Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unknown Infection Help

Started by SPC O'Donnell , Jan 02 2010 08:15 AM

  • Please log in to reply

#1
SPC O'Donnell
Posted 02 January 2010 - 08:15 AM

SPC O'Donnell

    Member

  • Member
  • PipPip
  • 55 posts
Been having problems with my desktop almost since we got it. Not sure what we have or if we even have anything. If we are using the internet, through IE or Firefox, we'll get either random blue screens or the browser will crash. Ran Norton Internet Security and it picked up a virtumundo (I think) variant. Ran the fix on here ... did nothing.

Recently upgraded to Windows 7 Home Premium and still having the same problems. Thank you for your time.

Here is my OTL Log:
OTL logfile created on: 1/2/2010 2:59:08 PM - Run 1
OTL by OldTimer - Version 3.1.10.1 Folder = C:\Users\Jackie\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 49.23% Memory free
4.00 Gb Paging File | 2.61 Gb Available in Paging File | 65.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.20 Gb Total Space | 215.91 Gb Free Space | 47.54% Space Free | Partition Type: NTFS
Drive D: | 11.56 Gb Total Space | 1.55 Gb Free Space | 13.43% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ODONNELL
Current User Name: Jackie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/26 12:57:03 | 00,531,456 | ---- | M] (OldTimer Tools) -- C:\Users\Jackie\Downloads\OTL.exe
PRC - [2009/11/15 22:44:54 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
PRC - [2009/11/13 09:17:26 | 00,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Jackie\Program Files (x86)\DNA\btdna.exe
PRC - [2009/10/20 07:34:55 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
PRC - [2009/10/20 07:34:55 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
PRC - [2009/10/20 07:34:55 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
PRC - [2009/10/20 07:34:55 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
PRC - [2009/10/20 07:34:55 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
PRC - [2009/10/20 07:34:55 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
PRC - [2009/10/20 07:34:55 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
PRC - [2009/10/14 13:36:56 | 02,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 13:34:18 | 00,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/14 13:34:18 | 00,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/14 13:34:18 | 00,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/14 13:34:18 | 00,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/14 13:34:18 | 00,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/14 13:34:18 | 00,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/07/14 02:14:21 | 00,115,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ielowutil.exe
PRC - [2009/07/14 02:14:21 | 00,115,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ielowutil.exe
PRC - [2009/07/14 02:14:21 | 00,115,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ielowutil.exe
PRC - [2009/03/17 13:25:40 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
PRC - [2009/03/17 13:25:40 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
PRC - [2009/03/17 13:25:40 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
PRC - [2009/03/17 13:25:40 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
PRC - [2009/03/17 13:25:40 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
PRC - [2007/10/11 08:45:56 | 00,051,712 | ---- | M] (ArcSoft) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2007/10/11 08:45:56 | 00,051,712 | ---- | M] (ArcSoft) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2007/10/11 08:45:52 | 00,031,232 | ---- | M] (ArcSoft) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2007/06/12 03:27:24 | 00,291,760 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe
PRC - [2007/06/12 03:27:24 | 00,291,760 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe
PRC - [2007/06/12 03:27:24 | 00,291,760 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe
PRC - [2007/06/12 03:27:24 | 00,291,760 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe
PRC - [2007/05/09 00:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
PRC - [2007/04/30 16:19:54 | 00,020,480 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe
PRC - [2007/04/30 16:19:54 | 00,020,480 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe
PRC - [2007/04/18 16:01:34 | 00,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/04/18 16:01:34 | 00,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/04/18 16:01:34 | 00,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2005/02/02 17:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe
PRC - [2005/02/02 17:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe
PRC - [2005/02/02 17:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe


========== Modules (SafeList) ==========

MOD - [2009/11/26 12:57:03 | 00,531,456 | ---- | M] (OldTimer Tools) -- C:\Users\Jackie\Downloads\OTL.exe
MOD - [2009/07/14 02:16:17 | 01,123,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll
MOD - [2009/07/14 02:16:17 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll
MOD - [2009/07/14 02:16:15 | 00,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll
MOD - [2009/07/14 02:16:15 | 00,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll
MOD - [2009/07/14 02:14:57 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll
MOD - [2009/07/14 02:03:50 | 01,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/10/07 01:47:10 | 00,191,000 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/07/14 02:41:59 | 00,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/14 02:41:56 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/14 02:41:56 | 00,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/14 02:41:55 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/14 02:41:54 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/14 02:41:54 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/14 02:41:53 | 00,327,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/14 02:41:53 | 00,327,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/14 02:41:53 | 00,187,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/14 02:41:53 | 00,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/14 02:41:53 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/14 02:41:27 | 01,011,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:41:18 | 00,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/14 02:40:54 | 01,127,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/14 02:40:28 | 00,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/14 02:40:28 | 00,291,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/14 02:40:13 | 00,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/14 02:40:10 | 00,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/14 02:40:05 | 00,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/14 02:40:01 | 00,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/14 02:39:56 | 01,525,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV:64bit: - [2009/07/14 02:39:51 | 01,503,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/14 02:39:28 | 03,524,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/14 02:39:11 | 00,689,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV:64bit: - [2007/09/07 19:16:16 | 01,909,032 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\SysNative\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2007/05/25 17:42:22 | 00,034,224 | ---- | M] () -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxddserv.exe -- (lxddCATSCustConnectService)
SRV:64bit: - [2007/05/25 17:42:12 | 00,567,216 | ---- | M] ( ) -- C:\Windows\SysNative\lxddcoms.exe -- (lxdd_device)
SRV - [2009/10/20 07:34:55 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe -- (NIS)
SRV - [2009/07/14 04:20:14 | 00,000,000 | ---D | M] -- C:\Windows\Vss -- (VSS)
SRV - [2009/07/14 04:20:14 | 00,000,000 | ---D | M] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009/07/14 02:39:09 | 00,696,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2009/07/14 02:39:09 | 00,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2009/07/14 02:16:12 | 00,165,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 02:15:11 | 00,253,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 21:30:11 | 00,061,056 | ---- | M] () -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/06/10 22:23:09 | 00,066,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 21:39:58 | 00,089,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/06/10 21:30:59 | 00,042,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2009/06/10 21:30:45 | 00,856,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2009/03/17 13:25:40 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/25 10:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/03/15 02:31:38 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2008/01/29 16:09:02 | 00,394,704 | ---- | M] (Symantec, Inc.) -- C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2007/10/11 08:45:56 | 00,051,712 | ---- | M] (ArcSoft) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007/05/25 17:41:38 | 00,537,520 | ---- | M] ( ) -- C:\Windows\SysWow64\lxddcoms.exe -- (lxdd_device)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {4C0766D3-67A7-45a3-85A2-752F77312F32}:4.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.6

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/12/26 15:02:52 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{4C0766D3-67A7-45a3-85A2-752F77312F32}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2009/12/26 15:02:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2009/12/26 15:02:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/12/26 14:58:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/12/30 20:23:04 | 00,000,000 | ---D | M]

[2009/12/26 15:18:06 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\Mozilla\Extensions
[2009/11/24 21:25:54 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/19 10:22:47 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/01/01 17:00:08 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\Mozilla\Firefox\Profiles\dftghkbn.default\extensions
[2009/12/26 15:18:08 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\Mozilla\Firefox\Profiles\dftghkbn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/26 17:15:21 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/12/26 14:58:46 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/12/17 17:45:12 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2009/12/17 17:45:12 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2009/12/17 17:45:16 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2009/12/17 17:45:23 | 00,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/12/17 17:45:23 | 00,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml
[2009/12/17 17:45:23 | 00,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/12/17 17:45:23 | 00,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml
[2009/12/17 17:45:23 | 00,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2009/11/24 21:26:42 | 00,002,422 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\safesearch.xml
[2009/12/17 17:45:23 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/12/17 17:45:23 | 00,000,792 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (761 bytes) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll File not found
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\CoIEPlg.dll (Symantec Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [lxddamon] C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe ()
O4:64bit: - HKLM..\Run: [lxddmon.exe] C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [wcmdmgr] C:\Windows\wt\updater\wcmdmgrl.exe (WildTangent, Inc.)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\Jackie\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Jackie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyPoker\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyPoker\PartyPoker\RunApp.exe File not found
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo1.walgre...eensActivia.cab (Snapfish Activia)
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.s...abs/tgctlcm.cab (Symantec Configuration Class)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro2.cce....ads/sysinfo.cab (SysData Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2009/07/14 04:20:14 | 00,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008/01/21 04:08:35 | 00,000,000 | ---D | M]
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/01/02 14:46:39 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/01/02 14:46:36 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/12/30 23:33:54 | 00,000,000 | ---D | C] -- C:\lexmark
[2009/12/27 03:05:38 | 00,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2009/12/27 03:05:38 | 00,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2009/12/26 23:38:31 | 00,000,000 | ---D | C] -- C:\Windows\Panther
[2009/12/26 23:18:13 | 00,000,000 | -H-D | C] -- C:\$WINDOWS.~Q
[2009/12/26 23:10:36 | 00,000,000 | -H-D | C] -- C:\$INPLACE.~TR
[2009/12/26 21:09:16 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009/12/26 18:38:00 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Wise Registry Cleaner
[2009/12/26 18:25:34 | 00,000,000 | ---D | C] -- C:\Users\Jackie\AppData\Roaming\Uniblue
[2009/12/26 18:25:00 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2009/12/26 17:53:37 | 00,327,704 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\drivers\lvrs64.sys
[2009/12/26 16:39:58 | 00,000,000 | ---D | C] -- C:\Users\Jackie\AppData\Roaming\Skype
[2009/12/26 16:39:21 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2009/12/26 16:39:20 | 00,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2009/12/26 15:56:02 | 00,000,000 | -HSD | C] -- C:\Recovery
[2009/12/26 14:50:51 | 00,000,000 | --SD | C] -- C:\Users\Jackie\AppData\Roaming\Microsoft
[2009/12/26 14:50:51 | 00,000,000 | R--D | C] -- C:\Users\Jackie\Videos
[2009/12/26 14:50:51 | 00,000,000 | R--D | C] -- C:\Users\Jackie\Saved Games
[2009/12/26 14:50:51 | 00,000,000 | R--D | C] -- C:\Users\Jackie\Pictures
[2009/12/26 14:50:51 | 00,000,000 | R--D | C] -- C:\Users\Jackie\Music
[2009/12/26 14:50:51 | 00,000,000 | R--D | C] -- C:\Users\Jackie\Links
[2009/12/26 14:50:51 | 00,000,000 | R--D | C] -- C:\Users\Jackie\Favorites
[2009/12/26 14:50:51 | 00,000,000 | R--D | C] -- C:\Users\Jackie\Downloads
[2009/12/26 14:50:51 | 00,000,000 | R--D | C] -- C:\Users\Jackie\Documents
[2009/12/26 14:50:51 | 00,000,000 | R--D | C] -- C:\Users\Jackie\Desktop
[2009/12/26 14:50:51 | 00,000,000 | -HSD | C] -- C:\Users\Jackie\AppData\Local\Temporary Internet Files
[2009/12/26 14:50:51 | 00,000,000 | -HSD | C] -- C:\Users\Jackie\Templates
[2009/12/26 14:50:51 | 00,000,000 | -HSD | C] -- C:\Users\Jackie\Start Menu
[2009/12/26 14:50:51 | 00,000,000 | -HSD | C] -- C:\Users\Jackie\SendTo
[2009/12/26 14:50:51 | 00,000,000 | -HSD | C] -- C:\Users\Jackie\Recent
[2009/12/26 14:50:51 | 00,000,000 | -HSD | C] -- C:\Users\Jackie\PrintHood
[2009/12/26 14:50:51 | 00,000,000 | -HSD | C] -- C:\Users\Jackie\NetHood
[2009/12/26 14:50:51 | 00,000,000 | -HSD | C] -- C:\Users\Jackie\Documents\My Videos
[2009/12/26 14:50:51 | 00,000,000 | -HSD | C] -- C:\Users\Jackie\Documents\My Pictures
[2009/12/26 14:50:51 | 00,000,000 | -HSD | C] -- C:\Users\Jackie\Documents\My Music
[2009/12/26 14:50:51 | 00,000,000 | -HSD | C] -- C:\Users\Jackie\My Documents
[2009/12/26 14:50:51 | 00,000,000 | -HSD | C] -- C:\Users\Jackie\Local Settings
[2009/12/26 14:50:51 | 00,000,000 | -HSD | C] -- C:\Users\Jackie\AppData\Local\History
[2009/12/26 14:50:51 | 00,000,000 | -HSD | C] -- C:\Users\Jackie\Cookies
[2009/12/26 14:50:51 | 00,000,000 | -HSD | C] -- C:\Users\Jackie\Application Data
[2009/12/26 14:50:51 | 00,000,000 | -HSD | C] -- C:\Users\Jackie\AppData\Local\Application Data
[2009/12/26 14:50:51 | 00,000,000 | -H-D | C] -- C:\Users\Jackie\AppData
[2009/12/26 14:50:51 | 00,000,000 | ---D | C] -- C:\Users\Jackie\AppData\Local\Temp
[2009/12/26 14:50:51 | 00,000,000 | ---D | C] -- C:\Users\Jackie\AppData\Local\Microsoft
[2009/12/26 14:50:51 | 00,000,000 | ---D | C] -- C:\Users\Jackie\AppData\Roaming\Media Center Programs
[2009/12/26 14:44:42 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
[2009/12/26 14:43:46 | 00,539,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvuninst.exe
[2009/12/26 14:43:34 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2009/12/26 14:43:34 | 00,000,000 | ---D | C] -- C:\Program Files\Realtek
[2009/12/26 14:40:45 | 00,000,000 | ---D | C] -- C:\Windows\Prefetch
[2009/12/23 14:21:57 | 00,000,000 | ---D | C] -- C:\Users\Jackie\AppData\Roaming\Xenocode
[2008/07/21 19:08:02 | 00,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddpmui.dll
[2008/07/21 19:08:02 | 00,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddinpa.dll
[2008/07/21 19:08:02 | 00,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddiesc.dll
[2008/07/21 19:08:01 | 01,232,896 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddserv.dll
[2008/07/21 19:08:01 | 00,999,424 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddusb1.dll
[2008/07/21 19:08:01 | 00,700,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddhbn3.dll
[2008/07/21 19:08:01 | 00,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddcomc.dll
[2008/07/21 19:08:01 | 00,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddlmpm.dll
[2008/07/21 19:08:01 | 00,425,984 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddcomm.dll
[2008/07/21 19:08:01 | 00,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddprox.dll
[2008/07/21 19:08:01 | 00,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddpplc.dll

========== Files - Modified Within 14 Days ==========

[2010/01/02 15:01:10 | 03,145,728 | -HS- | M] () -- C:\Users\Jackie\NTUSER.DAT
[2010/01/02 14:46:42 | 00,001,011 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/02 10:48:55 | 03,448,748 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1101000.013\Cat.DB
[2010/01/02 09:42:56 | 00,009,504 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/02 09:42:56 | 00,009,504 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/02 09:39:35 | 00,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/01/02 09:39:35 | 00,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/01/02 09:39:35 | 00,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/01/02 09:35:21 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/02 09:35:09 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/02 09:35:01 | 00,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2010/01/02 09:34:54 | 16,094,74048 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/02 01:10:17 | 01,022,352 | -H-- | M] () -- C:\Users\Jackie\AppData\Local\IconCache.db
[2010/01/01 17:55:23 | 32,302,2433 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/12/30 23:36:15 | 00,069,192 | ---- | M] () -- C:\Windows\SysNative\LexFiles.ulf
[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/12/30 14:55:06 | 00,022,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2009/12/29 07:23:28 | 00,001,031 | ---- | M] () -- C:\Users\Jackie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2009/12/29 00:45:51 | 00,524,288 | -HS- | M] () -- C:\Users\Jackie\NTUSER.DAT{2e161dba-f389-11de-9238-001fc6ec2939}.TMContainer00000000000000000002.regtrans-ms
[2009/12/29 00:45:51 | 00,524,288 | -HS- | M] () -- C:\Users\Jackie\NTUSER.DAT{2e161dba-f389-11de-9238-001fc6ec2939}.TMContainer00000000000000000001.regtrans-ms
[2009/12/29 00:45:51 | 00,065,536 | -HS- | M] () -- C:\Users\Jackie\NTUSER.DAT{2e161dba-f389-11de-9238-001fc6ec2939}.TM.blf
[2009/12/28 21:29:46 | 00,120,176 | ---- | M] () -- C:\Users\Jackie\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/12/28 20:05:58 | 00,000,690 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Jackie.job
[2009/12/27 09:00:45 | 03,053,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2009/12/26 23:38:18 | 00,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009/12/26 19:06:50 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2009/12/26 16:41:41 | 00,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2009/12/26 15:56:09 | 00,000,020 | -HS- | M] () -- C:\Users\Jackie\ntuser.ini
[2009/12/26 15:38:36 | 00,041,962 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2009/12/26 15:38:36 | 00,041,962 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2009/12/26 15:28:04 | 00,022,744 | ---- | M] () -- C:\Windows\SysNative\emptyregdb.dat
[2009/12/26 14:50:52 | 00,524,288 | -HS- | M] () -- C:\Users\Jackie\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2009/12/26 14:50:52 | 00,524,288 | -HS- | M] () -- C:\Users\Jackie\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2009/12/26 14:50:52 | 00,065,536 | -HS- | M] () -- C:\Users\Jackie\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2009/12/26 14:42:23 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2009/12/26 14:03:36 | 00,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/26 14:03:36 | 00,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/26 13:11:23 | 00,001,890 | ---- | M] () -- C:\Windows\diagwrn.xml
[2009/12/26 13:11:23 | 00,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[2009/12/25 10:08:58 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf

========== Files Created - No Company Name ==========

[2010/01/02 14:46:42 | 00,001,011 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/29 07:23:27 | 00,001,031 | ---- | C] () -- C:\Users\Jackie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2009/12/28 21:29:46 | 00,120,176 | ---- | C] () -- C:\Users\Jackie\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/12/28 09:16:17 | 00,524,288 | -HS- | C] () -- C:\Users\Jackie\NTUSER.DAT{2e161dba-f389-11de-9238-001fc6ec2939}.TMContainer00000000000000000002.regtrans-ms
[2009/12/28 09:16:17 | 00,524,288 | -HS- | C] () -- C:\Users\Jackie\NTUSER.DAT{2e161dba-f389-11de-9238-001fc6ec2939}.TMContainer00000000000000000001.regtrans-ms
[2009/12/28 09:16:17 | 00,065,536 | -HS- | C] () -- C:\Users\Jackie\NTUSER.DAT{2e161dba-f389-11de-9238-001fc6ec2939}.TM.blf
[2009/12/26 19:06:50 | 00,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2009/12/26 17:53:37 | 00,034,068 | ---- | C] () -- C:\Windows\SysNative\Repository.reg
[2009/12/26 17:15:56 | 01,022,352 | -H-- | C] () -- C:\Users\Jackie\AppData\Local\IconCache.db
[2009/12/26 16:41:41 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/26 15:56:09 | 00,000,020 | -HS- | C] () -- C:\Users\Jackie\ntuser.ini
[2009/12/26 15:52:44 | 16,094,74048 | -HS- | C] () -- C:\hiberfil.sys
[2009/12/26 15:28:04 | 00,022,744 | ---- | C] () -- C:\Windows\SysNative\emptyregdb.dat
[2009/12/26 14:50:51 | 03,145,728 | -HS- | C] () -- C:\Users\Jackie\NTUSER.DAT
[2009/12/26 14:50:51 | 00,524,288 | -HS- | C] () -- C:\Users\Jackie\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2009/12/26 14:50:51 | 00,524,288 | -HS- | C] () -- C:\Users\Jackie\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2009/12/26 14:50:51 | 00,065,536 | -HS- | C] () -- C:\Users\Jackie\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2009/12/26 14:44:47 | 00,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2009/12/26 14:43:28 | 00,009,504 | -H-- | C] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/26 14:43:28 | 00,009,504 | -H-- | C] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/26 14:42:23 | 00,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2009/12/26 12:40:38 | 00,001,890 | ---- | C] () -- C:\Windows\diagwrn.xml
[2009/12/26 12:40:38 | 00,001,890 | ---- | C] () -- C:\Windows\diagerr.xml
[2009/12/25 10:08:58 | 00,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009/12/23 14:21:57 | 00,000,006 | -HS- | C] () -- C:\Users\Jackie\AppData\Roaming\desktop.ini
[2009/11/06 10:58:04 | 00,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/10/20 11:03:48 | 00,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/07/14 06:32:39 | 00,043,318 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2009/07/14 06:32:39 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 06:32:39 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 06:32:39 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 05:54:24 | 00,000,174 | -HS- | C] () -- C:\Program Files (x86)\desktop.ini
[2009/07/14 03:35:42 | 00,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini
[2009/07/14 03:34:57 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2009/07/14 00:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 00,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/04/19 22:28:48 | 00,023,892 | ---- | C] () -- C:\Users\Jackie\AppData\Roaming\UserTile.png
[2008/12/10 19:22:42 | 00,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2008/10/07 08:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 08:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/07/21 19:08:02 | 00,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxddcomx.dll
[2008/07/21 19:08:02 | 00,286,720 | ---- | C] () -- C:\Windows\SysWow64\LXDDinst.dll
[2008/07/12 01:45:25 | 00,002,354 | ---- | C] () -- C:\Users\Jackie\AppData\Roaming\wklnhst.dat
[2008/07/08 05:42:31 | 00,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008/07/08 05:42:31 | 00,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2006/11/02 13:34:27 | 00,000,255 | ---- | C] () -- C:\Windows\win.ini
[1999/11/11 01:39:00 | 00,481,792 | ---- | C] () -- C:\Windows\SysWow64\RFFTW2dll.dll
[1997/11/10 15:18:48 | 00,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll

========== LOP Check ==========

[2009/12/28 22:20:56 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\Adobe
[2009/12/26 15:17:32 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\Atari
[2009/12/26 15:17:38 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\BitTorrent
[2009/12/26 15:17:38 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\CyberLink
[2009/12/26 15:17:39 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\DAEMON Tools
[2009/12/26 15:17:39 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\DivX
[2010/01/02 14:56:00 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\DNA
[2009/12/26 15:17:39 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\DriverCure
[2009/12/26 15:17:39 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\funkitron
[2009/12/26 15:17:39 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\Gamelab
[2009/12/26 15:17:39 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\Google
[2009/12/26 15:17:39 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\hewlett-packard
[2009/12/26 15:17:39 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\HP TCS
[2009/12/26 22:24:03 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\Identities
[2009/12/26 15:17:39 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\ImTOO Software Studio
[2009/12/26 15:17:39 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\IMVU Previewer
[2009/12/26 15:17:40 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\iWin
[2009/12/26 15:17:40 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\Leadertech
[2009/12/26 15:17:40 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\Legends of pirates
[2009/12/26 15:17:40 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\Lexmark Productivity Studio
[2009/12/26 15:17:40 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\LimeWire
[2009/12/26 15:17:40 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\Macromedia
[2009/12/26 15:17:55 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\Malwarebytes
[2009/07/14 08:44:38 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\Media Center Programs
[2009/12/26 15:57:47 | 00,000,000 | --SD | M] -- C:\Users\Jackie\AppData\Roaming\Microsoft
[2009/12/26 15:18:06 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\Mozilla
[2009/12/26 15:18:08 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\muvee Technologies
[2009/12/26 15:18:08 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\Nokia
[2009/01/08 22:10:48 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\Panasonic
[2009/12/26 15:18:08 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\PC Suite
[2009/04/19 22:28:48 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\PeerNetworking
[2009/12/26 15:18:09 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\PlayFirst
[2009/12/26 15:18:09 | 00,000,000 | RH-D | M] -- C:\Users\Jackie\AppData\Roaming\SecuROM
[2009/12/28 10:01:41 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\Skype
[2009/12/28 09:17:40 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\skypePM
[2009/12/26 15:18:09 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\Smith Micro
[2009/12/26 15:18:09 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\Symantec
[2009/12/26 15:18:10 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\Template
[2009/12/26 15:18:10 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\Tific
[2009/12/26 15:18:10 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\U3
[2009/12/26 15:18:10 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\UClick
[2009/12/26 18:25:34 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\Uniblue
[2009/12/26 15:18:10 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\WinBatch
[2008/07/15 09:00:23 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\WinRAR
[2010/01/02 09:35:27 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\WTablet
[2009/12/26 15:18:10 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\Xenocode
[2009/12/26 15:18:11 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\Yahoo!
[2009/12/28 20:05:58 | 00,000,690 | ---- | M] () -- C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Jackie.job
[2010/01/02 09:35:21 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 06:08:49 | 00,005,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009/07/14 02:52:21 | 00,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 02:52:21 | 00,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 02:52:21 | 00,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 02:52:21 | 00,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 02:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 02:40:20 | 00,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007/01/13 06:30:08 | 00,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll

< MD5 for: IASTORV.SYS >
[2009/07/14 02:48:04 | 00,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 02:48:04 | 00,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 02:41:52 | 00,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 02:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 02:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 02:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/14 02:45:45 | 00,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 02:45:45 | 00,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 02:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 02:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 02:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 02:41:53 | 00,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
< End of report >

Also so ran Mbytes but it only came up with adware registry keys. My wife also tried a registry cleaner with no success. Thanks again for your time.
  • 0

Advertisements

#2
chamber
Posted 08 January 2010 - 03:52 AM

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Hi,

Sorry for the delay, can you post a fresh OTL log for me as it has been a few days?
  • 0

#3
SPC O'Donnell
Posted 08 January 2010 - 11:33 AM

SPC O'Donnell

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
No problem. Here is the latest OTL scan:

OTL logfile created on: 1/8/2010 6:24:04 PM - Run 2
OTL by OldTimer - Version 3.1.10.1 Folder = C:\Users\Jackie\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.02 Gb Available Physical Memory | 51.19% Memory free
4.00 Gb Paging File | 2.64 Gb Available in Paging File | 66.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.20 Gb Total Space | 213.50 Gb Free Space | 47.01% Space Free | Partition Type: NTFS
Drive D: | 11.56 Gb Total Space | 1.55 Gb Free Space | 13.43% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ODONNELL
Current User Name: Jackie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/26 12:57:03 | 00,531,456 | ---- | M] (OldTimer Tools) -- C:\Users\Jackie\Downloads\OTL.exe
PRC - [2009/11/15 22:44:54 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
PRC - [2009/11/13 09:17:26 | 00,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Jackie\Program Files (x86)\DNA\btdna.exe
PRC - [2009/11/13 09:17:26 | 00,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Jackie\Program Files (x86)\DNA\btdna.exe
PRC - [2009/11/10 15:39:26 | 05,244,216 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2009/11/10 15:39:26 | 05,244,216 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2009/11/10 15:39:26 | 05,244,216 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2009/11/03 01:24:58 | 00,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10d.exe
PRC - [2009/11/03 01:24:58 | 00,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10d.exe
PRC - [2009/11/03 01:24:58 | 00,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10d.exe
PRC - [2009/10/20 07:34:55 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
PRC - [2009/10/20 07:34:55 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
PRC - [2009/10/20 07:34:55 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
PRC - [2009/10/20 07:34:55 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
PRC - [2009/10/20 07:34:55 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
PRC - [2009/10/20 07:34:55 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
PRC - [2009/10/20 07:34:55 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
PRC - [2009/10/20 07:34:55 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
PRC - [2009/10/20 07:34:55 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
PRC - [2009/10/20 07:34:55 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
PRC - [2009/10/20 07:34:55 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
PRC - [2009/10/14 13:36:56 | 02,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 13:34:18 | 00,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/07/14 02:17:29 | 00,673,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
PRC - [2009/07/14 02:17:29 | 00,673,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
PRC - [2009/07/14 02:14:21 | 00,115,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ielowutil.exe
PRC - [2009/07/14 02:14:21 | 00,115,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ielowutil.exe
PRC - [2009/03/17 13:25:40 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
PRC - [2009/03/17 13:25:40 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
PRC - [2009/03/17 13:25:40 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
PRC - [2009/03/17 13:25:40 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
PRC - [2007/10/11 08:45:56 | 00,051,712 | ---- | M] (ArcSoft) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2007/10/11 08:45:56 | 00,051,712 | ---- | M] (ArcSoft) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2007/10/11 08:45:56 | 00,051,712 | ---- | M] (ArcSoft) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2007/10/11 08:45:52 | 00,031,232 | ---- | M] (ArcSoft) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2007/06/12 03:27:24 | 00,291,760 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe
PRC - [2007/06/12 03:27:24 | 00,291,760 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe
PRC - [2007/06/12 03:27:24 | 00,291,760 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe
PRC - [2007/06/12 03:27:24 | 00,291,760 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe
PRC - [2007/05/09 00:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
PRC - [2007/04/30 16:19:54 | 00,020,480 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe
PRC - [2007/04/18 16:01:34 | 00,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2005/02/02 17:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe
PRC - [2005/02/02 17:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe
PRC - [2005/02/02 17:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe


========== Modules (SafeList) ==========

MOD - [2009/11/26 12:57:03 | 00,531,456 | ---- | M] (OldTimer Tools) -- C:\Users\Jackie\Downloads\OTL.exe
MOD - [2009/07/14 02:16:17 | 01,123,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll
MOD - [2009/07/14 02:16:17 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll
MOD - [2009/07/14 02:16:15 | 00,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll
MOD - [2009/07/14 02:16:15 | 00,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll
MOD - [2009/07/14 02:14:57 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll
MOD - [2009/07/14 02:03:50 | 01,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/10/07 01:47:10 | 00,191,000 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/07/14 02:41:59 | 00,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/14 02:41:56 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/14 02:41:56 | 00,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/14 02:41:55 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/14 02:41:54 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/14 02:41:54 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/14 02:41:53 | 00,327,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/14 02:41:53 | 00,327,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/14 02:41:53 | 00,187,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/14 02:41:53 | 00,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/14 02:41:53 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/14 02:41:27 | 01,011,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:41:18 | 00,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/14 02:40:54 | 01,127,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/14 02:40:28 | 00,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/14 02:40:28 | 00,291,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/14 02:40:13 | 00,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/14 02:40:10 | 00,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/14 02:40:05 | 00,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/14 02:40:01 | 00,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/14 02:39:56 | 01,525,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV:64bit: - [2009/07/14 02:39:51 | 01,503,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/14 02:39:28 | 03,524,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/14 02:39:11 | 00,689,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV:64bit: - [2007/09/07 19:16:16 | 01,909,032 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\SysNative\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2007/05/25 17:42:22 | 00,034,224 | ---- | M] () -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxddserv.exe -- (lxddCATSCustConnectService)
SRV:64bit: - [2007/05/25 17:42:12 | 00,567,216 | ---- | M] ( ) -- C:\Windows\SysNative\lxddcoms.exe -- (lxdd_device)
SRV - [2009/10/20 07:34:55 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe -- (NIS)
SRV - [2009/07/14 04:20:14 | 00,000,000 | ---D | M] -- C:\Windows\Vss -- (VSS)
SRV - [2009/07/14 04:20:14 | 00,000,000 | ---D | M] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009/07/14 02:39:09 | 00,696,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2009/07/14 02:39:09 | 00,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2009/07/14 02:16:12 | 00,165,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 02:15:11 | 00,253,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 21:30:11 | 00,061,056 | ---- | M] () -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/06/10 22:23:09 | 00,066,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 21:39:58 | 00,089,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/06/10 21:30:59 | 00,042,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2009/06/10 21:30:45 | 00,856,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2009/03/17 13:25:40 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/25 10:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/03/15 02:31:38 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2008/01/29 16:09:02 | 00,394,704 | ---- | M] (Symantec, Inc.) -- C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2007/10/11 08:45:56 | 00,051,712 | ---- | M] (ArcSoft) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007/05/25 17:41:38 | 00,537,520 | ---- | M] ( ) -- C:\Windows\SysWow64\lxddcoms.exe -- (lxdd_device)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {4C0766D3-67A7-45a3-85A2-752F77312F32}:4.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.6

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/12/26 15:02:52 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{4C0766D3-67A7-45a3-85A2-752F77312F32}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2009/12/26 15:02:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2009/12/26 15:02:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/12/26 14:58:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/12/30 20:23:04 | 00,000,000 | ---D | M]

[2009/12/26 15:18:06 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\Mozilla\Extensions
[2009/11/24 21:25:54 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/19 10:22:47 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/01/08 09:38:02 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\Mozilla\Firefox\Profiles\dftghkbn.default\extensions
[2009/12/26 15:18:08 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\Mozilla\Firefox\Profiles\dftghkbn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/26 17:15:21 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/12/26 14:58:46 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/12/17 17:45:12 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2009/12/17 17:45:12 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2009/12/17 17:45:16 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2009/12/17 17:45:23 | 00,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/12/17 17:45:23 | 00,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml
[2009/12/17 17:45:23 | 00,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/12/17 17:45:23 | 00,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml
[2009/12/17 17:45:23 | 00,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2009/11/24 21:26:42 | 00,002,422 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\safesearch.xml
[2009/12/17 17:45:23 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/12/17 17:45:23 | 00,000,792 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (761 bytes) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll File not found
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\CoIEPlg.dll (Symantec Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [lxddamon] C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe ()
O4:64bit: - HKLM..\Run: [lxddmon.exe] C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [wcmdmgr] C:\Windows\wt\updater\wcmdmgrl.exe (WildTangent, Inc.)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\Jackie\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Jackie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyPoker\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyPoker\PartyPoker\RunApp.exe File not found
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo1.walgre...eensActivia.cab (Snapfish Activia)
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.s...abs/tgctlcm.cab (Symantec Configuration Class)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro2.cce....ads/sysinfo.cab (SysData Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2009/07/14 04:20:14 | 00,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008/01/21 04:08:35 | 00,000,000 | ---D | M]
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/01/02 14:46:39 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/01/02 14:46:36 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/12/30 23:33:54 | 00,000,000 | ---D | C] -- C:\lexmark
[2009/12/27 03:05:38 | 00,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2009/12/27 03:05:38 | 00,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2009/12/26 23:38:31 | 00,000,000 | ---D | C] -- C:\Windows\Panther
[2009/12/26 23:18:13 | 00,000,000 | -H-D | C] -- C:\$WINDOWS.~Q
[2009/12/26 23:10:36 | 00,000,000 | -H-D | C] -- C:\$INPLACE.~TR
[2009/12/26 21:09:16 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009/12/26 18:38:00 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Wise Registry Cleaner
[2009/12/26 18:25:34 | 00,000,000 | ---D | C] -- C:\Users\Jackie\AppData\Roaming\Uniblue
[2009/12/26 18:25:00 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2009/12/26 17:53:37 | 00,327,704 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\drivers\lvrs64.sys
[2009/12/26 16:39:58 | 00,000,000 | ---D | C] -- C:\Users\Jackie\AppData\Roaming\Skype
[2009/12/26 16:39:21 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2009/12/26 16:39:20 | 00,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2009/12/26 15:56:02 | 00,000,000 | -HSD | C] -- C:\Recovery
[2009/12/26 14:50:51 | 00,000,000 | --SD | C] -- C:\Users\Jackie\AppData\Roaming\Microsoft
[2009/12/26 14:50:51 | 00,000,000 | R--D | C] -- C:\Users\Jackie\Videos
[2009/12/26 14:50:51 | 00,000,000 | R--D | C] -- C:\Users\Jackie\Saved Games
[2009/12/26 14:50:51 | 00,000,000 | R--D | C] -- C:\Users\Jackie\Pictures
[2009/12/26 14:50:51 | 00,000,000 | R--D | C] -- C:\Users\Jackie\Music
[2009/12/26 14:50:51 | 00,000,000 | R--D | C] -- C:\Users\Jackie\Links
[2009/12/26 14:50:51 | 00,000,000 | R--D | C] -- C:\Users\Jackie\Favorites
[2009/12/26 14:50:51 | 00,000,000 | R--D | C] -- C:\Users\Jackie\Downloads
[2009/12/26 14:50:51 | 00,000,000 | R--D | C] -- C:\Users\Jackie\Documents
[2009/12/26 14:50:51 | 00,000,000 | R--D | C] -- C:\Users\Jackie\Desktop
[2009/12/26 14:50:51 | 00,000,000 | -HSD | C] -- C:\Users\Jackie\AppData\Local\Temporary Internet Files
[2009/12/26 14:50:51 | 00,000,000 | -HSD | C] -- C:\Users\Jackie\Templates
[2009/12/26 14:50:51 | 00,000,000 | -HSD | C] -- C:\Users\Jackie\Start Menu
[2009/12/26 14:50:51 | 00,000,000 | -HSD | C] -- C:\Users\Jackie\SendTo
[2009/12/26 14:50:51 | 00,000,000 | -HSD | C] -- C:\Users\Jackie\Recent
[2009/12/26 14:50:51 | 00,000,000 | -HSD | C] -- C:\Users\Jackie\PrintHood
[2009/12/26 14:50:51 | 00,000,000 | -HSD | C] -- C:\Users\Jackie\NetHood
[2009/12/26 14:50:51 | 00,000,000 | -HSD | C] -- C:\Users\Jackie\Documents\My Videos
[2009/12/26 14:50:51 | 00,000,000 | -HSD | C] -- C:\Users\Jackie\Documents\My Pictures
[2009/12/26 14:50:51 | 00,000,000 | -HSD | C] -- C:\Users\Jackie\Documents\My Music
[2009/12/26 14:50:51 | 00,000,000 | -HSD | C] -- C:\Users\Jackie\My Documents
[2009/12/26 14:50:51 | 00,000,000 | -HSD | C] -- C:\Users\Jackie\Local Settings
[2009/12/26 14:50:51 | 00,000,000 | -HSD | C] -- C:\Users\Jackie\AppData\Local\History
[2009/12/26 14:50:51 | 00,000,000 | -HSD | C] -- C:\Users\Jackie\Cookies
[2009/12/26 14:50:51 | 00,000,000 | -HSD | C] -- C:\Users\Jackie\Application Data
[2009/12/26 14:50:51 | 00,000,000 | -HSD | C] -- C:\Users\Jackie\AppData\Local\Application Data
[2009/12/26 14:50:51 | 00,000,000 | -H-D | C] -- C:\Users\Jackie\AppData
[2009/12/26 14:50:51 | 00,000,000 | ---D | C] -- C:\Users\Jackie\AppData\Local\Temp
[2009/12/26 14:50:51 | 00,000,000 | ---D | C] -- C:\Users\Jackie\AppData\Local\Microsoft
[2009/12/26 14:50:51 | 00,000,000 | ---D | C] -- C:\Users\Jackie\AppData\Roaming\Media Center Programs
[2009/12/26 14:44:42 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
[2009/12/26 14:43:46 | 00,539,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvuninst.exe
[2009/12/26 14:43:34 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2009/12/26 14:43:34 | 00,000,000 | ---D | C] -- C:\Program Files\Realtek
[2009/12/26 14:40:45 | 00,000,000 | ---D | C] -- C:\Windows\Prefetch
[2008/07/21 19:08:02 | 00,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddpmui.dll
[2008/07/21 19:08:02 | 00,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddinpa.dll
[2008/07/21 19:08:02 | 00,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddiesc.dll
[2008/07/21 19:08:01 | 01,232,896 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddserv.dll
[2008/07/21 19:08:01 | 00,999,424 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddusb1.dll
[2008/07/21 19:08:01 | 00,700,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddhbn3.dll
[2008/07/21 19:08:01 | 00,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddcomc.dll
[2008/07/21 19:08:01 | 00,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddlmpm.dll
[2008/07/21 19:08:01 | 00,425,984 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddcomm.dll
[2008/07/21 19:08:01 | 00,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddprox.dll
[2008/07/21 19:08:01 | 00,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddpplc.dll

========== Files - Modified Within 14 Days ==========

[2010/01/08 18:25:22 | 03,145,728 | -HS- | M] () -- C:\Users\Jackie\NTUSER.DAT
[2010/01/08 18:12:24 | 03,448,748 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1101000.013\Cat.DB
[2010/01/08 17:35:40 | 00,009,504 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/08 17:35:40 | 00,009,504 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/08 17:32:27 | 00,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/01/08 17:32:27 | 00,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/01/08 17:32:27 | 00,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/01/08 17:28:01 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/08 17:27:56 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/08 17:27:54 | 00,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2010/01/08 17:27:51 | 38,141,0913 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/01/08 17:27:49 | 16,094,74048 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/08 00:39:07 | 01,266,007 | -H-- | M] () -- C:\Users\Jackie\AppData\Local\IconCache.db
[2010/01/04 21:18:10 | 00,000,690 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Jackie.job
[2009/12/30 23:36:15 | 00,069,192 | ---- | M] () -- C:\Windows\SysNative\LexFiles.ulf
[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/12/30 14:55:06 | 00,022,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2009/12/29 07:23:28 | 00,001,031 | ---- | M] () -- C:\Users\Jackie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2009/12/29 00:45:51 | 00,524,288 | -HS- | M] () -- C:\Users\Jackie\NTUSER.DAT{2e161dba-f389-11de-9238-001fc6ec2939}.TMContainer00000000000000000002.regtrans-ms
[2009/12/29 00:45:51 | 00,524,288 | -HS- | M] () -- C:\Users\Jackie\NTUSER.DAT{2e161dba-f389-11de-9238-001fc6ec2939}.TMContainer00000000000000000001.regtrans-ms
[2009/12/29 00:45:51 | 00,065,536 | -HS- | M] () -- C:\Users\Jackie\NTUSER.DAT{2e161dba-f389-11de-9238-001fc6ec2939}.TM.blf
[2009/12/28 21:29:46 | 00,120,176 | ---- | M] () -- C:\Users\Jackie\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/12/27 09:00:45 | 03,053,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2009/12/26 23:38:18 | 00,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009/12/26 19:06:50 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2009/12/26 16:41:41 | 00,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2009/12/26 15:56:09 | 00,000,020 | -HS- | M] () -- C:\Users\Jackie\ntuser.ini
[2009/12/26 15:38:36 | 00,041,962 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2009/12/26 15:38:36 | 00,041,962 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2009/12/26 15:28:04 | 00,022,744 | ---- | M] () -- C:\Windows\SysNative\emptyregdb.dat
[2009/12/26 14:50:52 | 00,524,288 | -HS- | M] () -- C:\Users\Jackie\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2009/12/26 14:50:52 | 00,524,288 | -HS- | M] () -- C:\Users\Jackie\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2009/12/26 14:50:52 | 00,065,536 | -HS- | M] () -- C:\Users\Jackie\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2009/12/26 14:42:23 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2009/12/26 14:03:36 | 00,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/26 14:03:36 | 00,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/26 13:11:23 | 00,001,890 | ---- | M] () -- C:\Windows\diagwrn.xml
[2009/12/26 13:11:23 | 00,001,890 | ---- | M] () -- C:\Windows\diagerr.xml

========== Files Created - No Company Name ==========

[2009/12/29 07:23:27 | 00,001,031 | ---- | C] () -- C:\Users\Jackie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2009/12/28 21:29:46 | 00,120,176 | ---- | C] () -- C:\Users\Jackie\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/12/28 09:16:17 | 00,524,288 | -HS- | C] () -- C:\Users\Jackie\NTUSER.DAT{2e161dba-f389-11de-9238-001fc6ec2939}.TMContainer00000000000000000002.regtrans-ms
[2009/12/28 09:16:17 | 00,524,288 | -HS- | C] () -- C:\Users\Jackie\NTUSER.DAT{2e161dba-f389-11de-9238-001fc6ec2939}.TMContainer00000000000000000001.regtrans-ms
[2009/12/28 09:16:17 | 00,065,536 | -HS- | C] () -- C:\Users\Jackie\NTUSER.DAT{2e161dba-f389-11de-9238-001fc6ec2939}.TM.blf
[2009/12/26 19:06:50 | 00,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2009/12/26 17:53:37 | 00,034,068 | ---- | C] () -- C:\Windows\SysNative\Repository.reg
[2009/12/26 17:15:56 | 01,266,007 | -H-- | C] () -- C:\Users\Jackie\AppData\Local\IconCache.db
[2009/12/26 16:41:41 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/26 15:56:09 | 00,000,020 | -HS- | C] () -- C:\Users\Jackie\ntuser.ini
[2009/12/26 15:52:44 | 16,094,74048 | -HS- | C] () -- C:\hiberfil.sys
[2009/12/26 15:28:04 | 00,022,744 | ---- | C] () -- C:\Windows\SysNative\emptyregdb.dat
[2009/12/26 14:50:51 | 03,145,728 | -HS- | C] () -- C:\Users\Jackie\NTUSER.DAT
[2009/12/26 14:50:51 | 00,524,288 | -HS- | C] () -- C:\Users\Jackie\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2009/12/26 14:50:51 | 00,524,288 | -HS- | C] () -- C:\Users\Jackie\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2009/12/26 14:50:51 | 00,065,536 | -HS- | C] () -- C:\Users\Jackie\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2009/12/26 14:44:47 | 00,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2009/12/26 14:43:28 | 00,009,504 | -H-- | C] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/26 14:43:28 | 00,009,504 | -H-- | C] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/26 14:42:23 | 00,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2009/12/26 12:40:38 | 00,001,890 | ---- | C] () -- C:\Windows\diagwrn.xml
[2009/12/26 12:40:38 | 00,001,890 | ---- | C] () -- C:\Windows\diagerr.xml
[2009/12/23 14:21:57 | 00,000,006 | -HS- | C] () -- C:\Users\Jackie\AppData\Roaming\desktop.ini
[2009/11/06 10:58:04 | 00,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/10/20 11:03:48 | 00,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/07/14 06:32:39 | 00,043,318 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2009/07/14 06:32:39 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 06:32:39 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 06:32:39 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 05:54:24 | 00,000,174 | -HS- | C] () -- C:\Program Files (x86)\desktop.ini
[2009/07/14 03:35:42 | 00,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini
[2009/07/14 03:34:57 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2009/07/14 00:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 00,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/04/19 22:28:48 | 00,023,892 | ---- | C] () -- C:\Users\Jackie\AppData\Roaming\UserTile.png
[2008/12/10 19:22:42 | 00,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2008/10/07 08:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 08:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/07/21 19:08:02 | 00,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxddcomx.dll
[2008/07/21 19:08:02 | 00,286,720 | ---- | C] () -- C:\Windows\SysWow64\LXDDinst.dll
[2008/07/12 01:45:25 | 00,002,354 | ---- | C] () -- C:\Users\Jackie\AppData\Roaming\wklnhst.dat
[2008/07/08 05:42:31 | 00,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008/07/08 05:42:31 | 00,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2006/11/02 13:34:27 | 00,000,255 | ---- | C] () -- C:\Windows\win.ini
[1999/11/11 01:39:00 | 00,481,792 | ---- | C] () -- C:\Windows\SysWow64\RFFTW2dll.dll
[1997/11/10 15:18:48 | 00,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll

========== LOP Check ==========

[2009/12/28 22:20:56 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\Adobe
[2009/12/26 15:17:32 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\Atari
[2010/01/06 15:11:58 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\BitTorrent
[2009/12/26 15:17:38 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\CyberLink
[2009/12/26 15:17:39 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\DAEMON Tools
[2009/12/26 15:17:39 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\DivX
[2010/01/08 18:28:15 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\DNA
[2009/12/26 15:17:39 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\DriverCure
[2009/12/26 15:17:39 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\funkitron
[2009/12/26 15:17:39 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\Gamelab
[2009/12/26 15:17:39 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\Google
[2009/12/26 15:17:39 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\hewlett-packard
[2009/12/26 15:17:39 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\HP TCS
[2009/12/26 22:24:03 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\Identities
[2009/12/26 15:17:39 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\ImTOO Software Studio
[2009/12/26 15:17:39 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\IMVU Previewer
[2009/12/26 15:17:40 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\iWin
[2009/12/26 15:17:40 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\Leadertech
[2009/12/26 15:17:40 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\Legends of pirates
[2009/12/26 15:17:40 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\Lexmark Productivity Studio
[2009/12/26 15:17:40 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\LimeWire
[2009/12/26 15:17:40 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\Macromedia
[2009/12/26 15:17:55 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\Malwarebytes
[2009/07/14 08:44:38 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\Media Center Programs
[2009/12/26 15:57:47 | 00,000,000 | --SD | M] -- C:\Users\Jackie\AppData\Roaming\Microsoft
[2009/12/26 15:18:06 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\Mozilla
[2009/12/26 15:18:08 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\muvee Technologies
[2009/12/26 15:18:08 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\Nokia
[2009/01/08 22:10:48 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\Panasonic
[2009/12/26 15:18:08 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\PC Suite
[2009/04/19 22:28:48 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\PeerNetworking
[2009/12/26 15:18:09 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\PlayFirst
[2009/12/26 15:18:09 | 00,000,000 | RH-D | M] -- C:\Users\Jackie\AppData\Roaming\SecuROM
[2010/01/03 16:32:33 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\Skype
[2010/01/03 16:17:08 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\skypePM
[2009/12/26 15:18:09 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\Smith Micro
[2009/12/26 15:18:09 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\Symantec
[2009/12/26 15:18:10 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\Template
[2009/12/26 15:18:10 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\Tific
[2009/12/26 15:18:10 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\U3
[2009/12/26 15:18:10 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\UClick
[2009/12/26 18:25:34 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\Uniblue
[2009/12/26 15:18:10 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\WinBatch
[2008/07/15 09:00:23 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\WinRAR
[2010/01/08 17:28:08 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\WTablet
[2009/12/26 15:18:10 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\Xenocode
[2009/12/26 15:18:11 | 00,000,000 | ---D | M] -- C:\Users\Jackie\AppData\Roaming\Yahoo!
[2010/01/04 21:18:10 | 00,000,690 | ---- | M] () -- C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Jackie.job
[2010/01/08 17:28:01 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 06:08:49 | 00,009,358 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009/07/14 02:52:21 | 00,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 02:52:21 | 00,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 02:52:21 | 00,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 02:52:21 | 00,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 02:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 02:40:20 | 00,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007/01/13 06:30:08 | 00,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll

< MD5 for: IASTORV.SYS >
[2009/07/14 02:48:04 | 00,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 02:48:04 | 00,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 02:41:52 | 00,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 02:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 02:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 02:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/14 02:45:45 | 00,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 02:45:45 | 00,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 02:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 02:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 02:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 02:41:53 | 00,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 02:15:13 | 00,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtrans.dll
[2009/07/14 02:15:13 | 00,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtmsft.dll

< %systemroot%\Tasks\*.job /lockedfiles >
< End of report >

Thank you for your help.
  • 0

#4
chamber
Posted 09 January 2010 - 03:39 AM

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
I'm not seeing much in there, there is also the fact that you changed operating systems and the problem still persists would suggest more of a hardware problem.

I would also avoid registry cleaners like the plague. They are one of the biggest cons out there and will actually cause more problems that they are worth.

We will run a couple more scans and see what may be lurking.

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean


Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image

  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

  • 0

#5
SPC O'Donnell
Posted 10 January 2010 - 08:30 AM

SPC O'Donnell

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
I was unable to perform the online scan because it would stop about 10% in and not give a report. I have tried multiple times over the past days. Anything else you'd like me to try?
  • 0

#6
chamber
Posted 10 January 2010 - 01:04 PM

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Try this,

Please download AVP Tool by Kaspersky.

  • Save it to your desktop.
  • Reboot your computer into SafeMode.

You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder. Click Next.
  • Hit ok at the prompt for scanning in Safe Mode.
  • It will then open a box. There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.


  • System Memory
  • Startup Objects
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)


After that click on Security level then choose Customize, click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then ok. Choose OK again to go back to the main screen.

  • Click on Scan at the top right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then choose the delete option when prompted.
  • After that is done click on the reports button at the bottom and save it as Kas to the desktop
  • Post only the detected Virus\malware in the report, it will be at the very top under Detected

Note: This tool will self uninstall when you close it so please remember to save the log before closing it.


  • 0

#7
SPC O'Donnell
Posted 11 January 2010 - 04:29 AM

SPC O'Donnell

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Here is the report from the AVP Tool:

Autoscan: completed 3 minutes ago (events: 5, objects: 393651, time: 01:53:37)
1/11/2010 9:25:35 AM Task started
1/11/2010 10:00:15 AM Detected: HEUR:Trojan.Win32.Generic C:\Program Files (x86)\DNA\btdna.exe
1/11/2010 10:00:15 AM Untreated: HEUR:Trojan.Win32.Generic C:\Program Files (x86)\DNA\btdna.exe Postponed
1/11/2010 11:18:16 AM Detected: HEUR:Trojan.Win32.Generic C:\Program Files (x86)\DNA\btdna.exe
1/11/2010 11:19:12 AM Task completed

Anything else you need me to do?
  • 0

#8
chamber
Posted 11 January 2010 - 04:39 AM

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Nothing in there then.

I do not think that the problem is malware related.

I would create a new thread HERE and explain your problem. Let them know that you have been through this process and I have said that you are clean. Provide a link to this thread.

Lets clean up the tools we used then.

Clean up

Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Browsers

Just because your computer came loaded with Internet Explorer doesn't mean that you have to use it, there are other free alternatives, FIREFOX and OPERA, both are free to use and are more secure than IE.

If you are using firefox you can stay more secure by adding NoScript and WOT (Web Of Trust)

NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT (Web Of Trust) has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

Additional Security Measures

Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

SpywareBlaster- SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

You should have a good anti spyware program - We recommend MalwareBytes Anti-Malware and SUPERAntiSpyware

MVPS Hosts file The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer

Winpatrol Download and install the free version of Winpatrol. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.

Spring Cleaning

TFC - Temp File Cleaner by OldTimer - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders

Auslogics Disc Defrag or JKDefrag - Two good disc defragmenters for you to choose from.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place
  • 0

#9
SPC O'Donnell
Posted 11 January 2010 - 10:41 AM

SPC O'Donnell

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Thank you for your help. I'll follow your advice and post my situation in the other thread. Thanks again for your assistance.
  • 0

#10
chamber
Posted 11 January 2010 - 10:56 AM

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Ok,

If you would please post back the location of the new thread into this post I will try and get it answered for you.
  • 0

#11
SPC O'Donnell
Posted 11 January 2010 - 11:22 AM

SPC O'Donnell

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Thanks again, chamber.

Here is the link for my new thread: http://www.geekstogo...on-t264796.html
  • 0

#12
chamber
Posted 11 January 2010 - 01:24 PM

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Have asked for assistance for you.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP