Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

trojan.gen


  • Please log in to reply

#1
Reumaut

Reumaut

    New Member

  • Member
  • Pip
  • 3 posts
Hello,
I am new so please forgive me if I'm doing something wrong. I have Norton 360 and Spyware Doctor for virus / malware programs respectively. Norton is telling me I have trojan.gen and remove fails every time. Spyware doctor is telling me that it is blocking trojan.gen. I tried to follow the malware spyware virus removal guide but the first step is giving me this error (i am on a home laptop and do not have an organization linked to it)

Websense Enterprise
Your organization's Internet use policy restricts access to this web page at this time.


Reason:


The Websense category "Malicious Web Sites" is filtered.


URL:


http://oldtimer.geekstogo.com/TFC.exe
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,727 posts
  • MVP
Try in Safe Mode With Networking

http://www.computerh...sues/chsafe.htm


Also check that you have no proxy enabled.

In IE, Tools, Internet Options, Connections, LAN Settings, then uncheck all boxes and OK. Close IE and restart IE.

In FireFox, Tools, Options, Advanced, Settings, check No Proxy then OK. Close Firefox and restart Firefox.

In Chrome, Wrench, Options, Under the Hood, Change Proxy Settings, uncheck all boxes, OK.


Who is your ISP?

Ron
  • 0

#3
Reumaut

Reumaut

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
I got through all the steps and at one point it appeared norton was able to remove the trojan, but i have read other posts where appearances can be deceiving so here's a copy of the logs i obtained, hopefully all fixed otherwise i'm all ears for the next step, thank you in advance for the help :)

OTL logfile created on: 7/16/2010 1:09:05 PM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\Doug\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.19 Gb Total Space | 28.52 Gb Free Space | 20.49% Space Free | Partition Type: NTFS
Drive D: | 9.85 Gb Total Space | 1.73 Gb Free Space | 17.56% Space Free | Partition Type: NTFS
Drive E: | 7.70 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 3.69 Gb Total Space | 3.64 Gb Free Space | 98.64% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DOUG-PC
Current User Name: Doug
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/16 13:07:03 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Doug\Downloads\OTL.exe
PRC - [2010/05/10 09:27:58 | 000,906,656 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
PRC - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.2.0.12\ccsvchst.exe
PRC - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/12/28 20:56:45 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/11/13 07:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/04/26 04:15:26 | 000,361,808 | ---- | M] () -- C:\Windows\SMINST\BLService.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


========== Modules (SafeList) ==========

MOD - [2010/07/16 13:07:03 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Doug\Downloads\OTL.exe
MOD - [2010/05/14 01:35:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.2.0.12\asoehook.dll
MOD - [2009/07/12 03:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\4.2.0.12\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 03:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\4.2.0.12\microsoft.vc90.crt\msvcp90.dll
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 22:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2010/04/28 14:21:30 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe -- (N360)
SRV - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/11/13 07:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2008/04/26 04:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/25 16:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010/07/14 07:28:02 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20100715.053\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/07/14 07:27:52 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20100715.053\NAVENG.SYS -- (NAVENG)
DRV - [2010/06/17 20:06:33 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/06/17 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/06/17 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/06/04 23:49:16 | 000,344,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20100715.001\IDSvix86.sys -- (IDSVix86)
DRV - [2010/05/22 14:16:04 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20100709.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/05/06 00:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0402000.00C\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/04/29 01:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0402000.00C\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 23:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0402000.00C\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 22:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0402000.00C\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 22:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0402000.00C\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/02/25 20:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0402000.00C\ccHPx86.sys -- (ccHP)
DRV - [2010/02/03 21:40:47 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0402000.00C\SYMDS.SYS -- (SymDS)
DRV - [2009/07/23 21:01:00 | 009,791,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/04/11 00:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/06/05 23:01:50 | 000,062,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008/06/05 12:58:42 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/05/09 15:17:32 | 000,043,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/04/27 15:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/04/24 18:51:46 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/04/17 14:05:16 | 000,199,344 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/01/29 09:55:00 | 001,042,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/01/20 22:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 22:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 22:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 22:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 22:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 22:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 22:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 22:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 22:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 22:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 22:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 22:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 22:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 22:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 22:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 22:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/20 22:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 22:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 22:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 22:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 22:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 22:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/10/31 21:51:26 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/10/31 21:47:54 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/10/31 21:47:08 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/10/17 19:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 20:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/04/09 10:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 10:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 10:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/03/20 11:33:00 | 000,016,896 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2006/12/24 05:15:18 | 000,027,904 | ---- | M] (Compuware Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xPADFL02.sys -- (XPADFL02)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2004/10/24 08:11:00 | 000,028,800 | ---- | M] (Deon van der Westhuysen) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PPortJoy.sys -- (PPortJoystick)
DRV - [2004/10/24 08:11:00 | 000,013,952 | ---- | M] (Deon van der Westhuysen) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PPJoyBus.sys -- (PPJoyBus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultEngine: "Yahoo"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-offrhap"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-offrhap"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {89c9e067-2605-4f75-a608-f6ea31c9d085}:2.0.1
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: move[email protected]:7
FF - prefs.js..keyword.URL: "http://search.yahoo....r=ytff-ytbm&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/08/04 14:35:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn\ [2010/06/18 07:08:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn\ [2010/06/17 20:08:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/16 11:20:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/08 21:27:02 | 000,000,000 | ---D | M]

[2009/12/20 11:48:57 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Mozilla\Extensions
[2009/12/20 11:48:57 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/07/16 11:28:58 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\5s9gm5b8.default\extensions
[2010/03/14 22:49:14 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\5s9gm5b8.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/03/29 20:11:06 | 000,000,000 | ---D | M] (FFXI Helper) -- C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\5s9gm5b8.default\extensions\{89c9e067-2605-4f75-a608-f6ea31c9d085}
[2009/09/19 11:14:19 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\5s9gm5b8.default\extensions\[email protected]
[2010/07/16 11:28:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/28 20:45:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.2.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Reader Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKCU..\Run: [{2448DECC-7761-03AC-4CDC-811B4CFC1F56}] C:\Users\Doug\AppData\Roaming\Zuwoo\ulne.exe File not found
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.29.1.218 24.29.1.219
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Doug\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Doug\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/04 14:03:40 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{54d8671f-e6f7-11de-95e9-001f164b35ae}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/07/15 21:14:11 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\Malwarebytes
[2010/07/15 21:13:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/07/15 21:13:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/07/15 21:13:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/15 21:13:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/15 20:53:34 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/07/15 20:52:22 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/07/14 06:50:18 | 000,000,000 | ---D | C] -- C:\8533a505501df88a4466884670db
[2010/07/08 22:29:49 | 000,000,000 | ---D | C] -- C:\ProgramData\DVD Shrink
[2010/06/18 20:20:07 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Local\CrashDumps
[2010/06/18 01:44:11 | 000,339,504 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0402000.00C\symtdiv.sys
[2010/06/18 01:44:10 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0402000.00C\cchpx86.sys
[2010/06/18 01:44:10 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0402000.00C\symds.sys
[2010/06/18 01:44:10 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0402000.00C\srtsp.sys
[2010/06/18 01:44:10 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0402000.00C\symefa.sys
[2010/06/18 01:44:10 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0402000.00C\ironx86.sys
[2010/06/18 01:44:10 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0402000.00C\srtspx.sys
[2010/06/18 01:43:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0402000.00C
[2010/06/17 20:30:22 | 000,000,000 | ---D | C] -- C:\Users\Doug\Documents\Symantec
[2010/06/17 20:12:45 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\Tific
[2010/06/17 20:06:49 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/06/17 20:05:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360
[2010/06/17 20:05:33 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2010/06/17 20:05:22 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/06/17 20:05:22 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/06/15 22:21:41 | 000,000,000 | ---D | C] -- C:\Users\Doug\Documents\Wizards of the Coast
[2010/06/09 03:02:45 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/06/03 19:09:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2010/06/03 19:09:18 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2010/05/23 03:21:38 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010/05/22 13:54:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010/05/22 13:54:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010/05/22 13:54:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010/05/22 10:53:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010/05/20 03:08:15 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\Mudyib
[2010/05/14 18:05:45 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Local\Geckofx
[2010/05/14 18:05:44 | 000,000,000 | ---D | C] -- C:\Users\Doug\Documents\Red Kawa
[2010/05/14 18:05:44 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\Red Kawa
[2010/05/14 18:03:16 | 000,000,000 | ---D | C] -- C:\Users\Doug\Documents\Regensoft
[2010/05/14 18:03:16 | 000,000,000 | ---D | C] -- C:\Program Files\Regensoft
[2010/05/14 18:02:58 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2010/05/14 18:02:32 | 000,000,000 | ---D | C] -- C:\Program Files\Red Kawa
[2010/05/09 16:12:18 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Roaming\Facebook
[2010/05/01 19:27:56 | 000,000,000 | ---D | C] -- C:\Temp
[2010/05/01 19:26:24 | 000,000,000 | ---D | C] -- C:\Program Files\ImTOO
[2010/04/28 21:22:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/04/27 08:33:32 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/04/25 16:22:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[1 C:\Users\Doug\AppData\Roaming\*.tmp files -> C:\Users\Doug\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/16 13:10:15 | 002,057,534 | ---- | M] () -- C:\Windows\System32\drivers\N360\0402000.00C\Cat.DB
[2010/07/16 13:08:57 | 002,883,584 | -HS- | M] () -- C:\Users\Doug\ntuser.dat
[2010/07/16 13:08:30 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/16 13:08:30 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/16 12:37:45 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A75D7AD2-D1AB-41F2-8331-5C8C3ED5348D}.job
[2010/07/16 11:09:54 | 000,000,246 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/07/16 11:08:45 | 000,031,776 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/07/16 11:08:44 | 000,031,776 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/07/16 11:08:33 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/16 11:08:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/16 11:07:22 | 000,524,288 | -HS- | M] () -- C:\Users\Doug\ntuser.dat{7079fd77-8319-11df-a8f1-001f164b35ae}.TMContainer00000000000000000001.regtrans-ms
[2010/07/16 11:07:22 | 000,065,536 | -HS- | M] () -- C:\Users\Doug\ntuser.dat{7079fd77-8319-11df-a8f1-001f164b35ae}.TM.blf
[2010/07/16 11:07:15 | 002,059,962 | -H-- | M] () -- C:\Users\Doug\AppData\Local\IconCache.db
[2010/07/15 21:13:55 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/15 20:52:25 | 000,000,733 | ---- | M] () -- C:\Users\Doug\Desktop\NTREGOPT.lnk
[2010/07/15 20:52:24 | 000,000,714 | ---- | M] () -- C:\Users\Doug\Desktop\ERUNT.lnk
[2010/07/15 18:06:43 | 000,000,680 | ---- | M] () -- C:\Users\Doug\AppData\Local\d3d9caps.dat
[2010/07/08 21:48:14 | 000,312,352 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/07/08 21:44:52 | 000,076,760 | ---- | M] () -- C:\Users\Doug\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/07/08 21:27:04 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010/07/07 17:56:35 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDoug.job
[2010/07/05 20:00:01 | 000,000,602 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Doug.job
[2010/07/05 07:38:44 | 000,002,116 | ---- | M] () -- C:\Users\Public\Desktop\Reader Library.lnk
[2010/06/28 20:59:04 | 000,524,288 | -HS- | M] () -- C:\Users\Doug\ntuser.dat{7079fd77-8319-11df-a8f1-001f164b35ae}.TMContainer00000000000000000002.regtrans-ms
[2010/06/24 20:51:47 | 000,715,936 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/24 20:51:47 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/24 20:51:47 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/24 19:09:40 | 000,524,288 | -HS- | M] () -- C:\Users\Doug\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/06/24 19:09:40 | 000,065,536 | -HS- | M] () -- C:\Users\Doug\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/06/18 06:54:06 | 000,002,140 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2010/06/17 20:19:44 | 000,002,140 | ---- | M] () -- C:\Users\Doug\Application Data\Microsoft\Internet Explorer\Quick Launch\Norton 360.lnk
[2010/06/17 20:06:33 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/06/17 20:06:33 | 000,007,443 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/06/17 20:06:33 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/06/15 18:37:10 | 000,000,215 | ---- | M] () -- C:\Users\Doug\Desktop\Duels of the Planeswalker.url
[2010/06/07 22:16:01 | 000,763,832 | ---- | M] () -- C:\Windows\BDTSupport.dll
[2010/06/07 20:21:02 | 001,652,664 | ---- | M] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010/06/04 07:07:00 | 000,870,128 | ---- | M] () -- C:\Users\Doug\AppData\Roaming\mcs.rma
[2010/06/04 07:07:00 | 000,000,004 | ---- | M] () -- C:\Users\Doug\AppData\Roaming\B69CEF
[2010/06/03 20:45:36 | 000,000,786 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/05/30 16:50:46 | 174,833,095 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/05/23 03:21:22 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/05/23 03:20:46 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/05/16 16:27:40 | 000,001,759 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/05/14 18:03:16 | 000,001,931 | ---- | M] () -- C:\Users\Public\Desktop\YouTube Downloader App.lnk
[2010/05/14 18:02:32 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\PSP Video 9.lnk
[2010/05/14 17:38:00 | 000,046,592 | ---- | M] () -- C:\Users\Doug\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/14 02:40:03 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\0402000.00C\isolate.ini
[2010/05/06 00:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0402000.00C\symtdiv.sys
[2010/05/06 00:01:43 | 000,001,473 | ---- | M] () -- C:\Windows\System32\drivers\N360\0402000.00C\symnetv.inf
[2010/05/06 00:01:43 | 000,001,445 | ---- | M] () -- C:\Windows\System32\drivers\N360\0402000.00C\symnet.inf
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/29 01:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0402000.00C\ironx86.sys
[2010/04/29 01:03:51 | 000,007,438 | ---- | M] () -- C:\Windows\System32\drivers\N360\0402000.00C\iron.cat
[2010/04/29 01:03:51 | 000,000,741 | ---- | M] () -- C:\Windows\System32\drivers\N360\0402000.00C\iron.inf
[2010/04/26 04:18:40 | 000,007,873 | ---- | M] () -- C:\Windows\System32\drivers\N360\0402000.00C\symefa.cat
[2010/04/25 16:21:01 | 000,000,943 | ---- | M] () -- C:\Users\Doug\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/04/24 07:31:04 | 000,003,373 | ---- | M] () -- C:\Windows\System32\drivers\N360\0402000.00C\symefa.inf
[2010/04/21 23:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0402000.00C\symefa.sys
[2010/04/21 22:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0402000.00C\srtsp.sys
[2010/04/21 22:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0402000.00C\srtspx.sys
[2010/04/21 22:29:50 | 000,007,442 | ---- | M] () -- C:\Windows\System32\drivers\N360\0402000.00C\srtspx.cat
[2010/04/21 22:29:50 | 000,007,438 | ---- | M] () -- C:\Windows\System32\drivers\N360\0402000.00C\srtsp.cat
[2010/04/21 22:29:50 | 000,001,388 | ---- | M] () -- C:\Windows\System32\drivers\N360\0402000.00C\srtspx.inf
[2010/04/21 22:29:50 | 000,001,382 | ---- | M] () -- C:\Windows\System32\drivers\N360\0402000.00C\srtsp.inf
[1 C:\Users\Doug\AppData\Roaming\*.tmp files -> C:\Users\Doug\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/15 21:13:55 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/15 20:52:25 | 000,000,733 | ---- | C] () -- C:\Users\Doug\Desktop\NTREGOPT.lnk
[2010/07/15 20:52:24 | 000,000,714 | ---- | C] () -- C:\Users\Doug\Desktop\ERUNT.lnk
[2010/07/05 07:38:44 | 000,002,116 | ---- | C] () -- C:\Users\Public\Desktop\Reader Library.lnk
[2010/06/28 20:59:04 | 000,524,288 | -HS- | C] () -- C:\Users\Doug\ntuser.dat{7079fd77-8319-11df-a8f1-001f164b35ae}.TMContainer00000000000000000002.regtrans-ms
[2010/06/28 20:59:04 | 000,524,288 | -HS- | C] () -- C:\Users\Doug\ntuser.dat{7079fd77-8319-11df-a8f1-001f164b35ae}.TMContainer00000000000000000001.regtrans-ms
[2010/06/28 20:59:04 | 000,065,536 | -HS- | C] () -- C:\Users\Doug\ntuser.dat{7079fd77-8319-11df-a8f1-001f164b35ae}.TM.blf
[2010/06/18 06:53:25 | 002,057,534 | ---- | C] () -- C:\Windows\System32\drivers\N360\0402000.00C\Cat.DB
[2010/06/18 01:44:11 | 000,007,787 | R--- | C] () -- C:\Windows\System32\drivers\N360\0402000.00C\symnetv.cat
[2010/06/18 01:44:11 | 000,007,368 | R--- | C] () -- C:\Windows\System32\drivers\N360\0402000.00C\symnet.cat
[2010/06/18 01:44:11 | 000,001,473 | ---- | C] () -- C:\Windows\System32\drivers\N360\0402000.00C\symnetv.inf
[2010/06/18 01:44:11 | 000,001,445 | ---- | C] () -- C:\Windows\System32\drivers\N360\0402000.00C\symnet.inf
[2010/06/18 01:44:10 | 000,007,873 | ---- | C] () -- C:\Windows\System32\drivers\N360\0402000.00C\symefa.cat
[2010/06/18 01:44:10 | 000,007,442 | ---- | C] () -- C:\Windows\System32\drivers\N360\0402000.00C\srtspx.cat
[2010/06/18 01:44:10 | 000,007,438 | ---- | C] () -- C:\Windows\System32\drivers\N360\0402000.00C\srtsp.cat
[2010/06/18 01:44:10 | 000,007,438 | ---- | C] () -- C:\Windows\System32\drivers\N360\0402000.00C\iron.cat
[2010/06/18 01:44:10 | 000,007,425 | R--- | C] () -- C:\Windows\System32\drivers\N360\0402000.00C\symds.cat
[2010/06/18 01:44:10 | 000,007,396 | ---- | C] () -- C:\Windows\System32\drivers\N360\0402000.00C\cchpx86.cat
[2010/06/18 01:44:10 | 000,003,373 | ---- | C] () -- C:\Windows\System32\drivers\N360\0402000.00C\symefa.inf
[2010/06/18 01:44:10 | 000,002,793 | R--- | C] () -- C:\Windows\System32\drivers\N360\0402000.00C\symds.inf
[2010/06/18 01:44:10 | 000,001,754 | ---- | C] () -- C:\Windows\System32\drivers\N360\0402000.00C\cchpx86.inf
[2010/06/18 01:44:10 | 000,001,388 | ---- | C] () -- C:\Windows\System32\drivers\N360\0402000.00C\srtspx.inf
[2010/06/18 01:44:10 | 000,001,382 | ---- | C] () -- C:\Windows\System32\drivers\N360\0402000.00C\srtsp.inf
[2010/06/18 01:44:10 | 000,000,741 | ---- | C] () -- C:\Windows\System32\drivers\N360\0402000.00C\iron.inf
[2010/06/18 01:43:31 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\0402000.00C\isolate.ini
[2010/06/17 20:19:44 | 000,002,140 | ---- | C] () -- C:\Users\Doug\Application Data\Microsoft\Internet Explorer\Quick Launch\Norton 360.lnk
[2010/06/17 20:06:49 | 000,007,443 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/06/17 20:06:49 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/06/17 20:06:12 | 000,002,140 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2010/06/15 18:37:09 | 000,000,215 | ---- | C] () -- C:\Users\Doug\Desktop\Duels of the Planeswalker.url
[2010/06/03 19:09:18 | 000,000,786 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/05/23 03:21:22 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/05/23 03:20:46 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/05/14 18:03:16 | 000,001,931 | ---- | C] () -- C:\Users\Public\Desktop\YouTube Downloader App.lnk
[2010/05/14 18:02:32 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\PSP Video 9.lnk
[2010/04/30 21:15:35 | 174,833,095 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/04/25 16:05:54 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/03/28 01:40:50 | 000,074,752 | ---- | C] () -- C:\Windows\System32\CLEyeDevices.dll
[2010/01/08 23:02:24 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2010/01/08 23:02:24 | 000,763,832 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2009/09/27 09:33:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 05:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2004/12/19 09:29:40 | 000,106,496 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2004/12/19 09:17:10 | 000,614,400 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2002/10/06 14:42:56 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2002/10/04 19:04:24 | 000,921,600 | ---- | C] () -- C:\Windows\System32\VorbisEnc.dll
[2002/10/04 19:04:24 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2002/10/04 19:04:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2002/05/15 19:38:40 | 000,091,136 | ---- | C] () -- C:\Windows\System32\mp4fil32.dll

========== LOP Check ==========

[2010/06/12 12:42:26 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\BitTorrent
[2010/07/16 13:09:56 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\DNA
[2010/05/09 16:12:21 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Facebook
[2008/12/20 02:11:48 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\funkitron
[2009/01/21 21:48:51 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\iWin
[2010/06/11 09:32:38 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Mudyib
[2010/05/14 18:05:44 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Red Kawa
[2008/11/28 13:03:26 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Snapfish
[2010/04/11 10:39:59 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Template
[2010/06/17 20:12:45 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Tific
[2009/12/20 11:48:47 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\TomTom
[2008/11/28 15:33:15 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\WildTangent
[2010/06/16 19:22:30 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Zuwoo
[2010/07/16 11:07:27 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/07/16 12:37:45 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A75D7AD2-D1AB-41F2-8331-5C8C3ED5348D}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/08/04 14:03:40 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/11/28 13:57:13 | 000,000,368 | -H-- | M] () -- C:\IPH.PH
[2008/09/03 20:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\npbittorrent.dll
[2010/07/16 11:08:19 | 3264,942,080 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/11/02 08:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 08:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 08:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/05/22 13:46:02 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 17:37:34 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/01/20 22:23:14 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 08:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 22:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 22:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 02:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 02:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/20 23:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 23:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 23:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\user32.dll /md5 >
[2009/04/11 02:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/01/20 22:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2006/11/02 05:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-14 11:24:30

========== Alternate Data Streams ==========

@Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >


OTL Extras logfile created on: 7/16/2010 1:09:06 PM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\Doug\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.19 Gb Total Space | 28.52 Gb Free Space | 20.49% Space Free | Partition Type: NTFS
Drive D: | 9.85 Gb Total Space | 1.73 Gb Free Space | 17.56% Space Free | Partition Type: NTFS
Drive E: | 7.70 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 3.69 Gb Total Space | 3.64 Gb Free Space | 98.64% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DOUG-PC
Current User Name: Doug
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04BABD37-A134-480B-9EDC-BCD67473F4C7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{ED22F663-F43E-4A9A-899E-F11187A3D464}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{053E5549-ECD5-4FE4-8DB9-641DFB10CF77}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{1415A2CC-758E-4E99-B05F-62C9B77B3036}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{24618701-FC86-4240-8743-FB64C24C5335}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{260B3242-E006-4D39-B7A6-5D0C94A1F3D7}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{360E3640-FB26-4DEF-8288-8B53B8EBB28A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{51F08F47-123A-4573-8F88-F2F8677AC0B9}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{75C0C7E1-5192-43F4-9E04-9EF916BC3C32}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{7C9BCD63-58C8-4CFD-8A1B-68805919C762}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{840C6D86-9DD5-44E2-B30D-BD9B3934E6B1}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{8B079ABE-2FC7-4587-887B-D5B4F972254C}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{9619B428-A15F-4B3A-BC7D-A591073603BA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\magic the gathering - duels of the planeswalkers\dotp.exe |
"{98D839C7-6D6B-4F09-B4D6-FD2F890271A4}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{AE743838-B618-4F55-BE35-915719FD59C0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\magic the gathering - duels of the planeswalkers\dotp.exe |
"{C1BAABB6-21B7-49B7-91E1-E455B4B6BC44}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{C55EE582-4D18-4465-B67C-01CCBFDC83AC}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{CE417CC2-006D-44BC-B33A-291B02416FCB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F15F0019-5B15-461F-8123-B84990DBAD95}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"TCP Query User{31E750F8-01D2-4F30-897F-9E15FF5A94D3}C:\users\doug\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\doug\program files\dna\btdna.exe |
"TCP Query User{50FF560B-5E76-4E41-BA7B-74C948858541}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{DEF2784C-0805-4E7E-9213-48CAC799DB18}C:\program files\playonline\squareenix\playonlineviewer\pol.exe" = protocol=6 | dir=in | app=c:\program files\playonline\squareenix\playonlineviewer\pol.exe |
"UDP Query User{41E1424D-9782-4A60-AC48-61E10F7A31AC}C:\program files\playonline\squareenix\playonlineviewer\pol.exe" = protocol=17 | dir=in | app=c:\program files\playonline\squareenix\playonlineviewer\pol.exe |
"UDP Query User{59500B69-51EB-4546-A482-D09C2C22F1D5}C:\users\doug\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\doug\program files\dna\btdna.exe |
"UDP Query User{68C5B494-F5FD-4160-A738-81D701F0EAF0}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{029B5901-1F27-4347-9923-E8ACC8F54E15}" = Snapfish Picture Mover
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{25B932C7-EB2B-422E-910D-504FB00DAE43}" = Reader Library by Sony
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 17
"{2758691A-2CDE-4942-A4AC-0E8F61FE2067}" = USB2.0 VIDBOX NW03
"{2856F5EA-E98A-40E4-BAD6-8C644A4A3F3C}" = honestech Video to DVD Plus
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D3
"{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}" = muvee autoProducer 6.1
"{380357CA-29F4-4B3C-B401-32C057E6B59B}" = HP Smart Web Printing
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3C0619B4-4A2C-4244-8077-488E420DF907}" = FINAL FANTASY XI: Chains of Promathia
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{47004155-7376-403E-89E9-4C9F44AAF0D0}" = PlayOnline Viewer & Tetra Master
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{5B037ED7-0755-48D4-9554-808E5AF50F17}" = FINAL FANTASY XI: Wings of the Goddess
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{678F6475-D227-432A-94FF-806178A34520}" = FINAL FANTASY XI
"{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}" = FINAL FANTASY XI: Rise of the Zilart
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DF92D68-F8EE-4F9C-89A2-26254C1C4B6B}" = HP Help and Support
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{9ECE13D2-C028-44CB-8A96-A65196E7BBE7}_is1" = Convert AVI to MP4 1.3
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}" = PRS-500 USB driver
"{A606C6FF-12E7-40BE-B777-D8F360FF00CD}" = FINAL FANTASY XI: Treasures of Aht Urhgan
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.3
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}" = HP User Guides 0118
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DBC2B03B-4838-4256-A6AE-1EB7B9B8F763}" = honestech Video to DVD Plus
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"75070B1806113224B16C70296B90DD1AD8A53479" = Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
"7-Zip" = 7-Zip 4.57
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AVI Movie Player" = AVI Movie Player
"AviSynth" = AviSynth 2.5
"Browser Defender_is1" = Browser Defender 2.0.6.15
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"ERUNT_is1" = ERUNT 1.1j
"Fallout 2_is1" = Fallout 2
"Fallout Tactics" = Fallout Tactics
"Fallout Tactics_is1" = Fallout Tactics
"FALLOUT: A Post-Nuclear Role-Playing Game_is1" = FALLOUT: A Post-Nuclear Role-Playing Game
"GameSaike SixaxisDriver_is1" = SixaxisDriver 0.91
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{3C0619B4-4A2C-4244-8077-488E420DF907}" = FINAL FANTASY XI: Chains of Promathia
"InstallShield_{47004155-7376-403E-89E9-4C9F44AAF0D0}" = PlayOnline Viewer & Tetra Master
"InstallShield_{5B037ED7-0755-48D4-9554-808E5AF50F17}" = FINAL FANTASY XI: Wings of the Goddess
"InstallShield_{678F6475-D227-432A-94FF-806178A34520}" = FINAL FANTASY XI
"InstallShield_{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}" = FINAL FANTASY XI: Rise of the Zilart
"InstallShield_{A606C6FF-12E7-40BE-B777-D8F360FF00CD}" = FINAL FANTASY XI: Treasures of Aht Urhgan
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"N360" = Norton 360
"NVIDIA Drivers" = NVIDIA Drivers
"PSP Video 9" = PSP Video 9 5.04
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"Spyware Doctor" = Spyware Doctor 7.0
"Steam App 49400" = Magic: The Gathering - Duels of the Planeswalkers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.7.3.1894
"V CAST Music with Rhapsody" = V CAST Music with Rhapsody
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent hp Master Uninstall" = My HP Games
"YouTube Downloader App" = YouTube Downloader App 2.03

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Facebook Plug-In" = Facebook Plug-In
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/14/2010 7:15:30 AM | Computer Name = Doug-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 7/14/2010 7:17:07 AM | Computer Name = Doug-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 7/14/2010 7:30:52 AM | Computer Name = Doug-PC | Source = Application Hang | ID = 1002
Description = The program pol.exe version 1.18.13.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 1018 Start Time: 01cb23465f95b240 Termination Time: 40840

Error - 7/15/2010 10:58:51 AM | Computer Name = Doug-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/15/2010 11:17:47 AM | Computer Name = Doug-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/15/2010 11:46:04 AM | Computer Name = Doug-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/15/2010 8:04:11 PM | Computer Name = Doug-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/15/2010 9:05:47 PM | Computer Name = Doug-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/15/2010 11:08:18 PM | Computer Name = Doug-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/16/2010 12:06:36 AM | Computer Name = Doug-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 7/16/2010 1:07:22 AM | Computer Name = Doug-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/16/2010 1:08:19 AM | Computer Name = Doug-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 7/16/2010 1:08:22 AM | Computer Name = Doug-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/16/2010 1:08:22 AM | Computer Name = Doug-PC | Source = DCOM | ID = 10005
Description =

Error - 7/16/2010 7:44:50 AM | Computer Name = Doug-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/16/2010 7:44:50 AM | Computer Name = Doug-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/16/2010 10:49:44 AM | Computer Name = Doug-PC | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 7/16/2010 10:51:07 AM | Computer Name = Doug-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 7/16/2010 11:10:00 AM | Computer Name = Doug-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/16/2010 11:10:00 AM | Computer Name = Doug-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-16 13:05:37
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Doug\AppData\Local\Temp\kxldapod.sys


---- System - GMER 1.0.15 ----

SSDT 8A8F96D0 ZwAlertResumeThread
SSDT 8A8F9890 ZwAlertThread
SSDT 8A8A3838 ZwAllocateVirtualMemory
SSDT 8A116AD8 ZwAlpcConnectPort
SSDT 8A900C68 ZwAssignProcessToJobObject
SSDT 8A8F92F8 ZwCreateMutant
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x8C59B2D6]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x8C59B4C8]
SSDT 8A900988 ZwCreateSymbolicLinkObject
SSDT 8A8A1450 ZwCreateThread
SSDT 8A900D48 ZwDebugActiveProcess
SSDT 8A8A3A08 ZwDuplicateObject
SSDT 8A8F9FC0 ZwFreeVirtualMemory
SSDT 8A8F93E8 ZwImpersonateAnonymousToken
SSDT 8A8F95F0 ZwImpersonateThread
SSDT 8A15D1A8 ZwLoadDriver
SSDT 8A8F9EC0 ZwMapViewOfSection
SSDT 8A8F9218 ZwOpenEvent
SSDT 8A8A12F8 ZwOpenProcess
SSDT 8A8A3928 ZwOpenProcessToken
SSDT 8A900F70 ZwOpenSection
SSDT 8A8A1208 ZwOpenThread
SSDT 8A900B78 ZwProtectVirtualMemory
SSDT 8A8F9970 ZwResumeThread
SSDT 8A8F9C10 ZwSetContextThread
SSDT 8A8F9CF0 ZwSetInformationProcess
SSDT 8A900E28 ZwSetSystemInformation
SSDT 8A8F9050 ZwSuspendProcess
SSDT 8A8F9A50 ZwSuspendThread
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x8C59AF44]
SSDT 8A8F9B30 ZwTerminateThread
SSDT 8A8F9DE0 ZwUnmapViewOfSection
SSDT 8A8A3748 ZwWriteVirtualMemory
SSDT 8A900A78 ZwCreateThreadEx
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x8C59B6D0]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 11D 846C5880 8 Bytes [D0, 96, 8F, 8A, 90, 98, 8F, ...]
.text ntkrnlpa.exe!KeSetEvent + 131 846C5894 4 Bytes [38, 38, 8A, 8A]
.text ntkrnlpa.exe!KeSetEvent + 13D 846C58A0 4 Bytes [D8, 6A, 11, 8A]
.text ntkrnlpa.exe!KeSetEvent + 191 846C58F4 4 Bytes [68, 0C, 90, 8A]
.text ntkrnlpa.exe!KeSetEvent + 1F5 846C5958 4 Bytes [F8, 92, 8F, 8A]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[3424] ntdll.dll!LdrLoadDll 774B9390 5 Bytes JMP 0116003A

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4317

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

7/16/2010 1:44:57 PM
mbam-log-2010-07-16 (13-44-57).txt

Scan type: Quick scan
Objects scanned: 129448
Time elapsed: 7 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,727 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c

:OTL
PRC - [2009/12/28 20:56:45 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O4 - HKCU..\Run: [{2448DECC-7761-03AC-4CDC-811B4CFC1F56}] C:\Users\Doug\AppData\Roaming\Zuwoo\ulne.exe File not found
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)


:Files
C:\Users\Doug\AppData\Roaming\Zuwoo
	 
:Commands
[purity]
[emptytemp]
[Reboot]
then run OTL (Right click and select Run As Administrator) and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL again (Right click and select Run As Administrator) and click the Quick Scan button. Post the log it produces in your next reply.

Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Run george (Right click and select Run As Administrator)



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:


Post Back (copy/paste the .txt files, do not use attachments)
After following the above, post back with:

OTL Log

Combofix log

Ron
  • 0

#5
Reumaut

Reumaut

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
All processes killed
========== OTL ==========
No active process named btdna.exe was found!
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File C:\Windows\System32\DRIVERS\nwlnkfwd.sys not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File C:\Windows\System32\DRIVERS\nwlnkflt.sys not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File C:\Windows\System32\DRIVERS\ipinip.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{2448DECC-7761-03AC-4CDC-811B4CFC1F56} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2448DECC-7761-03AC-4CDC-811B4CFC1F56}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\BitTorrent DNA deleted successfully.
C:\Program Files\DNA\btdna.exe moved successfully.
========== FILES ==========
C:\Users\Doug\AppData\Roaming\Zuwoo folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Doug
->Temp folder emptied: 33294 bytes
->Temporary Internet Files folder emptied: 169695 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 38908212 bytes
->Flash cache emptied: 4430 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 37.00 mb


OTL by OldTimer - Version 3.2.9.0 log created on 07172010_200455

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...




ComboFix 10-07-16.01 - Doug 07/17/2010 20:21:00.1.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2814.1802 [GMT -4:00]
Running from: c:\users\Doug\Desktop\george.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-06-18 to 2010-07-18 )))))))))))))))))))))))))))))))
.

2010-07-18 00:52 . 2010-07-18 00:55 -------- d-----w- c:\users\Doug\AppData\Local\temp
2010-07-18 00:52 . 2010-07-18 00:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-18 00:04 . 2010-07-18 00:04 -------- d-----w- C:\_OTL
2010-07-16 01:14 . 2010-07-16 01:14 -------- d-----w- c:\users\Doug\AppData\Roaming\Malwarebytes
2010-07-16 01:13 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-16 01:13 . 2010-07-16 01:13 -------- d-----w- c:\programdata\Malwarebytes
2010-07-16 01:13 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-16 01:13 . 2010-07-16 01:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-16 00:52 . 2010-07-16 00:52 -------- d-----w- c:\program files\ERUNT
2010-07-14 10:50 . 2010-07-14 10:51 -------- d-----w- C:\8533a505501df88a4466884670db
2010-07-09 02:29 . 2010-07-09 02:31 -------- d-----w- c:\programdata\DVD Shrink
2010-06-29 00:45 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-23 07:00 . 2009-11-08 14:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-23 07:00 . 2009-11-08 14:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-23 07:00 . 2009-11-08 14:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-23 07:00 . 2009-11-08 14:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-23 07:00 . 2009-11-08 14:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 00:24 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-23 00:24 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-19 00:20 . 2010-07-16 15:22 -------- d-----w- c:\users\Doug\AppData\Local\CrashDumps

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-18 00:08 . 2010-06-03 23:09 -------- d-----w- c:\program files\Steam
2010-07-18 00:06 . 2008-11-28 21:25 31776 ----a-w- c:\programdata\nvModes.dat
2010-07-18 00:04 . 2008-11-30 00:19 -------- d-----w- c:\program files\DNA
2010-07-17 23:59 . 2009-01-02 03:17 -------- d-----w- c:\users\Doug\AppData\Roaming\DNA
2010-07-16 11:52 . 2009-05-23 15:34 -------- d-----w- c:\program files\Spyware Doctor
2010-07-15 22:06 . 2008-12-08 22:03 680 ----a-w- c:\users\Doug\AppData\Local\d3d9caps.dat
2010-07-14 11:23 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-09 01:44 . 2008-11-28 17:01 76760 ----a-w- c:\users\Doug\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-29 00:45 . 2008-08-04 18:49 -------- d-----w- c:\program files\Java
2010-06-25 00:45 . 2008-08-04 18:15 -------- d-----w- c:\program files\Microsoft.NET
2010-06-18 00:34 . 2008-08-04 16:43 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-18 00:12 . 2010-06-18 00:12 -------- d-----w- c:\users\Doug\AppData\Roaming\Tific
2010-06-18 00:10 . 2010-04-29 01:22 -------- d-----w- c:\programdata\Norton
2010-06-18 00:06 . 2009-01-10 18:27 -------- d-----w- c:\program files\Symantec
2010-06-18 00:06 . 2010-06-18 00:06 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-06-18 00:06 . 2010-06-18 00:06 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-06-18 00:06 . 2010-06-18 00:06 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-06-18 00:05 . 2010-06-18 00:05 -------- d-----w- c:\program files\Norton 360
2010-06-18 00:05 . 2010-06-18 00:05 -------- d-----w- c:\programdata\NortonInstaller
2010-06-18 00:05 . 2010-06-18 00:05 -------- d-----w- c:\program files\NortonInstaller
2010-06-16 00:01 . 2008-08-04 18:13 -------- d-----w- c:\programdata\Microsoft Help
2010-06-12 16:42 . 2009-01-02 03:22 -------- d-----w- c:\users\Doug\AppData\Roaming\BitTorrent
2010-06-11 13:32 . 2010-05-20 07:08 -------- d-----w- c:\users\Doug\AppData\Roaming\Mudyib
2010-06-09 07:24 . 2010-01-10 13:25 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-08 02:16 . 2010-01-09 03:02 763832 ----a-w- c:\windows\BDTSupport.dll
2010-06-08 00:21 . 2010-01-09 03:02 1652664 ----a-w- c:\windows\PCTBDCore.dll
2010-06-03 23:09 . 2010-06-03 23:09 -------- d-----w- c:\program files\Common Files\Steam
2010-05-26 17:06 . 2010-06-08 22:17 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-08 22:17 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-23 07:21 . 2010-05-23 07:21 -------- d-----w- c:\program files\Windows Portable Devices
2010-05-23 07:21 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-05-23 07:21 . 2010-05-23 07:21 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-05-23 07:20 . 2010-05-23 07:20 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-05-22 17:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-05-22 17:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-05-22 17:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-05-22 17:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-05-22 17:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-05-22 17:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-05-22 17:48 . 2008-11-07 00:19 -------- d-----w- c:\programdata\NVIDIA
2010-05-22 14:07 . 2008-08-04 16:43 -------- d-----w- c:\programdata\Symantec
2010-05-22 14:05 . 2008-11-28 17:03 -------- d-----w- c:\users\Doug\AppData\Roaming\Symantec
2010-05-04 05:59 . 2010-06-08 22:16 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-08 22:16 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-08 22:16 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-08 22:16 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-08 22:14 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-23 14:13 . 2010-05-25 19:10 2048 ----a-w- c:\windows\system32\tzres.dll
2008-08-04 15:03 . 2008-08-04 15:03 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Steam"="c:\program files\Steam\Steam.exe" [2010-06-03 1238352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-12 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Reader Library Launcher"="c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-05-10 906656]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk
backup=c:\windows\pss\Snapfish Media Detector.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Doug^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Doug\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-04-15 20:42 70912 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-11-13 11:31 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):50,71,9d,2e,d9,f9,ca,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2007-03-20 16896]
R3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [2004-10-24 13952]
R3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\system32\drivers\PPortJoy.sys [2004-10-24 28800]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\DRIVERS\xpadfl02.sys [2006-12-24 27904]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-03-29 218592]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0402000.00C\SYMDS.SYS [2010-02-04 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0402000.00C\SYMEFA.SYS [2010-04-22 173104]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20100709.001\BHDrvx86.sys [2010-05-22 691248]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0402000.00C\ccHPx86.sys [2010-02-26 501888]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20100716.001\IDSvix86.sys [2010-06-05 344112]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0402000.00C\Ironx86.SYS [2010-04-29 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360\0402000.00C\SYMTDIV.SYS [2010-05-06 339504]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe [2010-02-26 126392]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-26 361808]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-06-17 102448]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-09 43040]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-07-07 c:\windows\Tasks\HPCeeScheduleForDoug.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-08-04 03:03]

2010-07-06 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Doug.job
- c:\program files\Norton 360\Engine\4.2.0.12\navw32.exe [2010-06-18 05:34]

2010-07-17 c:\windows\Tasks\User_Feed_Synchronization-{A75D7AD2-D1AB-41F2-8331-5C8C3ED5348D}.job
- c:\windows\system32\msfeedssync.exe [2010-06-08 04:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
FF - ProfilePath - c:\users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\5s9gm5b8.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-ytbm&p=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Sony\Reader\Data\bin\npebldetectmoz.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\users\Doug\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\Doug\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
AddRemove-BitTorrent DNA - c:\program files\DNA\btdna.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-17 20:54
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.2.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4848)
c:\windows\System32\NLSLexicons0009.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-07-17 21:08:22
ComboFix-quarantined-files.txt 2010-07-18 01:08

Pre-Run: 19,993,411,584 bytes free
Post-Run: 19,882,242,048 bytes free

- - End Of File - - 29A60568F6614238E2EC62CE44189188
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,727 posts
  • MVP
The following p2p programs are dangerous to have on your PC.

"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA

P2P programs are notorious sources of infected files.

You still have one folder that was probably associated with the infection:

c:\users\Doug\AppData\Roaming\Mudyib

You can remove it manually are copy the next two line:

:Files
c:\users\Doug\AppData\Roaming\Mudyib

Then run OTL as before, paste the above into the Custom box then RUN FIX.

That should be all of it. You can run the free BitDefender online scan to make sure:

Copy (Highlight and Ctrl + c) the next line.

http://www.bitdefend...nline/free.html

Close all programs and browsers. Right click and select Run As Administrator on IE or FireFox icon on your desktop and then click on the area where you put in the URL and paste (Ctrl + v). The line you copied should appear. Hit Enter.


(Files in _OTL or qoobox subfolders are stuff we have already removed so nothing to worry about.)

We need to clean up System Restore.
The best way is to follow Jim's procedure here http://aumha.net/vie...=...p;sk=t&sd=a
tho it hasn't been updated for Vista or Win 7 yet so To create a Restore Point try this:
right click on Computer and select Properties and System Protection (Continue) and then Create (at the bottom). OK Give it a name like Clean and then Create. OK. OK.

Once you have created a Restore Point:

Now Start (Windows Logo Button), Programs, Accessories, Right click on Command Prompt and select Run As Administrator,
cleanmgr

Select "Files from All Users."
Continue

Select OS (C:)
OK

It will think for a few minutes.

Then come up with a few suggestions. Ignore those and press More Options. Under System Restore and Shadow Copies, click Clean Up and let it do its thing.

To hide hidden files again:

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.



You do not have the latest Java. Get the latest (Java™ 6 Update 20 or maybe 21)at:

http://www.java.com/...nload/index.jsp. Do not let them install the Yahoo Toolbar or anything but Java.


Once you install it, go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 17
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5


Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

I recommend you install the free WinPatrol 2010 from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.

If you use USB drives you might want to install Autorun Eater v2.4.
http://oldmcdonald.w...orun-eater-v24/
Another small program which will stay resident and prevent an infected USB drive from infecting your PC.

If you use Firefox then get the AdBlock Plus Add-on.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox



If your current antivirus is not a paid up subscription you should dump it and install the free Avast
http://www.avast.com...avast-home.html


Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP