Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google Redirect Virus

Started by benhwa , Nov 15 2010 09:48 AM

  • Please log in to reply

#1
benhwa
Posted 15 November 2010 - 09:48 AM

benhwa

    New Member

  • Member
  • Pip
  • 1 posts
Hi guys, I too have gotten infected with the goggle redirect virus. Can't search anything. Have tried Malwarebytes/Ccleaner/Superantispyware professional all to no avail. I am running Windows 7 64-bit so cannot use Combofix. I really hope you guys can help me get rid of this stupid thing. I have read the forum Virus removal rules and here are the logs (plus some):

OTL
OTL logfile created on: 11/15/2010 10:30:08 AM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Owner\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 47.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397.17 Gb Total Space | 1327.56 Gb Free Space | 95.02% Space Free | Partition Type: NTFS
Drive F: | 1397.26 Gb Total Space | 138.63 Gb Free Space | 9.92% Space Free | Partition Type: NTFS
Drive G: | 931.28 Gb Total Space | 69.68 Gb Free Space | 7.48% Space Free | Partition Type: FAT32
Drive H: | 931.28 Gb Total Space | 51.98 Gb Free Space | 5.58% Space Free | Partition Type: FAT32

Computer Name: BENS | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/05 17:31:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2010/10/28 21:32:32 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/28 21:32:31 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/10/05 19:59:51 | 000,186,760 | ---- | M] () -- C:\Program Files (x86)\Photodex\ProShowProducer\scsiaccess.exe
PRC - [2010/09/27 18:55:25 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
PRC - [2010/09/13 13:02:00 | 000,039,408 | ---- | M] () -- C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
PRC - [2010/08/31 23:26:04 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010/08/25 12:27:26 | 000,084,464 | ---- | M] () -- C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe
PRC - [2010/04/29 14:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/04/29 14:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/04/29 14:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2009/07/07 13:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/06/02 18:05:58 | 000,457,200 | ---- | M] () -- C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
PRC - [2008/04/23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2004/12/17 08:00:00 | 000,118,784 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files (x86)\WinZip\WZQKPICK.EXE


========== Modules (SafeList) ==========

MOD - [2010/11/05 17:31:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/30 10:09:28 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2010/06/29 12:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/10/11 00:18:27 | 000,607,040 | ---- | M] (TuneUp Software) [On_Demand | Stop_Pending] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010/10/05 19:59:51 | 000,186,760 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Photodex\ProShowProducer\scsiaccess.exe -- (ScsiAccess)
SRV - [2010/09/30 10:14:20 | 001,403,200 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/09/30 10:09:20 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/09/27 18:55:25 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe -- (N360)
SRV - [2010/09/13 13:02:00 | 000,039,408 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe -- (BOT4Service)
SRV - [2010/07/16 05:48:26 | 000,354,288 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe -- (RoxWatch12)
SRV - [2010/07/16 05:48:04 | 001,099,248 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe -- (RoxMediaDB13)
SRV - [2010/04/29 14:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/07/13 00:08:04 | 000,024,168 | ---- | M] (The Within Network, LLC) [Auto | Running] -- C:\Windows\UnsignedThemesSvc.exe -- (UnsignedThemes)
SRV - [2009/07/07 13:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/02 18:05:58 | 000,457,200 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/09/27 18:55:37 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/09/27 18:55:26 | 000,583,296 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\cchpx64.sys -- (ccHP)
DRV:64bit: - [2010/09/27 18:55:26 | 000,476,720 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/09/27 18:55:26 | 000,402,992 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2010/09/27 18:55:26 | 000,334,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\BHDrvx64.sys -- (BHDrvx64)
DRV:64bit: - [2010/09/27 18:55:26 | 000,278,576 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\symtdi.sys -- (SYMTDI)
DRV:64bit: - [2010/09/27 18:55:26 | 000,120,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\symfw.sys -- (SYMFW)
DRV:64bit: - [2010/09/27 18:55:26 | 000,056,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\symndisv.sys -- (SYMNDISV)
DRV:64bit: - [2010/09/27 18:55:26 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2010/09/27 18:55:26 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/09/27 18:55:26 | 000,031,280 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2010/07/07 13:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
DRV:64bit: - [2010/07/07 13:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010/07/07 13:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/07/07 13:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/07/07 13:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/07/07 13:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/07/07 13:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2010/07/07 13:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/07/07 13:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010/07/07 13:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010/07/07 13:15:56 | 000,095,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010/07/07 13:15:56 | 000,095,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010/07/07 13:15:56 | 000,095,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\{EF7AEA4C-EC87-45fd-A909-47D0136316DE}##CTHWIUT.SYS -- ({EF7AEA4C-EC87-45fd-A909-47D0136316DE}##CTHWIUT.SYS)
DRV:64bit: - [2010/07/07 13:15:50 | 000,230,488 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010/07/07 13:15:50 | 000,230,488 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2010/04/29 14:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2010/03/19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/17 13:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 00:09:20 | 000,030,568 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\uxpatch.sys -- (uxpatch)
DRV:64bit: - [2009/07/07 13:48:44 | 000,035,376 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis)
DRV:64bit: - [2009/07/07 13:48:44 | 000,033,328 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:32:17 | 000,404,352 | ---- | M] (Lumanate, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Angel2.sys -- (Angel2)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 00:00:00 | 000,027,632 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SaibVdAd64.sys -- (SaibVdAd64)
DRV:64bit: - [2009/06/02 00:00:00 | 000,027,120 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Sahdad64.sys -- (Sahdad64)
DRV:64bit: - [2009/06/02 00:00:00 | 000,019,952 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Saibad64.sys -- (Saibad64)
DRV:64bit: - [2008/12/14 08:20:54 | 000,030,512 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnpcap.sys -- (pnpcap)
DRV:64bit: - [2008/04/16 07:39:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2010/10/19 15:36:20 | 000,476,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20101112.001\IDSviA64.sys -- (IDSVia64)
DRV - [2010/09/28 03:00:00 | 001,804,336 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101114.003\EX64.SYS -- (NAVEX15)
DRV - [2010/09/28 03:00:00 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101114.003\ENG64.SYS -- (NAVENG)
DRV - [2010/09/27 12:39:14 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/09/27 12:39:14 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/11/12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/10/14 06:24:44 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:3.9.2
FF - prefs.js..extensions.enabledItems: [email protected]:0.5.7amo
FF - prefs.js..extensions.enabledItems: [email protected]:0.3.7
FF - prefs.js..extensions.enabledItems: {1de0de3c-0b5c-4f67-90c6-689623894991}:0.3
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.5
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: [email protected]:0.1.9
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.1.30
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {70d9978a-e867-451c-8c9f-a88135a58c8d}:1.0
FF - prefs.js..keyword.URL: "http://www.bing.com/...?FORM=IEFM1&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/11/04 23:00:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/11/04 22:58:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/09 11:58:47 | 000,000,000 | ---D | M]

[2010/11/04 23:08:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2010/11/14 14:41:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\callrve0.default\extensions
[2010/11/04 23:08:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\callrve0.default\extensions\{1de0de3c-0b5c-4f67-90c6-689623894991}
[2010/11/04 23:08:06 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\callrve0.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2010/11/04 23:08:06 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\callrve0.default\extensions\{70d9978a-e867-451c-8c9f-a88135a58c8d}
[2010/11/04 23:08:06 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\callrve0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/11/04 23:08:06 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\callrve0.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/11/04 23:08:07 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\callrve0.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010/11/08 00:45:41 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\callrve0.default\extensions\[email protected]
[2010/11/08 00:45:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\callrve0.default\extensions\[email protected]
[2010/11/04 23:08:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\callrve0.default\extensions\[email protected]
[2010/11/04 23:08:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\callrve0.default\extensions\[email protected]
[2010/10/03 10:14:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\callrve0.default\extensions\[email protected]
[2010/11/04 23:08:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\callrve0.default\extensions\[email protected]
[2010/11/04 23:08:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\callrve0.default\extensions\[email protected]
[2010/10/06 23:34:48 | 000,001,820 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\FireFox\Profiles\callrve0.default\searchplugins\bing.xml
[2010/11/09 09:47:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/11/04 22:58:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/05 19:09:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/10/27 09:43:40 | 000,000,835 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PopupBlockerBHO.CPopupBlockerBHO) - {0D929918-C804-4756-B0AC-640EF3F061E9} - C:\Program Files (x86)\SmartPopupBlocker\PopupBlockerBHO.dll (aa)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [CPMonitor] C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell....r/SysProExe.CAB (WMI Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/18 11:50:50 | 000,000,000 | ---D | M] - G:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2007/08/20 21:55:06 | 000,000,070 | RH-- | M] () - G:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2008/02/18 11:50:50 | 000,000,000 | ---D | M] - H:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2007/08/20 21:55:06 | 000,000,070 | RH-- | M] () - H:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/15 10:29:14 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2010/11/09 12:00:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\AdobeUM
[2010/11/09 11:57:20 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF
[2010/11/09 09:44:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Logs
[2010/11/09 00:24:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/11/08 15:13:23 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Misc Presentations
[2010/11/08 15:00:56 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Clinician 1 Materials
[2010/11/07 11:32:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Feedback Tool
[2010/11/05 02:42:15 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/11/05 02:35:28 | 000,000,000 | -H-D | C] -- C:\$WINDOWS.~Q
[2010/11/05 02:30:27 | 000,000,000 | -H-D | C] -- C:\$INPLACE.~TR
[2010/11/04 22:53:35 | 000,000,000 | -HSD | C] -- C:\Users\Owner\AppData\Local\Temporary Internet Files
[2010/11/04 22:53:35 | 000,000,000 | -HSD | C] -- C:\Users\Owner\Templates
[2010/11/04 22:53:35 | 000,000,000 | -HSD | C] -- C:\Users\Owner\Start Menu
[2010/11/04 22:53:35 | 000,000,000 | -HSD | C] -- C:\Users\Owner\SendTo
[2010/11/04 22:53:35 | 000,000,000 | -HSD | C] -- C:\Users\Owner\Recent
[2010/11/04 22:53:35 | 000,000,000 | -HSD | C] -- C:\Users\Owner\PrintHood
[2010/11/04 22:53:35 | 000,000,000 | -HSD | C] -- C:\Users\Owner\NetHood
[2010/11/04 22:53:35 | 000,000,000 | -HSD | C] -- C:\Users\Owner\Documents\My Videos
[2010/11/04 22:53:35 | 000,000,000 | -HSD | C] -- C:\Users\Owner\Documents\My Pictures
[2010/11/04 22:53:35 | 000,000,000 | -HSD | C] -- C:\Users\Owner\Documents\My Music
[2010/11/04 22:53:35 | 000,000,000 | -HSD | C] -- C:\Users\Owner\My Documents
[2010/11/04 22:53:35 | 000,000,000 | -HSD | C] -- C:\Users\Owner\Local Settings
[2010/11/04 22:53:35 | 000,000,000 | -HSD | C] -- C:\Users\Owner\AppData\Local\History
[2010/11/04 22:53:35 | 000,000,000 | -HSD | C] -- C:\Users\Owner\Cookies
[2010/11/04 22:53:35 | 000,000,000 | -HSD | C] -- C:\Users\Owner\Application Data
[2010/11/04 22:53:35 | 000,000,000 | -HSD | C] -- C:\Users\Owner\AppData\Local\Application Data
[2010/11/04 22:53:34 | 000,000,000 | --SD | C] -- C:\Users\Owner\AppData\Roaming\Microsoft
[2010/11/04 22:53:34 | 000,000,000 | R--D | C] -- C:\Users\Owner\Videos
[2010/11/04 22:53:34 | 000,000,000 | R--D | C] -- C:\Users\Owner\Saved Games
[2010/11/04 22:53:34 | 000,000,000 | R--D | C] -- C:\Users\Owner\Pictures
[2010/11/04 22:53:34 | 000,000,000 | R--D | C] -- C:\Users\Owner\Music
[2010/11/04 22:53:34 | 000,000,000 | R--D | C] -- C:\Users\Owner\Links
[2010/11/04 22:53:34 | 000,000,000 | R--D | C] -- C:\Users\Owner\Favorites
[2010/11/04 22:53:34 | 000,000,000 | R--D | C] -- C:\Users\Owner\Downloads
[2010/11/04 22:53:34 | 000,000,000 | R--D | C] -- C:\Users\Owner\Documents
[2010/11/04 22:53:34 | 000,000,000 | R--D | C] -- C:\Users\Owner\Desktop
[2010/11/04 22:53:34 | 000,000,000 | -H-D | C] -- C:\Users\Owner\AppData
[2010/11/04 22:53:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Temp
[2010/11/04 22:53:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Microsoft
[2010/11/04 22:53:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Media Center Programs
[2010/11/04 22:52:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2010/11/04 22:49:20 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010/11/04 22:48:26 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/11/04 22:48:17 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/11/04 22:47:23 | 000,466,520 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010/11/04 22:47:23 | 000,445,016 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010/11/04 22:47:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2010/11/04 22:47:12 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\data
[2010/11/04 22:47:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\data
[2010/11/04 22:44:58 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/11/02 05:57:28 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Symantec
[2010/11/01 01:34:42 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/10/27 09:19:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010/10/24 22:57:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2010/10/24 22:36:16 | 007,715,847 | ---- | C] (McAfee Inc.) -- C:\Users\Owner\Desktop\stinger10101075.exe
[2010/10/24 20:08:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Veetle
[2010/10/24 13:55:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Ashampoo
[2010/10/24 13:55:38 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\ashampoo
[2010/10/24 13:55:38 | 000,000,000 | ---D | C] -- C:\ProgramData\ashampoo
[2010/10/24 13:55:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo
[2010/10/24 12:55:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Home Photo Studio
[2010/10/24 12:08:19 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Version Cue
[2010/10/24 12:08:19 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\AdobeStockPhotos
[2010/10/24 11:58:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2010/10/22 13:35:38 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Windows Live Writer
[2010/10/22 13:35:38 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Windows Live Writer
[2010/10/22 10:46:50 | 000,000,000 | ---D | C] -- C:\Windows\en
[2010/10/22 10:44:23 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/10/22 10:43:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar
[2010/10/22 10:43:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bing Bar Installer
[2010/10/22 10:41:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Windows Live
[2010/10/22 09:39:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xvid
[2010/10/17 11:15:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Current My documents
[2010/07/07 11:36:44 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/15 10:01:09 | 001,184,382 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0308000.029\Cat.DB
[2010/11/15 10:00:10 | 000,000,095 | ---- | M] () -- C:\Users\Public\Documents\AcPro7_0_0.sta
[2010/11/14 23:25:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/14 22:31:41 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000002-00000000-00000000-00001102-0000000B-00411102}.rfx
[2010/11/14 14:33:53 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/14 14:33:53 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/09 13:15:30 | 000,002,453 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/11/09 11:58:47 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat 7.0 Professional.lnk
[2010/11/09 09:53:58 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/09 09:53:58 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/09 09:53:58 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/09 09:47:48 | 002,332,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/11/09 09:46:30 | 3219,132,416 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/09 00:24:21 | 000,002,093 | ---- | M] () -- C:\Users\Owner\Desktop\HijackThis.lnk
[2010/11/08 20:46:46 | 000,630,272 | ---- | M] () -- C:\Users\Owner\Desktop\dds.scr
[2010/11/08 00:59:11 | 000,000,857 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/11/08 00:59:11 | 000,000,833 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2010/11/08 00:55:37 | 000,295,424 | ---- | M] () -- C:\Users\Owner\Desktop\nm37q278.exe
[2010/11/08 00:13:37 | 000,001,437 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/07 11:37:21 | 000,000,930 | ---- | M] () -- C:\ProgramData\{550596C6-13E4-262D-8900-000080B58166}
[2010/11/07 10:40:44 | 000,116,507 | ---- | M] () -- C:\Users\Owner\Desktop\crazy.gif
[2010/11/05 22:05:59 | 000,063,336 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000002-00000000-00000000-00001102-0000000B-00411102}.rfx
[2010/11/05 17:31:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2010/11/04 23:25:24 | 000,042,045 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010/11/04 23:25:24 | 000,042,045 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010/11/04 23:19:27 | 000,022,744 | ---- | M] () -- C:\Windows\SysNative\emptyregdb.dat
[2010/11/04 22:47:23 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010/11/04 22:47:23 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010/11/04 22:46:22 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/11/04 20:44:41 | 000,001,890 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010/11/04 20:44:41 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[2010/10/27 09:43:40 | 000,000,835 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/10/25 20:19:28 | 005,268,486 | ---- | M] () -- C:\Users\Owner\Desktop\WinRAR 3.93.zip
[2010/10/25 19:45:29 | 001,405,846 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\3exbb2464EX.exe
[2010/10/24 22:56:05 | 000,886,272 | -H-- | M] () -- C:\Users\Owner\AppData\Roaming\System.Data.SQLite.DLL
[2010/10/24 13:55:38 | 000,001,115 | ---- | M] () -- C:\Users\Owner\Desktop\Ashampoo Photo Commander 8.lnk
[2010/10/24 12:55:44 | 000,000,998 | ---- | M] () -- C:\Users\Public\Desktop\Home Photo Studio.lnk
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/09 13:09:26 | 000,000,095 | ---- | C] () -- C:\Users\Public\Documents\AcPro7_0_0.sta
[2010/11/09 11:58:47 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/11/09 11:58:47 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat 7.0 Professional.lnk
[2010/11/09 00:24:21 | 000,002,093 | ---- | C] () -- C:\Users\Owner\Desktop\HijackThis.lnk
[2010/11/09 00:17:03 | 000,630,272 | ---- | C] () -- C:\Users\Owner\Desktop\dds.scr
[2010/11/08 00:55:40 | 000,295,424 | ---- | C] () -- C:\Users\Owner\Desktop\nm37q278.exe
[2010/11/07 11:36:57 | 000,072,533 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2010/11/07 11:36:57 | 000,072,533 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2010/11/07 11:33:51 | 000,000,930 | ---- | C] () -- C:\ProgramData\{550596C6-13E4-262D-8900-000080B58166}
[2010/11/07 10:40:43 | 000,116,507 | ---- | C] () -- C:\Users\Owner\Desktop\crazy.gif
[2010/11/05 22:15:20 | 000,095,320 | ---- | C] () -- C:\Windows\SysNative\{EF7AEA4C-EC87-45fd-A909-47D0136316DE}##CTHWIUT.SYS
[2010/11/04 23:26:55 | 3219,132,416 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/04 23:19:27 | 000,022,744 | ---- | C] () -- C:\Windows\SysNative\emptyregdb.dat
[2010/11/04 22:53:34 | 000,000,290 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/11/04 22:53:34 | 000,000,272 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/11/04 22:46:22 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/11/04 20:44:41 | 000,001,890 | ---- | C] () -- C:\Windows\diagwrn.xml
[2010/11/04 20:44:41 | 000,001,890 | ---- | C] () -- C:\Windows\diagerr.xml
[2010/10/25 20:19:32 | 005,268,486 | ---- | C] () -- C:\Users\Owner\Desktop\WinRAR 3.93.zip
[2010/10/25 19:45:29 | 001,405,846 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\3exbb2464EX.exe
[2010/10/24 22:55:56 | 000,886,272 | -H-- | C] () -- C:\Users\Owner\AppData\Roaming\System.Data.SQLite.DLL
[2010/10/24 13:55:38 | 000,001,115 | ---- | C] () -- C:\Users\Owner\Desktop\Ashampoo Photo Commander 8.lnk
[2010/10/24 12:55:44 | 000,000,998 | ---- | C] () -- C:\Users\Public\Desktop\Home Photo Studio.lnk
[2010/10/22 09:39:44 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/10/22 09:39:44 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/10/22 09:39:44 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2010/09/27 11:43:05 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2010/07/07 12:23:10 | 000,017,868 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2010/07/07 12:23:06 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2010/07/07 11:33:04 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/01 01:12:32 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini

========== LOP Check ==========

[2010/11/04 23:07:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Ashampoo
[2010/11/04 23:07:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BitTorrent
[2010/11/04 23:07:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Boilsoft
[2010/11/04 23:07:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Command & Conquer 3 Kane's Wrath
[2010/11/04 23:07:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2010/11/04 23:07:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GetRightToGo
[2010/11/04 23:07:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LimeWire
[2010/11/04 23:08:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\NCH Swift Sound
[2010/11/04 23:08:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Netscape
[2010/11/04 23:08:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenOffice.org
[2010/11/04 23:08:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Opera
[2010/11/04 23:08:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PeaZip
[2010/11/04 23:08:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Photodex
[2010/10/05 13:45:21 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Recordpad
[2010/11/04 23:08:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Simple Star
[2010/11/04 23:08:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SoftGrid Client
[2010/10/10 16:19:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TP
[2010/11/04 23:08:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TuneUp Software
[2010/11/04 23:08:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Windows Live Writer
[2009/07/14 00:08:49 | 000,003,378 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:24:52 AM, on 11/9/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v9.00 (9.00.7930.16406)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files (x86)\WinZip\WZQKPICK.EXE
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\CCleaner\CCleaner.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: PopupBlockerBHO.CPopupBlockerBHO - {0D929918-C804-4756-B0AC-640EF3F061E9} - C:\Program Files (x86)\SmartPopupBlocker\PopupBlockerBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O3 - Toolbar: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files (x86)\WinZip\WZQKPICK.EXE
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell....r/SysProExe.CAB
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creat...15112/CTPID.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: BOT4Service - Unknown owner - C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMSAccess - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxMediaDB13 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Unsigned Themes (UnsignedThemes) - The Within Network, LLC - C:\Windows\UnsignedThemesSvc.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11943 bytes

DDS:

DDS (Ver_10-11-09.01) - NTFS_AMD64
Run by Owner at 10:22:24.51 on Mon 11/15/2010
Internet Explorer: 9.0.7930.16406 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4093.2070 [GMT -5:00]

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\UnsignedThemesSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\WinZip\WZQKPICK.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe
C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Owner\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
BHO: PopupBlockerBHO.CPopupBlockerBHO: {0d929918-c804-4756-b0ac-640ef3f061e9} - C:\Program Files (x86)\SmartPopupBlocker\PopupBlockerBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\coIEPlg.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe"
mRun: [Acrobat Assistant 7.0] "C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
mRun: [<NO NAME>]
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEA~1.LNK - C:\Windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINZIP~1.LNK - C:\Program Files (x86)\WinZip\WZQKPICK.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\CoIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\callrve0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\callrve0.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-9-27 55856]
R0 Sahdad64;HDD Filter Driver;C:\Windows\System32\drivers\Sahdad64.sys [2010-9-27 27120]
R0 Saibad64;Volume Filter Driver;C:\Windows\System32\drivers\Saibad64.sys [2010-9-27 19952]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0308000.029\SymEFA64.sys [2010-9-27 402992]
R1 BHDrvx64;Symantec Heuristics Driver;C:\Windows\System32\drivers\N360x64\0308000.029\BHDrvx64.sys [2010-9-27 334384]
R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\N360x64\0308000.029\cchpx64.sys [2010-9-27 583296]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20101112.001\IDSviA64.sys [2010-10-19 476720]
R1 SaibVdAd64;Virtual Disk Driver;C:\Windows\System32\drivers\SaibVdAd64.sys [2010-9-27 27632]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [2009-6-2 457200]
R2 BOT4Service;BOT4Service;C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [2010-8-30 39408]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-10-7 304464]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2010-9-27 117640]
R2 pnpcap;Pure Networks Packet Capture Driver;C:\Windows\System32\drivers\pnpcap.sys [2010-9-29 30512]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-9-30 1403200]
R2 UnsignedThemes;Unsigned Themes;C:\Windows\UnsignedThemesSvc.exe [2009-7-13 24168]
R2 uxpatch;uxpatch;C:\Windows\System32\drivers\uxpatch.sys [2009-7-13 30568]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-9-28 132656]
R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\System32\drivers\ha20x22k.sys [2010-7-7 1612888]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-9-27 24664]
R3 SYMNDISV;Symantec Network Filter Driver;C:\Windows\System32\drivers\N360x64\0308000.029\symndisv.sys [2010-9-27 56880]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam.sys [2008-4-16 14464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [2010-7-16 354288]
S3 {EF7AEA4C-EC87-45fd-A909-47D0136316DE}##CTHWIUT.SYS;{EF7AEA4C-EC87-45fd-A909-47D0136316DE}##CTHWIUT.SYS;C:\Windows\System32\{EF7AEA4C-EC87-45fd-A909-47D0136316DE}##CTHWIUT.SYS [2010-11-5 95320]
S3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2010-7-7 230488]
S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2010-7-7 230488]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-7-7 1445976]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-7-7 1445976]
S3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2010-7-7 95320]
S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2010-7-7 95320]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RoxMediaDB13;RoxMediaDB13;C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2010-7-16 1099248]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-27 1255736]

=============== Created Last 30 ================

2010-11-09 05:24:21 -------- d-----w- C:\Program Files (x86)\Trend Micro
2010-11-07 16:35:59 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll
2010-11-07 16:34:19 466432 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2010-11-07 16:34:19 279552 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2010-11-07 16:34:19 229888 ----a-w- C:\Windows\System32\XpsRasterService.dll
2010-11-07 16:34:19 135168 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll
2010-11-07 16:33:20 1863680 ----a-w- C:\Windows\System32\ExplorerFrame.dll
2010-11-07 16:33:20 1495040 ----a-w- C:\Windows\SysWow64\ExplorerFrame.dll
2010-11-07 16:32:47 -------- d-----w- C:\Program Files (x86)\Feedback Tool
2010-11-06 07:10:56 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2010-11-06 07:10:56 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2010-11-06 07:00:55 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2010-11-06 03:15:20 95320 ----a-w- C:\Windows\System32\{EF7AEA4C-EC87-45fd-A909-47D0136316DE}##CTHWIUT.SYS
2010-11-05 07:42:15 -------- d-----w- C:\Windows\Panther
2010-11-05 07:35:28 -------- d--h--w- C:\$WINDOWS.~Q
2010-11-05 07:30:27 -------- d--h--w- C:\$INPLACE.~TR
2010-11-05 07:08:55 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-11-05 07:07:55 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-11-05 07:07:55 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-11-05 07:07:55 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-11-05 07:07:55 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-11-05 07:07:54 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-11-05 07:07:49 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2010-11-05 07:07:49 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2010-11-05 07:07:49 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-11-05 07:07:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-11-05 07:07:47 51712 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2010-11-05 07:07:47 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2010-11-05 07:05:25 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-11-05 04:47:07 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2010-11-05 04:47:07 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2010-11-05 04:47:07 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2010-11-05 04:47:07 444752 ----a-w- C:\Windows\System32\mscoree.dll
2010-11-05 04:47:07 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2010-11-05 04:47:07 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2010-11-05 04:47:07 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2010-11-05 04:47:07 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2010-11-05 04:47:07 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2010-11-05 04:47:06 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2010-11-05 04:37:07 220672 ----a-w- C:\Windows\System32\wintrust.dll
2010-11-05 04:37:07 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2010-11-05 04:37:06 139264 ----a-w- C:\Windows\System32\cabview.dll
2010-11-05 04:37:06 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2010-11-05 03:52:40 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll
2010-11-05 03:48:26 -------- d-sh--w- C:\Windows\Installer
2010-11-05 03:48:17 -------- d-----w- C:\Program Files\NVIDIA Corporation
2010-11-05 03:47:23 466520 ----a-w- C:\Windows\System32\wrap_oal.dll
2010-11-05 03:47:23 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2010-11-05 03:47:23 123480 ----a-w- C:\Windows\System32\OpenAL32.dll
2010-11-05 03:47:23 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2010-11-05 03:47:23 -------- d-----w- C:\Program Files (x86)\OpenAL
2010-11-05 03:47:12 -------- d-----w- C:\Windows\SysWow64\data
2010-11-05 03:47:09 -------- d-----w- C:\Windows\System32\data
2010-11-02 10:57:28 -------- d-----w- C:\Users\Owner\AppData\Local\Symantec
2010-10-26 00:45:29 1405846 ----a-w- C:\Users\Owner\AppData\Roaming\3exbb2464EX.exe
2010-10-25 03:55:56 886272 ---ha-w- C:\Users\Owner\AppData\Roaming\System.Data.SQLite.DLL
2010-10-25 01:08:19 -------- d-----w- C:\Program Files (x86)\Veetle
2010-10-24 18:55:45 -------- d-----w- C:\Users\Owner\AppData\Roaming\Ashampoo
2010-10-24 18:55:38 -------- d-----w- C:\Users\Owner\AppData\Local\ashampoo
2010-10-24 18:55:38 -------- d-----w- C:\PROGRA~3\ashampoo
2010-10-24 18:55:19 -------- d-----w- C:\Program Files (x86)\Ashampoo
2010-10-24 17:55:34 -------- d-----w- C:\Program Files (x86)\Home Photo Studio
2010-10-24 16:58:42 -------- d-----w- C:\Windows\SysWow64\spool
2010-10-22 18:35:38 -------- d-----w- C:\Users\Owner\AppData\Roaming\Windows Live Writer
2010-10-22 18:35:38 -------- d-----w- C:\Users\Owner\AppData\Local\Windows Live Writer
2010-10-22 15:46:50 -------- d-----w- C:\Windows\en
2010-10-22 15:43:21 -------- d-----w- C:\Program Files (x86)\MSN Toolbar
2010-10-22 15:43:06 -------- d-----w- C:\Program Files (x86)\Bing Bar Installer
2010-10-22 15:42:12 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b0781ce01cb71ff09\InstallManager_WLE_WLE.exe
2010-10-22 15:42:07 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ae1dd9301cb71ff07\DXSETUP.exe
2010-10-22 15:42:07 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ae1dd9301cb71ff07\dsetup32.dll
2010-10-22 15:42:06 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ae1dd9301cb71ff07\DSETUP.dll
2010-10-22 15:42:05 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ad2b3bd01cb71ff06\DSETUP.dll
2010-10-22 15:42:05 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ad2b3bd01cb71ff06\DXSETUP.exe
2010-10-22 15:42:05 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ad2b3bd01cb71ff06\dsetup32.dll
2010-10-22 15:41:52 -------- d-----w- C:\Users\Owner\AppData\Local\Windows Live
2010-10-22 14:39:44 815104 ----a-w- C:\Windows\SysWow64\xvidcore.dll
2010-10-22 14:39:44 77824 ----a-w- C:\Windows\SysWow64\xvid.ax
2010-10-22 14:39:44 180224 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
2010-10-22 14:39:44 -------- d-----w- C:\Program Files (x86)\Xvid

==================== Find3M ====================

2010-10-06 00:09:02 423656 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-09-30 15:15:00 34624 ----a-w- C:\Windows\System32\TURegOpt.exe
2010-09-30 15:09:36 25920 ----a-w- C:\Windows\System32\authuitu.dll
2010-09-30 15:09:32 21312 ----a-w- C:\Windows\SysWow64\authuitu.dll
2010-09-30 15:09:28 36160 ----a-w- C:\Windows\System32\uxtuneup.dll
2010-09-30 15:09:20 30016 ----a-w- C:\Windows\SysWow64\uxtuneup.dll
2010-09-23 04:47:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2010-09-23 04:32:56 301936 ----a-w- C:\Windows\WLXPGSS.SCR
2010-09-21 18:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL
2010-09-21 18:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL
2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-09-08 15:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-09-08 15:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-09-01 05:46:36 1355264 ----a-w- C:\Windows\SysWow64\jscript9.dll
2010-09-01 05:44:32 367104 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-01 05:44:30 1448448 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2010-09-01 05:44:24 1122304 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-01 05:44:06 424960 ----a-w- C:\Windows\SysWow64\vbscript.dll
2010-09-01 05:43:22 23552 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-01 05:43:12 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2010-09-01 05:43:12 114176 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2010-09-01 05:43:10 76800 ----a-w- C:\Windows\SysWow64\SetIEInstalledDate.exe
2010-09-01 05:43:10 74752 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2010-09-01 05:43:02 448512 ----a-w- C:\Windows\System32\html.iec
2010-09-01 05:41:56 601088 ----a-w- C:\Windows\System32\vbscript.dll
2010-09-01 05:40:56 76800 ----a-w- C:\Windows\System32\tdc.ocx
2010-09-01 05:40:40 215552 ----a-w- C:\Windows\System32\msls31.dll
2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll
2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll
2010-08-21 06:31:06 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll

============= FINISH: 10:23:41.36 ===============
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP