B-992E0F8B0A50}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdltime.exe |
"{F0E19A17-C5C2-4C53-AD93-9A3A32623609}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 7500 series\lxdlmon.exe |
"{F2C9E7E0-37CF-4D1F-A7ED-CD42E55ABF47}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 7500 series\frun.exe |
"{F49469D1-6FB9-4335-9EAC-009C736ACE26}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 7500 series\frun.exe |
"{F9B0F3B6-B9F0-4477-A858-5EF57930E7B1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FB78E015-F908-4A9B-A389-23DB95AB2B49}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FD32F004-564A-4D52-8F82-F35C68227E63}" = protocol=6 | dir=out | app=system |
"TCP Query User{01DCBEE7-EE3A-4093-9B57-DCAC9EE5086E}C:\program files (x86)\lexmark 7500 series\lxdlmon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 7500 series\lxdlmon.exe |
"TCP Query User{4BF45BB5-D3CD-4245-BECD-761569F753A1}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{D44CE89D-2375-4B90-A202-19914181568E}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{F4B24FEF-A64E-4076-84F4-CD3373C8FADF}C:\program files (x86)\lexmark 7500 series\lxdlmon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 7500 series\lxdlmon.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{48C46F0E-7B86-AC31-ACFC-2B40F1C90ACE}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6153098B-60DB-6A9F-EA0F-B006A96B57D5}" = ATI Catalyst Install Manager
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CAB2212-0732-4827-8EC4-61D8EF0AA65B}" = HP Launch Box
"{AADE02D5-DCBF-04C3-CD05-ABA83D28BC4A}" = AMD Fuel
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBA2849B-6C95-9FD2-7ACC-BF456F1958AA}" = AMD Media Foundation Decoders
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Lexmark 7500 Series" = Lexmark 7500 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PDF-XChange 3_is1" = PDF-XChange 3
"SynTPDeinstKey" = Synaptics TouchPad Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{15412249-0AFA-D2A1-E7E2-E57AE1A96781}" = CCC Help Swedish
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19EAB36E-A979-0870-F58F-6F4F34017D29}" = CCC Help Chinese Traditional
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2070F457-B044-FCEE-B6DA-CB2C12CD76A5}" = CCC Help German
"{224CA902-F494-FD2A-4211-771454ED464B}" = CCC Help English
"{252FC4D1-4056-7237-6B19-4C66D0CF45A9}" = CCC Help Dutch
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3BE2E4AA-C164-FEB5-6C82-BBBC90C88915}" = CCC Help Hungarian
"{44D822AA-DA6D-1915-4B64-60D06AE613CE}" = CCC Help Danish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A917E5E-2567-C01E-7F41-AF09DAE523A1}" = AMD VISION Engine Control Center
"{4F38594F-2C4A-4C42-B2C4-505E225F6F80}" = HP Product Detection
"{5036764A-435D-40C9-869C-31085A3D741D}" = HP Setup
"{5377D0E6-0B77-5C94-A3F8-2A7C0E5791A1}" = CCC Help French
"{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5FE625A7-E8D6-2E41-4693-F6AC6310C467}" = CCC Help Polish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F076041-F337-5F67-75E7-6C1324D43EC6}" = CCC Help Japanese
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7FA82763-D04B-A656-159B-BD8847176377}" = CCC Help Russian
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT5390 802.11b/g/n WiFi Adapter
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}" = Blio
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{955CB8C1-F5F9-B649-FC65-FD65F9EC0459}" = CCC Help Korean
"{962CB079-85E6-405F-8704-1C62365AE46F}" = HP Software Framework
"{97E33108-2206-087B-9399-29F5201AAC98}" = CCC Help Portuguese
"{999164B6-5B78-4DD3-BACE-7292640AD0DD}" = HP QuickWeb
"{9B3CC933-5EF7-A868-7B74-1A227394566E}" = CCC Help Finnish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A1ACD45F-0D8E-0566-0EC0-530CDCD7E8F4}" = Catalyst Control Center Graphics Previews Common
"{A3D1D38D-9C85-7BEB-5AC8-EC2D90E2882A}" = CCC Help Czech
"{A440179F-D169-B9DA-B478-6CE97FDB3D4C}" = CCC Help Greek
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B898ABBB-4723-84B5-04C4-32A15F9DBD48}" = CCC Help Chinese Standard
"{B91459FD-63A9-71E3-68F1-82352B0892B3}" = Catalyst Control Center Localization All
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B976E52C-93A3-5CD1-FF67-658877850EDD}" = CCC Help Italian
"{BEDC570A-C947-D0C8-3014-A1EAA042779D}" = CCC Help Turkish
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2EE0EA6-826F-63EA-8751-E2F3714DBA40}" = CCC Help Thai
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}" = HP Power Manager
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5441D19-417C-8C34-3F31-CCBD563C946E}" = Catalyst Control Center InstallProxy
"{E56E5D38-5972-420A-9BAF-0F84471E0142}" = HP Documentation
"{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1
"{EA8CC2F2-BC30-141C-92B6-CC870B4B2977}" = CCC Help Spanish
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F30403FF-0146-4633-AAC5-D5CD5C50AE70}" = Catalyst Control Center - Branding
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3
"{F8FBF4C7-5ADA-66B1-6509-09E05C257963}" = CCC Help Norwegian
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Cook'n for PC" = Cook'n for PC
"Coupon Printer for Windows5.0.0.2" = Coupon Printer for Windows
"Family Tree Heritage" = Family Tree Heritage
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"MSC" = McAfee AntiVirus Plus
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WTA-06cde2ac-2469-4ada-9a43-d9b81965c665" = Polar Bowler
"WTA-22771e1a-8127-47fa-a271-338fe836f738" = Jewel Quest: The Sleepless Star - Collector's Edition
"WTA-28bd0c1a-3a96-4a2a-bc32-a3e0c23231d2" = Cradle of Rome 2
"WTA-2c509d94-6fd0-46ef-adfe-abc11e6b4ed2" = Cake Mania
"WTA-366f8fbd-469f-4a55-8a18-d20f29f9e052" = Governor of Poker 2 Premium Edition
"WTA-47c3f30d-731c-4525-880b-1e875e2da4dd" = Virtual Villagers 5 - New Believers
"WTA-516081b6-3544-4d96-9f92-e72b0692bd9d" = Namco All-Stars: PAC-MAN
"WTA-5ec4b3d2-2ab4-4c7a-9fd0-f3094358145c" = FATE
"WTA-65b7cb8a-07e2-4ba3-9a05-45f256f23784" = Mah Jong Medley
"WTA-76e02dce-eff3-42a3-8356-506d0bacbd68" = Chronicles of Albian
"WTA-930ab6d3-6df6-49ef-a8d2-5c079eeacb4b" = Poker Superstars III
"WTA-979cdfdd-f08e-4008-9226-abe0a7a35a68" = Mystery of Mortlake Mansion
"WTA-9873ba65-1883-4a98-a583-83769c3e4764" = Blackhawk Striker 2
"WTA-9a74ef16-3a61-4344-86f6-1cc026920c52" = Bounce Symphony
"WTA-9b95cee3-66a8-4146-81af-4570168e365a" = Blasterball 3
"WTA-9e5bdbe0-a62b-4b5e-bd86-4a39e729afab" = Polar Golfer
"WTA-bba6e119-0c04-4949-9190-eec6f9fe5527" = Slingo Supreme
"WTA-cc714479-2075-4bdc-9019-fe930cb67cc7" = Penguins!
"WTA-ce87aea7-03a5-4dd7-be0d-92092a508ef6" = Chuzzle Deluxe
"WTA-d82a4d19-a9ff-490f-9926-03aa6309468d" = Zuma Deluxe
"WTA-e801f3dc-ef37-4f90-9811-25a9c59af533" = Bejeweled 3
"WTA-e90abf46-91dd-48b8-b21b-5241204bc0e5" = Agatha Christie - Peril at End House
"WTA-ee9d2025-7d0c-42e6-895a-6e550b1e333c" = Plants vs. Zombies - Game of the Year
"WTA-f5c61b8f-f30d-44b5-a051-ba40ba06d055" = Farm Frenzy
"WTA-fbe07be8-240f-4b3b-856a-b3a5f2d16e3c" = Vacation Quest - The Hawaiian Islands

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/10/2013 2:07:16 AM | Computer Name = Debbie-HP | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16457,
time stamp: 0x50a2f9e3 Faulting module name: MSHTML.dll, version: 9.0.8112.16457,
time stamp: 0x50a30507 Exception code: 0xc0000005 Fault offset: 0x002cd376 Faulting
process id: 0xd5c Faulting application start time: 0x01cde6a4bf333cae Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\system32\MSHTML.dll Report Id: fb541412-5aeb-11e2-87a6-78e3b55ee53a

Error - 1/10/2013 10:07:36 AM | Computer Name = Debbie-HP | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16457 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1470 Start
Time: 01cdeef8d886fcf5 Termination Time: 115 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id:

Error - 1/10/2013 10:51:09 AM | Computer Name = Debbie-HP | Source = WinMgmt | ID = 10
Description =

Error - 1/11/2013 3:44:11 PM | Computer Name = Debbie-HP | Source = WinMgmt | ID = 10
Description =

Error - 1/12/2013 11:30:45 PM | Computer Name = Debbie-HP | Source = Application Error | ID = 1000
Description = Faulting application name: lxdlcoms.exe, version: 1.0.2.0, time stamp:
0x464c9d04 Faulting module name: lxdlhbn3.dll, version: 1.0.2.0, time stamp: 0x464c9d06
Exception
code: 0xc0000005 Fault offset: 0x000000000006356e Faulting process id: 0x6cc Faulting
application start time: 0x01cdf033f9f21e2a Faulting application path: C:\Windows\system32\lxdlcoms.exe
Faulting
module path: C:\Windows\system32\lxdlhbn3.dll Report Id: 9cf11f3f-5d31-11e2-a416-78e3b55ee53a

Error - 1/17/2013 11:25:25 AM | Computer Name = Debbie-HP | Source = Google Update | ID = 20
Description =

Error - 1/17/2013 8:37:43 PM | Computer Name = Debbie-HP | Source = Google Update | ID = 20
Description =

Error - 1/19/2013 7:49:58 PM | Computer Name = Debbie-HP | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16457 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 2024 Start
Time: 01cdf69ac84a6ade Termination Time: 83 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id:

Error - 1/21/2013 10:13:39 AM | Computer Name = Debbie-HP | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16457 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1fd4 Start
Time: 01cdf7dffe1cca9b Termination Time: 63 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id:

Error - 1/22/2013 2:42:48 AM | Computer Name = Debbie-HP | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16457 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1b60 Start
Time: 01cdf77aa9b8a72d Termination Time: 202 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id:

[ Hewlett-Packard Events ]
Error - 8/2/2012 7:56:22 PM | Computer Name = Debbie-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 11/3/2012 11:15:04 AM | Computer Name = Debbie-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 11/3/2012 11:20:46 AM | Computer Name = Debbie-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 11/3/2012 11:21:06 AM | Computer Name = Debbie-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 11/3/2012 11:21:06 AM | Computer Name = Debbie-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 11/3/2012 11:21:28 AM | Computer Name = Debbie-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 11/8/2012 8:18:29 PM | Computer Name = Debbie-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 3692
Ram
Utilization: 50 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()


[ System Events ]
Error - 12/12/2012 10:06:40 AM | Computer Name = Debbie-HP | Source = DCOM | ID = 10010
Description =

Error - 12/12/2012 10:41:55 PM | Computer Name = Debbie-HP | Source = Service Control Manager | ID = 7031
Description = The McAfee Personal Firewall service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 12/12/2012 10:42:55 PM | Computer Name = Debbie-HP | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the McAfee Personal Firewall service,
but this action failed with the following error: %%1056

Error - 12/13/2012 7:18:05 PM | Computer Name = Debbie-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 12/14/2012 9:25:52 AM | Computer Name = Debbie-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 12/16/2012 10:40:24 AM | Computer Name = Debbie-HP | Source = DCOM | ID = 10010
Description =

Error - 12/16/2012 10:40:27 AM | Computer Name = Debbie-HP | Source = DCOM | ID = 10010
Description =

Error - 12/16/2012 10:44:43 AM | Computer Name = Debbie-HP | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the lxdlCATSCustConnectService
service to connect.

Error - 12/16/2012 10:44:43 AM | Computer Name = Debbie-HP | Source = Service Control Manager | ID = 7000
Description = The lxdlCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 12/16/2012 6:33:45 PM | Computer Name = Debbie-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the NlaSvc service.


< End of report >

#10 djdaclwn

djdaclwn
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 11 February 2013 - 11:25 PM

Aswmbr.txt


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-02-11 21:57:09
-----------------------------
21:57:09.621 OS Version: Windows x64 6.1.7601 Service Pack 1
21:57:09.621 Number of processors: 2 586 0x200
21:57:09.621 ComputerName: DEBBIE-HP UserName: Debbie
21:57:11.946 Initialize success
22:01:54.794 AVAST engine defs: 13021101
22:02:14.809 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006d
22:02:14.824 Disk 0 Vendor: Hitachi_ JEDO Size: 610480MB BusType: 11
22:02:14.871 Disk 0 MBR read successfully
22:02:14.871 Disk 0 MBR scan
22:02:14.887 Disk 0 Windows XP default MBR code
22:02:14.902 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
22:02:14.934 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 591486 MB offset 409600
22:02:14.965 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14730 MB offset 1211772928
22:02:14.980 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 4063 MB offset 1241939968
22:02:15.027 Disk 0 scanning C:\Windows\system32\drivers
22:02:29.067 Service scanning
22:03:06.507 Modules scanning
22:03:06.523 Disk 0 trace - called modules:
22:03:06.570 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys ACPI.sys storport.sys hal.dll amd_sata.sys
22:03:06.570 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003d9e060]
22:03:06.585 3 CLASSPNP.SYS[fffff880018a643f] -> nt!IofCallDriver -> [0xfffffa8003c1a040]
22:03:06.601 5 amd_xata.sys[fffff8800108ea1d] -> nt!IofCallDriver -> [0xfffffa8003c15560]
22:03:06.616 7 ACPI.sys[fffff88000f927a1] -> nt!IofCallDriver -> \Device\0000006d[0xfffffa8003c16060]
22:03:08.847 AVAST engine scan C:\Windows
22:03:14.354 AVAST engine scan C:\Windows\system32
22:10:08.738 AVAST engine scan C:\Windows\system32\drivers
22:10:34.103 AVAST engine scan C:\Users\Debbie
22:13:39.806 AVAST engine scan C:\ProgramData
22:26:56.687 Scan finished successfully
22:44:54.907 Disk 0 MBR has been saved successfully to "C:\Users\Debbie\Desktop\MBR.dat"
22:44:54.923 The log file has been saved successfully to "C:\Users\Debbie\Desktop\aswMBR.txt"

#11 djdaclwn

djdaclwn
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 12 February 2013 - 06:46 AM

Good morning ST,

I ran Microsoft Security scanner after all of this after bedtime and when I woke up it said it found Trojan:Win32/Sirefef!cfg. I do not know how there can be so much on this computer...the system is also popping up asking me if I want to debug this page over and over as well.

Thanks


Edited by djdaclwn, 12 February 2013 - 06:50 AM.


#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:12:10 PM

Posted 12 February 2013 - 09:08 AM

Hi Debbie,

It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:




OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.
  • Please reopen otlicon.png on your desktop.
  • Copy and Paste the following code into the customscanfix.png textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    IE - HKLM\..\SearchScopes\{5a1d0d31-749c-4186-a295-4106e6e7b26a}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^AFA^xdm069^YY^us&si=101497&ptb=000EB6C1-8C7B-41C8-B854-D57C10262177&ind=2012111617&n=77ee6301&psa=&st=sb&searchfor={searchTerms}
    IE - HKU\S-1-5-21-2291088986-3992219928-4107107958-1002\..\SearchScopes\{5a1d0d31-749c-4186-a295-4106e6e7b26a}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^AFA^xdm069^YY^us&si=101497&ptb=000EB6C1-8C7B-41C8-B854-D57C10262177&ind=2012111617&n=77ee6301&psa=&st=sb&searchfor={searchTerms}
    O3 - HKU\S-1-5-21-2291088986-3992219928-4107107958-1002\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [lxdlamon] .EXE" File not found
    O4:64bit: - HKLM..\Run: [lxdlmon.exe] .EXE" File not found
    O33 - MountPoints2\{3a98d38f-0c73-11e1-8c92-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{3a98d38f-0c73-11e1-8c92-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Start.exe -- [2011/10/05 13:00:54 | 002,830,336 | R--- | M] (PC Treasures, Inc.)
    [2013/02/07 20:27:34 | 000,001,514 | ---- | M] () -- C:\Users\Debbie\Application Data\Microsoft\Internet Explorer\Quick Launch\System Repair.lnk
    
    :Reg
    
    :Files
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push runfix.png
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
  • NEXT:



    Running ComboFix
    Download ComboFix from one of the following locations:
    Link 1
    Link 2

    VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

    * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
    • Double click on ComboFix.exe & follow the prompts.
    As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    RC1.png
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    RC2-1.png
    • Click on Yes, to continue scanning for malware.
    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.



    Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 djdaclwn

djdaclwn
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 12 February 2013 - 02:07 PM

Should I just get my favorites off of it and trash this computer?

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:12:10 PM

Posted 12 February 2013 - 04:32 PM

That is a decision that is completely up to you. If you have the Windows XP discs, you could grab your bookmarks off of this computer, and then reformat and re-install the operating system. Sometimes performing a reformat and re-install is the quickest and safest way to get your computer back to factory settings.

Let me know how you wish to proceed.

-ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 djdaclwn

djdaclwn
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 12 February 2013 - 06:10 PM

Hi ST,
It is Win 7 that this is running and so far I cannot find any disks :/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users