Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Cannot remove Facemoods from Computer


  • Please log in to reply

#1
#1MIfan

#1MIfan

    Member

  • Member
  • PipPipPip
  • 133 posts
I am so ticked! One of my stepsons sons has downloaded this program called Facemoods. It is a FF add-on that lets the user use emoticons when they are chatting on Facebook. Ever since it has been downloaded, whenever I type an address into the address bar, it starts an enhanced search by Facemoods.com. Also, whenever I open a new tab in FF, Facemoods is the start page. This still persists even though I have uninstalled it from the list of FF add-ons, and uninstalled Facemoods from the the list of programs running on my computer. I scanned with both HJT and OTL to see if it was still on the machine, and there are two HJT entries related to Facemoods, while OTL did not pick anything up. I don't know if this is tied to any malware or not, but I would think that something that is still on a machine despite many attempts to remove it is any good. I know that we do not use HJT this, but I posted the log so that you can get a look at the entry, along with a OTL log. Thank you.




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:30:59 PM, on 5/3/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe
C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Cyberlink\PlayMovie\PMVService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
C:\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...rio&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...rio&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...rio&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Games Bar 1 Toolbar - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files\Games_Bar_1\tbGame.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: Games Bar 1 Toolbar - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files\Games_Bar_1\tbGame.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [PCMAgent] "c:\Program Files\CyberLink\PowerCinema\PCMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "c:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "c:\Program Files\CyberLink\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [Sprint SmartView] "C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe" -a
O4 - HKLM\..\Run: [RDVCHG] "C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
O4 - HKCU\..\Run: [EPSON NX300 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEJA.EXE /FU "C:\Windows\TEMP\E_S4625.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON NX300 Series (Copy 2)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEJA.EXE /FU "C:\Windows\TEMP\E_SF4BA.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON NX300 Series (Copy 3)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEJA.EXE /FU "C:\Windows\TEMP\E_S16EA.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON NX300 Series (Copy 1)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEJA.EXE /FU "C:\Windows\TEMP\E_S2C38.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll C:\Windows\system32\guard32.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Sprint Con App Svc (CASprint) - SmithMicro Inc. - C:\Program Files\Sprint\Sprint SmartView\ConAppsSvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: Sprint RcAppSvc (SprintRcAppSvc) - SmithMicro Inc. - C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10586 bytes





OTL logfile created on: 5/3/2010 7:46:41 PM - Run 4
OTL by OldTimer - Version 3.1.28.0 Folder = c:\Users\Jamie\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.32 Gb Total Space | 155.62 Gb Free Space | 70.00% Space Free | Partition Type: NTFS
Drive D: | 10.56 Gb Total Space | 1.43 Gb Free Space | 13.58% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JAMIE-PC
Current User Name: Jamie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/21 08:57:38 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/04/21 08:57:35 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/03 19:14:13 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/04/02 08:58:16 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/25 18:42:36 | 000,388,096 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
PRC - [2010/03/12 10:50:44 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/12 10:50:42 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/12 10:50:13 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/03/12 10:50:13 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/02/18 02:54:01 | 000,549,376 | ---- | M] (OldTimer Tools) -- c:\Users\Jamie\Downloads\OTL.exe
PRC - [2010/02/15 19:07:02 | 000,141,608 | ---- | M] (Apple Inc.) -- C:\iTunesHelper.exe
PRC - [2010/02/15 19:06:48 | 000,545,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2010/01/28 18:27:39 | 000,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2010/01/28 18:27:36 | 001,800,464 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/09/10 17:04:50 | 000,316,736 | ---- | M] (C-motech Co.,Ltd) -- C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
PRC - [2009/08/28 20:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/08/21 03:22:44 | 000,408,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
PRC - [2009/08/05 12:27:00 | 001,644,088 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
PRC - [2009/03/17 14:25:40 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008/12/12 12:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/28 23:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/09 08:56:48 | 000,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
PRC - [2008/09/23 07:50:54 | 000,256,536 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2008/09/23 07:50:50 | 000,154,136 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2008/09/23 07:50:42 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2008/09/15 14:34:46 | 000,196,608 | ---- | M] (CyberLink) -- C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe
PRC - [2008/09/15 14:34:38 | 000,143,360 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe
PRC - [2008/09/04 04:34:46 | 000,403,968 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2008/08/29 21:15:38 | 000,172,032 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Cyberlink\PlayMovie\PMVService.exe
PRC - [2008/08/25 04:57:21 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2008/01/20 19:35:20 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/20 19:34:48 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008/01/20 19:32:59 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
PRC - [2007/05/08 17:24:20 | 000,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2007/04/18 08:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe


========== Modules (SafeList) ==========

MOD - [2010/03/12 10:50:44 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2010/02/28 11:19:21 | 000,171,552 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll
MOD - [2010/02/18 02:54:01 | 000,549,376 | ---- | M] (OldTimer Tools) -- c:\Users\Jamie\Downloads\OTL.exe
MOD - [2008/01/20 19:33:14 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Norton Internet Security)
SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2010/03/12 10:50:42 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/12 10:50:13 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/02/15 19:06:48 | 000,545,576 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2010/01/28 18:27:39 | 000,723,632 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/09/10 17:04:50 | 000,120,128 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe -- (SprintRcAppSvc)
SRV - [2009/09/10 17:04:00 | 000,124,224 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\Sprint\Sprint SmartView\ConAppsSvc.exe -- (CASprint)
SRV - [2009/08/28 20:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/08/24 05:16:12 | 000,378,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/03/17 14:25:40 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2008/12/12 12:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/09 08:56:48 | 000,094,208 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2008/09/04 04:34:46 | 000,403,968 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\DRIVERS\xaudio.exe -- (XAudioService)
SRV - [2008/05/05 15:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/01/20 19:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2010/04/21 08:57:35 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/12 10:50:44 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/12 10:50:13 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/02/28 11:19:18 | 000,130,960 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2010/01/28 18:27:41 | 000,074,328 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2010/01/28 18:27:41 | 000,029,520 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2009/09/10 16:48:30 | 000,171,400 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)
DRV - [2009/09/10 16:48:30 | 000,142,848 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmx00.sys -- (swmx00) Sierra Wireless USB MUX Driver (#00)
DRV - [2009/09/10 16:48:30 | 000,028,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2009/09/10 16:48:24 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2009/09/10 16:48:18 | 000,038,680 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctnullport.sys -- (Nmea)
DRV - [2009/09/10 16:46:46 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2009/08/28 20:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/05/18 15:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/03/31 12:57:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/09/24 10:31:06 | 002,171,672 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/09/10 05:48:20 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/09/10 05:47:18 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/09/10 05:46:22 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/09/09 17:58:08 | 000,020,640 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\PC-Doctor for Windows\pcd5srvc.pkms -- (PCD5SRVC{BD6912E3-AC9D80E8-05040000})
DRV - [2008/09/04 04:34:34 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/09/02 06:17:10 | 002,472,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/08/06 09:26:08 | 000,124,928 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/01/20 19:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 19:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 19:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 19:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 19:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 19:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 19:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 19:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 19:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 19:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 19:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 19:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 19:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 19:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 19:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 19:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 19:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 19:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 19:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 19:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 19:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 19:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 19:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 19:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 19:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/01 23:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/06/19 07:26:58 | 000,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...rio&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...rio&pf=cndt
IE - HKLM\..\URLSearchHook: {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files\Games_Bar_1\tbGame.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...rio&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: *{bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.comcast.net"
FF - prefs.js..extensions.enabledItems: {405e2f6c-b9b8-4515-a69c-e375d7156c86}:0.1.5
FF - prefs.js..extensions.enabledItems: {38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}:1.0.3.105
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.7
FF - prefs.js..keyword.URL: "http://start.facemoo...=5&a=fbpage&q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/03 19:14:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/02 09:37:55 | 000,000,000 | ---D | M]

[2010/03/03 21:48:44 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\Mozilla\Extensions
[2010/03/03 21:48:44 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/05/03 19:04:29 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\hs606s74.default\extensions
[2010/01/29 01:05:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\hs606s74.default\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}
[2010/02/26 21:00:30 | 000,000,000 | ---D | M] () -- C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\hs606s74.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}
[2010/01/28 18:21:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\hs606s74.default\extensions\{405e2f6c-b9b8-4515-a69c-e375d7156c86}
[2010/04/30 20:42:15 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\hs606s74.default\extensions\[email protected]
[2010/05/03 15:58:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/19 14:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/19 14:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2010/03/10 08:00:26 | 000,002,025 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - Reg Error: Value error. File not found
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Games Bar 1 Toolbar) - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files\Games_Bar_1\tbGame.dll (Conduit Ltd.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll File not found
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Games Bar 1 Toolbar) - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files\Games_Bar_1\tbGame.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Games Bar 1 Toolbar) - {BC04B34E-5DD8-465A-A5E0-86F7C11BC009} - C:\Program Files\Games_Bar_1\tbGame.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [CLMLServer] c:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [PCMAgent] c:\Program Files\CyberLink\PowerCinema\PCMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PlayMovie] c:\Program Files\CyberLink\PlayMovie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RDVCHG] C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe (C-motech Co.,Ltd)
O4 - HKLM..\Run: [Sprint SmartView] C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe (Sprint)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON NX300 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEJA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [EPSON NX300 Series (Copy 1)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEJA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [EPSON NX300 Series (Copy 2)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEJA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [EPSON NX300 Series (Copy 3)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEJA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Jamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: 26 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.77.134 68.87.72.134
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img27.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img27.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{43dc7cba-163f-11df-b7a6-92862646bca0}\Shell - "" = AutoRun
O33 - MountPoints2\{43dc7cba-163f-11df-b7a6-92862646bca0}\Shell\AutoRun\command - "" = J:\WIN\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/03 16:42:47 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/28 15:39:05 | 000,000,000 | ---D | C] -- C:\Program Files\AV7
[2010/04/22 09:48:35 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\Adobe
[2010/04/20 22:18:48 | 000,000,000 | ---D | C] -- C:\Users\Jamie\Documents\tim
[2010/04/18 15:47:28 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/04/16 14:01:01 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\Apple
[2010/04/13 19:34:36 | 003,598,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/04/13 19:34:34 | 003,545,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/04/13 19:33:26 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/04/13 19:31:59 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/04/06 12:06:42 | 000,000,000 | ---D | C] -- C:\Program Files\Carbonite
[2010/04/06 12:05:52 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/04/06 12:05:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/04/06 12:05:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

========== Files - Modified Within 30 Days ==========

[2010/05/03 19:51:15 | 002,621,440 | -HS- | M] () -- C:\Users\Jamie\NTUSER.DAT
[2010/05/03 19:51:15 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CA1D260A-E7F3-4440-ABC6-CFE6F2252E6D}.job
[2010/05/03 19:50:15 | 001,474,832 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat
[2010/05/03 19:45:42 | 000,000,162 | -H-- | M] () -- C:\Users\Jamie\Documents\~$am so ticked.docx
[2010/05/03 19:42:44 | 000,002,523 | ---- | M] () -- C:\Users\Jamie\Desktop\HiJackThis.lnk
[2010/05/03 19:35:29 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/03 19:35:29 | 000,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/03 19:35:29 | 000,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/03 19:32:31 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/03 19:32:31 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/03 19:30:35 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/03 19:30:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/03 19:30:21 | 2136,137,728 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/03 19:28:59 | 000,524,288 | -HS- | M] () -- C:\Users\Jamie\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2010/05/03 19:28:59 | 000,065,536 | -HS- | M] () -- C:\Users\Jamie\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2010/05/03 19:28:29 | 002,055,231 | -H-- | M] () -- C:\Users\Jamie\AppData\Local\IconCache.db
[2010/05/03 19:27:20 | 000,010,549 | ---- | M] () -- C:\Users\Jamie\Documents\I am so ticked.docx
[2010/05/03 18:15:26 | 059,541,867 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/05/03 15:50:53 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2010/05/02 09:38:00 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/04/28 16:13:03 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJamie.job
[2010/04/27 13:38:10 | 000,012,196 | ---- | M] () -- C:\Users\Jamie\Documents\The thing that struck me the most with this class is that we had read two accounts of American history by authors that had opposing views on them.docx
[2010/04/27 13:33:02 | 000,635,992 | ---- | M] () -- C:\Users\Jamie\Documents\Malware 101.pptx
[2010/04/23 09:47:45 | 000,011,392 | ---- | M] () -- C:\Users\Jamie\Documents\Jamie Cooks sociologty 380 question 1.docx
[2010/04/22 17:35:42 | 000,011,891 | ---- | M] () -- C:\Users\Jamie\Documents\Jamie Cooks sociology 380 final question 6.docx
[2010/04/21 20:11:34 | 000,080,544 | ---- | M] () -- C:\Users\Jamie\Documents\soicioligy.xps
[2010/04/21 20:11:29 | 000,083,168 | ---- | M] () -- C:\Users\Jamie\Documents\sociology.xps
[2010/04/21 20:10:31 | 000,082,759 | ---- | M] () -- C:\Users\Jamie\Documents\soiciology.xps
[2010/04/21 20:09:55 | 000,080,260 | ---- | M] () -- C:\Users\Jamie\Documents\sociaology.xps
[2010/04/21 08:57:35 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/04/21 00:41:55 | 001,482,752 | ---- | M] () -- C:\Users\Jamie\Documents\Care4Pets.accdb
[2010/04/20 22:19:22 | 000,266,850 | ---- | M] () -- C:\Users\Jamie\Documents\myspace message.xps
[2010/04/20 22:19:22 | 000,266,834 | ---- | M] () -- C:\Users\Jamie\Documents\tim.xps
[2010/04/19 20:47:03 | 000,017,408 | ---- | M] () -- C:\Users\Jamie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/19 15:17:16 | 000,720,896 | ---- | M] () -- C:\Users\Jamie\Documents\Cooks_JSP1-2.accdb
[2010/04/19 13:37:39 | 000,438,272 | ---- | M] () -- C:\Users\Jamie\Documents\Database1.accdb
[2010/04/14 01:04:19 | 000,011,581 | ---- | M] () -- C:\Users\Jamie\Documents\Why Can.docx
[2010/04/06 12:06:44 | 000,001,860 | ---- | M] () -- C:\Users\Public\Desktop\Carbonite Online Backup Setup.lnk
[2010/04/06 12:05:32 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010/04/06 12:05:32 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/04/06 12:05:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/04/06 12:05:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/04/06 12:00:59 | 017,644,184 | ---- | M] () -- C:\Users\Jamie\Documents\Unfiled Notes.one

========== Files Created - No Company Name ==========

[2010/05/03 19:45:42 | 000,000,162 | -H-- | C] () -- C:\Users\Jamie\Documents\~$am so ticked.docx
[2010/05/03 19:41:58 | 000,002,523 | ---- | C] () -- C:\Users\Jamie\Desktop\HiJackThis.lnk
[2010/05/03 19:27:18 | 000,010,549 | ---- | C] () -- C:\Users\Jamie\Documents\I am so ticked.docx
[2010/04/27 12:21:14 | 000,012,196 | ---- | C] () -- C:\Users\Jamie\Documents\The thing that struck me the most with this class is that we had read two accounts of American history by authors that had opposing views on them.docx
[2010/04/23 09:47:44 | 000,011,392 | ---- | C] () -- C:\Users\Jamie\Documents\Jamie Cooks sociologty 380 question 1.docx
[2010/04/22 19:51:10 | 000,635,992 | ---- | C] () -- C:\Users\Jamie\Documents\Malware 101.pptx
[2010/04/22 17:35:40 | 000,011,891 | ---- | C] () -- C:\Users\Jamie\Documents\Jamie Cooks sociology 380 final question 6.docx
[2010/04/21 20:11:34 | 000,080,544 | ---- | C] () -- C:\Users\Jamie\Documents\soicioligy.xps
[2010/04/21 20:11:28 | 000,083,168 | ---- | C] () -- C:\Users\Jamie\Documents\sociology.xps
[2010/04/21 20:10:30 | 000,082,759 | ---- | C] () -- C:\Users\Jamie\Documents\soiciology.xps
[2010/04/21 20:09:54 | 000,080,260 | ---- | C] () -- C:\Users\Jamie\Documents\sociaology.xps
[2010/04/20 22:19:18 | 000,266,850 | ---- | C] () -- C:\Users\Jamie\Documents\myspace message.xps
[2010/04/20 22:19:17 | 000,266,834 | ---- | C] () -- C:\Users\Jamie\Documents\tim.xps
[2010/04/19 13:40:35 | 001,482,752 | ---- | C] () -- C:\Users\Jamie\Documents\Care4Pets.accdb
[2010/04/18 22:44:31 | 000,438,272 | ---- | C] () -- C:\Users\Jamie\Documents\Database1.accdb
[2010/04/14 00:23:51 | 000,011,581 | ---- | C] () -- C:\Users\Jamie\Documents\Why Can.docx
[2010/04/06 15:34:05 | 000,720,896 | ---- | C] () -- C:\Users\Jamie\Documents\Cooks_JSP1-2.accdb
[2010/04/06 12:06:44 | 000,001,860 | ---- | C] () -- C:\Users\Public\Desktop\Carbonite Online Backup Setup.lnk
[2010/04/06 12:00:55 | 017,644,184 | ---- | C] () -- C:\Users\Jamie\Documents\Unfiled Notes.one
[2010/02/03 12:42:56 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/02/03 12:32:50 | 000,000,044 | ---- | C] () -- C:\Windows\EPSNX300.ini
[2010/01/31 22:44:00 | 000,017,408 | ---- | C] () -- C:\Users\Jamie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/28 18:35:06 | 000,000,680 | ---- | C] () -- C:\Users\Jamie\AppData\Local\d3d9caps.dat
[2010/01/28 18:31:58 | 000,000,120 | ---- | C] () -- C:\Windows\CIS_Setup_3.13.125662.579_XP_Vista_x32.INI
[2009/09/10 16:48:30 | 000,028,288 | ---- | C] () -- C:\Windows\System32\drivers\swmsflt.sys
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/11/22 18:45:59 | 000,000,108 | ---- | C] () -- C:\ProgramData\{2637C347-9DAD-11D6-9EA2-00055D0CA761}.log
[2008/11/22 18:29:24 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/11/22 18:29:24 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2008/11/22 18:18:58 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1554.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:5C321E34
< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,194 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c
***************************************************************************************************
:OTL
IE - HKCU\..\URLSearchHook: *{bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
FF - prefs.js..extensions.enabledItems: {405e2f6c-b9b8-4515-a69c-e375d7156c86}:0.1.5
FF - prefs.js..keyword.URL: "http://start.facemoo...=5&a=fbpage&q="
2010/01/28 18:21:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\hs606s74.default\extensions\{405e2f6c-b9b8-4515-a69c-e375d7156c86}
[2010/03/10 08:00:26 | 000,002,025 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O33 - MountPoints2\{43dc7cba-163f-11df-b7a6-92862646bca0}\Shell - "" = AutoRun
O33 - MountPoints2\{43dc7cba-163f-11df-b7a6-92862646bca0}\Shell\AutoRun\command - "" = J:\WIN\setup.exe -- File not found


:Commands
[purity]
[emptytemp]
[Reboot]

*******************************************************************

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Reboot now, please :!:

Post Back (copy/paste the .txt files, do not use attachments)
After following the above, post back with:

OTL Log
MBAM log
Combofix log

Ron
  • 0

#3
#1MIfan

#1MIfan

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 133 posts
Hello, and thanx for responding! Here are my logs.


All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\*{bc04b34e-5dd8-465a-a5e0-86f7c11bc009} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\*{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: {405e2f6c-b9b8-4515-a69c-e375d7156c86}:0.1.5 removed from extensions.enabledItems
Prefs.js: "http://start.facemoo...=5&a=fbpage&q=" removed from keyword.URL
C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{43dc7cba-163f-11df-b7a6-92862646bca0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43dc7cba-163f-11df-b7a6-92862646bca0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{43dc7cba-163f-11df-b7a6-92862646bca0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43dc7cba-163f-11df-b7a6-92862646bca0}\ not found.
File J:\WIN\setup.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jamie
->Temp folder emptied: 36038938 bytes
->Temporary Internet Files folder emptied: 401276086 bytes
->Java cache emptied: 13368723 bytes
->FireFox cache emptied: 45226416 bytes
->Flash cache emptied: 287509 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 927608 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 474.00 mb


OTL by OldTimer - Version 3.2.4.1 log created on 05062010_230222



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4073

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18904

5/7/2010 2:08:53 AM
mbam-log-2010-05-07 (02-08-53).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 257979
Time elapsed: 1 hour(s), 54 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




ComboFix 10-05-06.01 - Jamie 05/06/2010 23:50:34.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2036.892 [GMT -7:00]
Running from: c:\users\Jamie\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AV7
c:\program files\AV7\antivirus7.exe.tmp1
c:\program files\AV7\antivirus7.exe.tmp2
c:\program files\AV7\antivirus7.exe.tmp3
c:\program files\AV7\antivirus7.exe.tmp4

.
((((((((((((((((((((((((( Files Created from 2010-04-07 to 2010-05-07 )))))))))))))))))))))))))))))))
.

2010-05-07 07:02 . 2010-05-07 07:02 -------- d-----w- c:\users\Jamie\AppData\Local\temp
2010-05-07 07:02 . 2010-05-07 07:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-07 06:02 . 2010-05-07 06:02 -------- d-----w- C:\_OTL
2010-05-07 05:57 . 2010-04-13 00:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-07 05:53 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-07 05:53 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-04 03:26 . 2010-05-04 03:26 388096 ----a-r- c:\users\Jamie\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-03 23:42 . 2010-05-03 23:42 -------- d-----w- c:\program files\Trend Micro
2010-04-22 16:48 . 2010-04-22 16:48 -------- d-----w- c:\users\Jamie\AppData\Local\Adobe
2010-04-21 15:57 . 2010-04-21 15:57 242696 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-04-21 15:56 . 2010-04-21 15:56 1689952 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-04-18 22:47 . 2010-04-18 22:47 -------- d-----w- c:\program files\NOS
2010-04-16 21:01 . 2010-04-16 21:01 -------- d-----w- c:\users\Jamie\AppData\Local\Apple
2010-04-15 20:01 . 2009-12-23 12:43 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 02:34 . 2010-02-23 11:32 78848 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 02:34 . 2010-02-23 11:32 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 02:34 . 2010-02-23 11:32 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 02:34 . 2010-02-18 14:49 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 02:34 . 2010-02-18 14:49 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 02:34 . 2010-02-18 14:49 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 02:34 . 2010-02-18 14:11 190464 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 02:34 . 2010-02-18 11:52 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 02:33 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 02:23 . 2010-01-15 00:04 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-09 16:06 . 2010-04-09 16:06 4255072 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-07 05:57 . 2008-11-23 01:57 -------- d-----w- c:\program files\Java
2010-05-07 05:53 . 2010-01-30 01:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-21 15:57 . 2010-01-29 00:25 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-18 22:47 . 2010-02-12 20:54 -------- d-----w- c:\programdata\NOS
2010-04-17 06:44 . 2010-01-29 01:23 -------- d-----w- c:\program files\SpywareBlaster
2010-04-14 10:08 . 2010-01-29 03:22 -------- d-----w- c:\programdata\Microsoft Help
2010-04-06 19:06 . 2010-04-06 19:06 -------- d-----w- c:\program files\Carbonite
2010-04-01 02:52 . 2010-04-01 02:52 -------- d-----w- c:\program files\Coupons
2010-03-31 22:32 . 2010-01-29 00:12 111744 ----a-w- c:\users\Jamie\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-31 21:33 . 2010-01-29 06:51 -------- d-----w- c:\users\Jamie\AppData\Roaming\GetRightToGo
2010-03-14 18:31 . 2010-03-14 18:29 -------- d-----w- c:\users\Jamie\AppData\Roaming\EPSON
2010-03-13 00:59 . 2008-11-23 01:57 -------- d-----w- c:\program files\Common Files\Java
2010-03-12 17:50 . 2010-03-12 17:50 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-12 17:50 . 2010-01-29 00:25 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-12 17:50 . 2010-01-29 00:25 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-07 18:04 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-02-28 18:19 . 2010-01-29 01:27 171552 ----a-w- c:\windows\system32\guard32.dll
2010-02-28 18:19 . 2010-01-29 01:27 130960 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2010-02-23 22:41 . 2010-02-27 04:00 151352 ----a-w- c:\users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\hs606s74.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}\plugins\npsoe.dll
2010-02-23 06:39 . 2010-04-01 02:04 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-04-01 02:04 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-04-01 02:04 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-04-01 02:04 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-17 01:49 . 2010-02-17 01:49 449536 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Data\GameData\ZoneData\_Shared\WorldData\Sound\Miles72a\mss32.dll
2010-02-17 01:49 . 2010-02-17 01:49 389120 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Data\GameData\ZoneData\_Shared\WorldData\Sound\Miles\mss32.dll
2010-02-16 02:41 . 2010-02-16 02:41 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-16 02:07 . 2010-02-16 02:07 294688 ----a-w- C:\iTunesOutlookAddIn.dll
2010-02-16 02:07 . 2010-02-16 02:07 292648 ----a-w- C:\iTunesPhotoProcessor.exe
2010-02-16 02:07 . 2010-02-16 02:07 384808 ----a-w- C:\iTunesAdmin.dll
2010-02-16 02:07 . 2010-02-16 02:07 211232 ----a-w- C:\iTunesHelper.dll
2010-02-16 02:07 . 2010-02-16 02:07 141608 ----a-w- C:\iTunesHelper.exe
2010-02-16 02:07 . 2010-02-16 02:07 124200 ----a-w- C:\iTunesMiniPlayer.dll
2010-02-16 02:06 . 2010-02-16 02:06 10358056 ----a-w- C:\iTunes.exe
2010-02-16 02:06 . 2010-02-16 02:06 15967016 ----a-w- C:\iTunes.dll
2010-02-16 02:06 . 2010-02-16 02:06 722160 ----a-w- C:\CDDBControlApple.dll
2010-02-16 02:06 . 2010-02-16 02:06 648480 ----a-w- C:\iPodUpdaterExt.dll
2010-02-12 20:55 . 2010-02-12 20:55 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-02-11 06:50 . 2010-01-29 00:14 12160056 ----a-w- c:\users\Jamie\AppData\Roaming\PictureMover\Bin\Core.dll
2010-02-11 06:50 . 2010-01-29 00:14 1699384 ----a-w- c:\users\Jamie\AppData\Roaming\PictureMover\EN-US\Presentation.dll
2008-11-23 01:18 . 2008-11-23 01:17 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 21:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}]
2009-12-31 19:53 2349080 ----a-w- c:\program files\Games_Bar_1\tbGame.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
"{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}"= "c:\program files\Games_Bar_1\tbGame.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
"{BC04B34E-5DD8-465A-A5E0-86F7C11BC009}"= "c:\program files\Games_Bar_1\tbGame.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-08-05 1644088]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-23 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-23 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-23 154136]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"PCMAgent"="c:\program files\CyberLink\PowerCinema\PCMAgent.exe" [2008-09-15 143360]
"CLMLServer"="c:\program files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe" [2008-09-15 196608]
"PlayMovie"="c:\program files\CyberLink\PlayMovie\PMVService.exe" [2008-08-30 172032]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2008-09-11 210216]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-01-29 1800464]
"Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2009-09-11 75072]
"RDVCHG"="c:\program files\Sprint\Sprint SmartView\RDVCHG.exe" [2009-09-11 316736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="C:\iTunesHelper.exe" [2010-02-16 141608]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-08-25 144784]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2010-03-09 283792]

c:\users\Jamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll c:\windows\System32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [x]
R3 CASprint;Sprint Con App Svc;c:\program files\Sprint\Sprint SmartView\ConAppsSvc.exe [2009-09-11 124224]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [2008-09-10 20640]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-12 216200]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-04-21 242896]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-02-28 130960]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-01-29 29520]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-03-12 916760]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-12 308064]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-04-28 c:\windows\Tasks\HPCeeScheduleForJamie.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-11-23 19:12]

2010-05-03 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-09-10 14:43]

2010-05-07 c:\windows\Tasks\User_Feed_Synchronization-{CA1D260A-E7F3-4440-ABC6-CFE6F2252E6D}.job
- c:\windows\system32\msfeedssync.exe [2010-04-01 04:54]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cndt
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\hs606s74.default\
FF - prefs.js: browser.startup.homepage - www.comcast.net
FF - plugin: c:\mozilla plugins\npitunes.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\hs606s74.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}\plugins\npsoe.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Coupon Printer for Windows5.0.0.0 - c:\program files\Coupons\uninstall.exe
AddRemove-sp44626 - c:\hp\Softpaq\sp44626\sp44626.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-07 00:02
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(648)
c:\windows\System32\guard32.dll

- - - - - - - > 'lsass.exe'(692)
c:\windows\System32\guard32.dll
.
Completion time: 2010-05-07 00:07:34
ComboFix-quarantined-files.txt 2010-05-07 07:07

Pre-Run: 168,178,319,360 bytes free
Post-Run: 168,332,025,856 bytes free

- - End Of File - - 6EA93D8D5313758490E7DE5554AB5DFD
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,194 posts
  • MVP
How is it doing now? Do you still have the problem?

Looks like you had Norton/Symantec on this thing once and as usual it did not completely uninstall.

Best to run the removal tool:

http://service1.syma...005033108162039

Ron
  • 0

#5
#1MIfan

#1MIfan

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 133 posts
Everything runs well, and no more facemoods :) Also, thanks for the Norton removal tool. It came with the machine, and it was driving me nuts because it kept bugging me to purchase it. I thought I had gotten rid of it, but apparently not.
Thanx a million.
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,194 posts
  • MVP
We need to clean up System Restore. Follow Jim's procedure here:
http://forum.aumha.o...581099691bf108f

I usually recommend a free BitDefender online scan as a final check to see if we missed anything. http://www.bitdefend...nline/free.html

You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\george.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

To hide hidden files again:

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.



You may not have the latest Java (6 update 20). Get the latest at:

http://www.java.com/...nload/index.jsp


Once you install it, go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

I recommend you install the free WinPatrol 2010 from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.

If you use USB drives you might want to install Autorun Eater v2.4.
http://oldmcdonald.w...orun-eater-v24/
Another small program which will stay resident and prevent an infected USB drive from infecting your PC.

If you use Firefox then get the AdBlock Plus Add-on.


If your current antivirus is not a paid up subscription you should dump it and install the free Avast
http://www.avast.com...avast-home.html


Ron
  • 0

#7
#1MIfan

#1MIfan

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 133 posts
Hello, sorry it took awhile, but it was pretty eventful weekend. Here is Bit Defender log.




QuickScan Beta 32-bit v0.9.9.21
-------------------------------
Scan date: Mon May 10 09:19:40 2010
Machine ID: 2832D98B



No infection found.
-------------------



Processes
---------
<unsigned> Billy The Goat 2880 C:\Program Files\Autorun Eater\billy.exe
<unsigned> CyberLink PlayMovie 3352 C:\Program Files\Cyberlink\PlayMovie\PMVService.exe
<unsigned> CyberLink PowerCinema 3316 C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe
<unsigned> LightScribe 1932 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
<unsigned> Old McDonald 3700 C:\Program Files\Autorun Eater\oldmcdonald.exe
<unsigned> ZooskMessenger.exe 3768 C:\Program Files\ZooskMessenger\ZooskMessenger.exe

<verified> hpwuSchd Application 3392 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
<verified> WinPatrol Monitor 3692 C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
<verified> Adobe Acrobat 3564 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
<verified> Apple Mobile Device Service 1192 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
<verified> Bonjour 1788 C:\Program Files\Bonjour\mDNSResponder.exe
<verified> C-motech Run Time Device Change 3436 C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
<verified> COMODO Internet Security 3412 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
<verified> COMODO Internet Security 936 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
<verified> CyberLink MediaLibray Service 3324 C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe
<verified> Firefox 2828 C:\Program Files\Mozilla Firefox\firefox.exe
<verified> HP Advisor 3736 C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
<verified> HP Health Check Service 820 C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
<verified> hpsysdrv Application 3180 C:\hp\support\hpsysdrv.exe
<verified> Intel® Common User Interface 3196 C:\Windows\System32\hkcmd.exe
<verified> Intel® Common User Interface 3220 C:\Windows\System32\igfxpers.exe
<verified> Intel® Common User Interface 3308 C:\Windows\system32\igfxsrvc.exe
<verified> iTunes 3660 C:\iTunesHelper.exe
<verified> iTunes 3916 C:\Program Files\iPod\bin\iPodService.exe
<verified> McAfee Security Scanner 3752 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
<verified> Microsoft Office OneNote 3760 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
<verified> Microsoft® .NET Framework 2380 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
<verified> Microsoft® Windows® Operating System 3844 C:\Program Files\Windows Media Player\wmpnetwk.exe
<verified> Microsoft® Windows® Operating System 3804 C:\Program Files\Windows Media Player\wmpnscfg.exe
<verified> Microsoft® Windows® Operating System 3724 C:\Program Files\Windows Sidebar\sidebar.exe
<verified> Microsoft® Windows® Operating System 2020 C:\Windows\Explorer.EXE
<verified> Microsoft® Windows® Operating System 1404 C:\Windows\servicing\TrustedInstaller.exe
<verified> Microsoft® Windows® Operating System 520 C:\Windows\system32\csrss.exe
<verified> Microsoft® Windows® Operating System 572 C:\Windows\system32\csrss.exe
<verified> Microsoft® Windows® Operating System 1996 C:\Windows\system32\Dwm.exe
<verified> Microsoft® Windows® Operating System 668 C:\Windows\system32\lsass.exe
<verified> Microsoft® Windows® Operating System 676 C:\Windows\system32\lsm.exe
<verified> Microsoft® Windows® Operating System 868 C:\Windows\system32\SearchFilterHost.exe
<verified> Microsoft® Windows® Operating System 2116 C:\Windows\system32\SearchIndexer.exe
<verified> Microsoft® Windows® Operating System 2264 C:\Windows\system32\SearchProtocolHost.exe
<verified> Microsoft® Windows® Operating System 648 C:\Windows\system32\services.exe
<verified> Microsoft® Windows® Operating System 1384 C:\Windows\system32\SLsvc.exe
<verified> Microsoft® Windows® Operating System 452 C:\Windows\System32\smss.exe
<verified> Microsoft® Windows® Operating System 1832 C:\Windows\System32\spoolsv.exe
<verified> Microsoft® Windows® Operating System 1480 C:\Windows\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 1920 C:\Windows\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1360 C:\Windows\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1268 C:\Windows\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1256 C:\Windows\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 1228 C:\Windows\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 1060 C:\Windows\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1004 C:\Windows\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 900 C:\Windows\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1180 C:\Windows\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 1440 C:\Windows\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 844 C:\Windows\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1768 C:\Windows\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 292 C:\Windows\system32\taskeng.exe
<verified> Microsoft® Windows® Operating System 1884 C:\Windows\system32\taskeng.exe
<verified> Microsoft® Windows® Operating System 2128 C:\Windows\system32\wbem\wmiprvse.exe
<verified> Microsoft® Windows® Operating System 2504 C:\Windows\system32\wbem\wmiprvse.exe
<verified> Microsoft® Windows® Operating System 564 C:\Windows\system32\wininit.exe
<verified> Microsoft® Windows® Operating System 612 C:\Windows\system32\winlogon.exe
<verified> Microsoft® Windows® Operating System 3732 C:\Windows\system32\wuauclt.exe
<verified> Microsoft® Windows® Operating System 2272 C:\Windows\system32\WUDFHost.exe
<verified> SoftK56 Modem Driver 2200 C:\Windows\system32\DRIVERS\xaudio.exe
<verified> Windows Defender 3172 C:\Program Files\Windows Defender\MSASCui.exe


Network activity
----------------
Process firefox.exe (2828) connected on port 80 (HTTP) --> 74.125.95.100
Process firefox.exe (2828) connected on port 80 (HTTP) --> 96.17.72.88
Process firefox.exe (2828) connected on port 80 (HTTP) --> 209.85.225.139
Process firefox.exe (2828) connected on port 80 (HTTP) --> 96.6.46.80
Process firefox.exe (2828) connected on port 80 (HTTP) --> 96.6.46.80
Process firefox.exe (2828) connected on port 80 (HTTP) --> 96.6.46.80
Process firefox.exe (2828) connected on port 80 (HTTP) --> 96.6.46.80
Process firefox.exe (2828) connected on port 80 (HTTP) --> 96.6.46.80
Process firefox.exe (2828) connected on port 80 (HTTP) --> 96.6.46.80
Process firefox.exe (2828) connected on port 80 (HTTP) --> 96.17.72.107
Process firefox.exe (2828) connected on port 80 (HTTP) --> 216.239.122.227
Process firefox.exe (2828) connected on port 80 (HTTP) --> 96.6.46.122
Process firefox.exe (2828) connected on port 80 (HTTP) --> 72.21.207.195
Process firefox.exe (2828) connected on port 80 (HTTP) --> 216.137.33.184
Process firefox.exe (2828) connected on port 80 (HTTP) --> 216.137.33.184
Process firefox.exe (2828) connected on port 80 (HTTP) --> 216.137.33.184
Process firefox.exe (2828) connected on port 80 (HTTP) --> 216.137.33.39
Process firefox.exe (2828) connected on port 80 (HTTP) --> 208.111.160.16
Process firefox.exe (2828) connected on port 80 (HTTP) --> 69.192.12.20
Process firefox.exe (2828) connected on port 80 (HTTP) --> 69.192.5.115

Process wininit.exe (564) listens on ports: 49152 (RPC)
Process services.exe (648) listens on ports: 49156 (RPC)
Process lsass.exe (668) listens on ports: 49155 (RPC)
Process svchost.exe (900) listens on ports: 135 (RPC)
Process svchost.exe (1228) listens on ports: 49153 (RPC)
Process svchost.exe (1268) listens on ports: 49154 (RPC)
Process svchost.exe (1768) listens on ports: 49157 (RPC)


Autoruns and critical files
---------------------------
<unsigned> autorun.exe E:\autorun.exe
<unsigned> CEEment C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe
<unsigned> CyberLink PlayMovie C:\Program Files\Cyberlink\PlayMovie\PMVService.exe
<unsigned> CyberLink PowerCinema C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe
<unsigned> Hardware Diagnostic Tools C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe
<unsigned> Old McDonald C:\Program Files\Autorun Eater\oldmcdonald.exe
<unsigned> QuickTime C:\Program Files\QuickTime\QTTask.exe
<unsigned> ZooskMessenger.exe C:\Program Files\ZooskMessenger\ZooskMessenger.exe

<verified> hpwuSchd Application C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
<verified> Sprint SmartView C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe
<verified> WinPatrol Monitor C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
<verified> Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
<verified> Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
<verified> C-motech Run Time Device Change C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
<verified> Carbonite Setup Lite C:\Program Files\Carbonite\CarbonitePreinstaller.exe
<verified> COMODO Internet Security C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
<verified> CyberLink MediaLibray Service C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe
<verified> HP Advisor C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
<verified> HP Health Check Scheduler c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
<verified> hpsysdrv Application C:\hp\support\hpsysdrv.exe
<verified> Intel® Common User Interface C:\Windows\System32\hkcmd.exe
<verified> Intel® Common User Interface C:\Windows\System32\igfxpers.exe
<verified> Intel® Common User Interface C:\Windows\system32\igfxtray.exe
<verified> Intel® Common User Interface igfxdev.dll
<verified> iTunes C:\iTunesHelper.exe
<verified> Microsoft Office OneNote C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
<verified> Microsoft® Windows® Operating System C:\Program Files\Windows Media Player\wmpnscfg.exe
<verified> Microsoft® Windows® Operating System C:\Program Files\Windows Sidebar\sidebar.exe
<verified> Microsoft® Windows® Operating System C:\Windows\System32\browseui.dll
<verified> Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
<verified> StartMen Application c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe
<verified> StartMen Application c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
<verified> StartMen Application c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
<verified> Windows Defender C:\Program Files\Windows Defender\MSASCui.exe
<verified> Windows® Internet Explorer C:\Windows\system32\msfeedssync.exe
<verified> Windows® Internet Explorer C:\Windows\System32\webcheck.dll


Browser plugins
---------------
<unsigned> Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
<unsigned> Conduit Toolbar c:\program files\games_bar_1\tbgame.dll
<unsigned> Conduit Toolbar c:\program files\zynga\tbzyng.dll
<unsigned> Epson Easy Photo Print (TBL) c:\program files\epson software\easy photo print\eptbl.dll
<unsigned> FFExternalAlert.dll C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\hs606s74.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
<unsigned> RadioWMPCore.dll C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\hs606s74.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll

<verified> 2007 Microsoft Office system C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
<verified> AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
<verified> Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
<verified> Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
<verified> BitDefender QuickScan C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\hs606s74.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
<verified> BitDefender QuickScan C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\hs606s74.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
<verified> Coupons Inc., Coupon Printer Manager C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
<verified> Coupons Inc., Coupon Printer Manager C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
<verified> getPlus+® C:\Windows\Downloaded Program Files\gp.ocx
<verified> getPlusPlus for Adobe 16263 C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
<verified> Java Deployment Toolkit 6.0.200.2 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
<verified> Java™ Platform SE 6 U20 c:\program files\java\jre6\bin\jp2ssv.dll
<verified> Java™ Platform SE 6 U20 c:\program files\java\jre6\bin\ssv.dll
<verified> Microsoft® Windows Media Player Firefox C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\mswsock.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\NapiNSP.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\pnrpnsp.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
<verified> Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
<verified> MSN® Toolbar c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
<verified> npitunes.dll C:\Mozilla Plugins\npitunes.dll
<verified> npsoe.dll C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\hs606s74.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}\plugins\npsoe.dll
<verified> NPSWF32.dll C:\Windows\System32\Macromed\Flash\NPSWF32.dll
<verified> Pando Web Plugin C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
<verified> Silverlight Plug-In c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll
<verified> Windows Presentation Foundation c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
<verified> Windows® Internet Explorer C:\Windows\System32\ieframe.dll


Missing files
-------------
File not found: C:\Program Files\Java\jre6\bin\jusched.exe
referenced in: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"SunJavaUpdateSched"

File not found: C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
referenced in: HKLM\System\ControlSet001\services\Norton Internet Security\"ImagePath"

File not found: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081022.006\NAVENG.SYS
referenced in: HKLM\System\ControlSet001\services\NAVENG\"ImagePath"

File not found: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081022.006\NAVEX15.SYS
referenced in: HKLM\System\ControlSet001\services\NAVEX15\"ImagePath"

File not found: C:\Users\Jamie\AppData\Local\Temp\catchme.sys
referenced in: HKLM\System\ControlSet001\services\catchme\"ImagePath"

File not found: C:\Windows\System32\appmgmts.dll
referenced in: HKLM\System\ControlSet001\services\AppMgmt\Parameters\"ServiceDll"

File not found: C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS
referenced in: HKLM\System\ControlSet001\services\SRTSP\"ImagePath"

File not found: C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS
referenced in: HKLM\System\ControlSet001\services\SRTSPX\"ImagePath"

File not found: c:\program files\avg\avg9\avgssie.dll
referenced in: HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\InprocServer32\(default)

File not found: c:\program files\norton internet security\engine\16.0.0.125\coieplg.dll
referenced in: HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\InprocServer32\(default)

File not found: c:\windows\system32\avgrsstx.dll c:\windows\system32\guard32.dll
referenced in: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\"AppInit_DLLs"

File not found: system32\DRIVERS\ipinip.sys
referenced in: HKLM\System\ControlSet001\services\IpInIp\"ImagePath"

File not found: system32\DRIVERS\nwlnkflt.sys
referenced in: HKLM\System\ControlSet001\services\NwlnkFlt\"ImagePath"

File not found: system32\DRIVERS\nwlnkfwd.sys
referenced in: HKLM\System\ControlSet001\services\NwlnkFwd\"ImagePath"


Scan
----
<unsigned> MD5: e2acab35e410269bc16a3e14fb0396ae C:\Program Files\Autorun Eater\billy.exe
<unsigned> MD5: 61013cb7f9c1f2febe80cc0596b20151 C:\Program Files\Autorun Eater\oldmcdonald.exe
<unsigned> MD5: f36f85583df3f68176ecb2c73ab78207 C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll
<unsigned> MD5: 190b9da85b3fa1085496504842b24d4b C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
<unsigned> MD5: 292f92469efb2fd402e00742c06d539d C:\Program Files\Bonjour\mdnsNSP.dll
<unsigned> MD5: 0553190acc65fa705a2a4be193728295 C:\Program Files\Common Files\LightScribe\LSLog.dll
<unsigned> MD5: 344d0fc67eb8a7d307b6c4898537617d C:\Program Files\Common Files\LightScribe\LSSProxy.dll
<unsigned> MD5: dfeff67508d3a9aeb1a85d7b0f513b24 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
<unsigned> MD5: 67a49ac8fb80ad058e288100a7759601 C:\Program Files\Cyberlink\PlayMovie\PMVService.exe
<unsigned> MD5: c0d8827c92b0b8942d2c52af0744d44e C:\Program Files\Cyberlink\PowerCinema\Kernel\Common\CLRCEngine3.dll
<unsigned> MD5: 668d0d1f1bd7f3476117b2ee40b77ae6 C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe
<unsigned> MD5: ea3329e06d7c794b788ceada90ab7000 c:\program files\epson software\easy photo print\eptbl.dll
<unsigned> MD5: 455e61a2cf37f7210df685e2b77bfbe3 c:\program files\games_bar_1\tbgame.dll
<unsigned> MD5: a876b5c2969134fa9670ea413a0649f1 C:\Program Files\Hewlett-Packard\HP Advisor\CommonInterfaces.dll
<unsigned> MD5: c2a71a738a3352502de6df68e649bb55 C:\Program Files\Hewlett-Packard\HP Advisor\CommonUtility.dll
<unsigned> MD5: d0580c93bfe293d015a5709db3cf333e C:\Program Files\Hewlett-Packard\HP Advisor\Content.dll
<unsigned> MD5: 8ae58652eea40aef5ddb4c40623fe9c5 C:\Program Files\Hewlett-Packard\HP Advisor\Interop.RulesEngineLib.dll
<unsigned> MD5: 2c721d0e442fbccfbfee304611f99d41 C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
<unsigned> MD5: 28c13ef79ba4c5005d5ce51a9288c27b C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
<unsigned> MD5: 572306819fdbfa0ee1982a9b3cfd6064 C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
<unsigned> MD5: 9773a67b668adb7dc0b03b1f36a9af92 C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
<unsigned> MD5: 6d7ac95296a49181e07d3de220b20048 C:\Program Files\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
<unsigned> MD5: 58f7fc2e75d7eb4318f3d27a0267db0f C:\Program Files\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.Logging.dll
<unsigned> MD5: d4c1699a115478f54c0732d15efe0fae C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECenter.dll
<unsigned> MD5: a4b8fefdd721b0f35f324c33a0869151 C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
<unsigned> MD5: 7e4d150897406bf8bc0c672a23daeb98 C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
<unsigned> MD5: 0e0e70343904e52efbed6223f542c5bb C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCHealthSecurity\PCHealthSecurityPillar.dll
<unsigned> MD5: 732af6603dfb6fb8b50841270fd55a61 C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
<unsigned> MD5: dd582496dfca073b41d158dc27c4730d C:\Program Files\Hewlett-Packard\HP Advisor\SystemStatus.dll
<unsigned> MD5: 013a81459bc670dcbf836336ea286196 C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
<unsigned> MD5: 26b018758226a5dc06de45496c394d40 C:\Program Files\Mozilla Firefox\freebl3.dll
<unsigned> MD5: 9dfb30f203999a3ae0f258a33fa598f9 C:\Program Files\Mozilla Firefox\nssdbm3.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
<unsigned> MD5: 1fd6c03c0001a5e1eaf61596c2502f0c C:\Program Files\Mozilla Firefox\softokn3.dll
<unsigned> MD5: 9489c4cf14126a06b061163d2b261c69 C:\Program Files\PC-Doctor for Windows\PCD5SRVC.pkms
<unsigned> MD5: e6297559a8d8d1ff71032ca1676b7047 C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe
<unsigned> MD5: 84f6b3ae2bbbfc146a27ede853eccb6b C:\Program Files\QuickTime\QTSystem\QTCF.dll
<unsigned> MD5: 86d32bb043c88fd79194ff7ab2ab3434 C:\Program Files\QuickTime\QTSystem\QuickTime.qts
<unsigned> MD5: eadfcaf6888b10183a0ef881453fa0ba C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\en.lproj\QuickTimeLocalized.dll
<unsigned> MD5: 239eadd6b5ab68051c3dad1e9403b33d C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\QuickTime.dll
<unsigned> MD5: 55d7a219ad8d0db8980528944152a6fd C:\Program Files\QuickTime\QTTask.exe
<unsigned> MD5: ba4c3d6ede1463c98844d01a04e01622 C:\Program Files\ZooskMessenger\ZooskMessenger.exe
<unsigned> MD5: 1fecf655218fdf7329bea67f519c8642 c:\program files\zynga\tbzyng.dll
<unsigned> MD5: ebebdbf1df7621623bbc5af82b533542 C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\hs606s74.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
<unsigned> MD5: 696f6787818300362f15485d654f6887 C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\hs606s74.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
<unsigned> MD5: ccd8a1842b7b61eab6d27bbd1e73872d C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
<unsigned> MD5: 09841a0302bbbd24b95bb3f8b34a73e7 C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\17f572b09facdc5fda9431558eb7a26e\mscorlib.ni.dll
<unsigned> MD5: 1c3b6302ba8b99e6b3f02fc3dc07d30c C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\dc8dccca85718096c895b74094e09e5a\PresentationCore.ni.dll
<unsigned> MD5: 06ea37f94a5435fd38240303a7b39f20 C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\31dc87feb886f7bf12ed3d22420d11a7\PresentationFontCache.ni.exe
<unsigned> MD5: 2a6f0c34068c0223b5352d513633e75a C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\29eb51a21ce62ed759b162307bd65e32\PresentationFramework.ni.dll
<unsigned> MD5: 4adfb221a3a3542ae3a9531a7bb31018 C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a122c56b60812fb5cbc2e941d4875a87\PresentationFramework.Aero.ni.dll
<unsigned> MD5: d2ea82ea48e894ccf65c9c14af7ecb6c C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e6001d416f7c468334934a2c6a41c631\System.Configuration.ni.dll
<unsigned> MD5: 06be3d94fb91113e993c18d033361405 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\813556b5a2722045b0ea14467fd00227\System.Data.ni.dll
<unsigned> MD5: 7c3772c642cd2b2681883c8d62c957b1 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6312464f64727a2a50d5ce3fd73ad1bb\System.Drawing.ni.dll
<unsigned> MD5: a5da7c90aca4d5879ac9692633590ba0 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\22e348e7fee20fcb2013d3dfe016ae8e\System.Management.ni.dll
<unsigned> MD5: ac10a6a2bc1ff9772ed400a0d94ccf40 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\23281812ddf7a1fab881b5322e577ac4\System.Runtime.Remoting.ni.dll
<unsigned> MD5: 95ea8f63f63e39c2f9d94cc7a96053bd C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ae77b2b91367f11d340cf3bf2428af59\System.ServiceProcess.ni.dll
<unsigned> MD5: a51ab9ab026a8363a97a9dbde3ca694a C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03858406f9a9514402888707e8b93abe\System.Web.ni.dll
<unsigned> MD5: 2de827b10e32883c79c44980e2eeeab1 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1941d7639299344ae28fb6b23da65247\System.Windows.Forms.ni.dll
<unsigned> MD5: e5bf83c6f9d1412c8fd2ca27d9e6c335 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\7208ffa39630e9b923331f9df0947a12\System.Xml.ni.dll
<unsigned> MD5: fbdb72dd5eedb1d4a308716b68911e77 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\52e1ea3c7491e05cda766d7b3ce3d559\System.ni.dll
<unsigned> MD5: fb8f919e89c198cab4c10fa2c76b5628 C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\649477fd01ef8e6692d0ac2e2983f578\UIAutomationTypes.ni.dll
<unsigned> MD5: 165ce6c298f40e60fc59bee2af93fe9f C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c049bc39cb33f7459936a689484285d6\WindowsBase.ni.dll
<unsigned> MD5: 98f4630b5867d911ad6eae79874bf5e6 C:\Windows\system32\drivers\BMLOAD.sys
<unsigned> MD5: 4bed0c7fdf414d1bd26bf33ea673ca49 C:\Windows\system32\drivers\TCPIPBM.sys
<unsigned> MD5: 9ba43fb3dc2693e993e00687ad06da5b E:\autorun.exe


No file uploaded.

Scan finished - communication took 2 sec
Total traffic - 0.05 MB sent, 1.34 KB recvd
Scanned 1211 files and modules - 61 seconds

==============================================================================
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,194 posts
  • MVP
Looks good.

There are still a few norton entries but they are more history than current.

Ron
  • 0

#9
#1MIfan

#1MIfan

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 133 posts
Is there anything I can do about those, or should I ignore them?
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,194 posts
  • MVP
Just ignore them.

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP