[ctannehill]

Ok, ironically just got off phone with a friend that says he picked up some weird virus that changed his desktop and there was nothing he could do about it. I walked into the house and grabbed a drink, when my son came up to me and said there was something weird going on with the computer. Sure enough, the same background on my desktop as was described by my fried.
This thing is a bear, it continuously pops up messages stating it has found more infected programs, it contantly opens a scan dialog box telling me to fix all viruses found, if you right click on the system tools icon in the task bar it takes you to a buy now screen giving options all the way to lifetime subscribtion.
I am not able to run any programs or launch task manager. I am at a loss and don't know what to do. I read a thread here that someone had success so I will just post my hijack this log here now.... Thanks in advance if you can help me out.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:58:51 AM, on 12/20/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Tannehill Family\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ossfire&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ossfire&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ossfire&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\SysWOW64\Userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe
O4 - HKLM\..\Run: [HP KEYBOARD] "C:\Program Files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.EXE"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe" /tray
O4 - HKLM\..\Run: [Buttons & OSDs control application gen2] "C:\Program Files (x86)\HP\Buttons & OSDs control application gen2\MediaButtons.exe"
O4 - HKLM\..\Run: [UCam_Menu] "c:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPSmartCenterBoot] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\SmartCenter 2.0\SmartCenter.exe
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: Web-Based Email Tools - http://email.secures...et/Download.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: CalendarSynchService - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Touch Screen Enhance - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnSrv.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMSAccess - Unknown owner - C:\Program Files (x86)\Blaze Media Pro\NMSAccess32.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: SAMSUNG WiselinkPro Service (WiselinkPro) - Unknown owner - C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11129 bytes

[Advertisements]

Hello ctannehill, and welcome to GeeksToGo! My name is Mitch8 and I will be helping you with your problem. Here are a few things I would like to point out:

• Please post your logs, don't attach them unless stated.
• Please read my posts carefully and if you have any questions ask.
• Stay with this topic until I tell you that your system is clean. Malware can still be on your system even if you don't notice it.

Hijackthis is an outdated program. We are going to use a new one.

Note: If using Firefox right-click on any download links and choose Save As

Please download OTH to your desktop
Please download OTL to your desktop

Double click the OTH file to run it and click Kill All Processes, your desktop will go blank.



Then select Start OTL. OTL will now run

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Click the Internet Explorer button, post these logs in your Virus Removal topic.

[mitch8]

Hello ctannehill, and welcome to GeeksToGo! My name is Mitch8 and I will be helping you with your problem. Here are a few things I would like to point out:

• Please post your logs, don't attach them unless stated.
• Please read my posts carefully and if you have any questions ask.
• Stay with this topic until I tell you that your system is clean. Malware can still be on your system even if you don't notice it.

Hijackthis is an outdated program. We are going to use a new one.

Note: If using Firefox right-click on any download links and choose Save As

Please download OTH to your desktop
Please download OTL to your desktop

Double click the OTH file to run it and click Kill All Processes, your desktop will go blank.



Then select Start OTL. OTL will now run

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Click the Internet Explorer button, post these logs in your Virus Removal topic.

[ctannehill]

let me preface by saying thank you for taking this on.
Mind you I tried the following both in safe mode and regular mode.
I installed otl as instructed, then clicked on kill all process when doing so nothing happens at all.
I then clicked on start OTL and it gives me an error: "no executable version of OTL.exe was found".

[mitch8]

Hi,

Please download OTL to your desktop. Then try it again.

[ctannehill]

OTL.txt

OTL logfile created on: 12/20/2010 1:00:39 PM - Run 1
OTL by OldTimer - Version 3.2.17.4 Folder = C:\Users\Tannehill Family\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.27 Gb Total Space | 312.52 Gb Free Space | 68.80% Space Free | Partition Type: NTFS
Drive D: | 11.49 Gb Total Space | 1.50 Gb Free Space | 13.09% Space Free | Partition Type: NTFS

Computer Name: TANNEHILLFAM-PC | User Name: Tannehill Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/20 12:56:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tannehill Family\Desktop\OTL.scr
PRC - [2010/03/09 04:24:10 | 002,769,336 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/03/09 04:24:08 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/01/26 18:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil10e.exe
PRC - [2009/07/15 12:43:46 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/12 06:15:52 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\Blaze Media Pro\NMSAccess32.exe
PRC - [2008/06/13 11:06:50 | 000,034,096 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
PRC - [2008/06/13 11:06:48 | 000,021,296 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
PRC - [2008/05/15 18:09:34 | 000,080,176 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Controls\Controls.exe
PRC - [2008/05/15 18:02:54 | 003,590,960 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\SmartCenter 2.0\SmartCenter.exe
PRC - [2008/05/15 18:00:46 | 000,080,176 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Messages\Messages.exe
PRC - [2008/05/03 14:15:46 | 000,065,536 | ---- | M] (Hewlett-Packard) -- c:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnProxy.exe
PRC - [2008/05/03 14:15:42 | 000,101,376 | ---- | M] (Hewlett-Packard) -- c:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnSrv.EXE


========== Modules (SafeList) ==========

MOD - [2010/12/20 12:56:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tannehill Family\Desktop\OTL.scr
MOD - [2010/08/31 09:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/09 04:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/03/09 04:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/03/09 04:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/10/19 04:10:30 | 000,089,600 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/15 12:43:46 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2009/01/12 06:15:52 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Blaze Media Pro\NMSAccess32.exe -- (NMSAccess)
SRV - [2009/01/08 08:38:46 | 004,136,960 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe -- (WiselinkPro)
SRV - [2008/07/27 12:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/06/13 11:06:48 | 000,021,296 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe -- (CalendarSynchService)
SRV - [2008/05/03 14:15:42 | 000,101,376 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnSrv.EXE -- (HP Touch Screen Enhance)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2010/03/09 04:08:56 | 000,063,568 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2009/08/28 19:42:52 | 000,049,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/07/15 12:43:30 | 000,020,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\PdiPorts.sys -- (PdiPorts)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/06/06 05:56:50 | 000,382,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/05/14 06:00:50 | 001,134,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AVerBDA716x_x64.sys -- (AVerBDA6x_x64)
DRV:64bit: - [2008/05/05 15:23:36 | 000,448,000 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr28x.sys -- (netr28x)
DRV:64bit: - [2008/05/05 07:05:02 | 000,015,928 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OSDACPI.SYS -- (ACPIService)
DRV:64bit: - [2008/02/15 09:20:10 | 000,497,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2008/02/14 08:56:14 | 000,160,768 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/01/20 20:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2007/10/15 07:53:18 | 000,090,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2007/10/15 07:53:18 | 000,019,496 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2007/10/15 07:53:16 | 000,117,288 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2007/05/17 12:38:06 | 000,033,584 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2006/09/18 15:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2008/03/26 12:02:08 | 000,025,888 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\PC-Doctor 5 for Windows\pcd5srvc_x64.pkms -- (PCD5SRVC{E2AF211B-86DA020A-05040000})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ossfire&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ossfire&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ossfire&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ossfire&pf=cndt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ossfire&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.ask.com?o...?o=15494&l=dis"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.1
FF - prefs.js..extensions.enabledItems: gamebox@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/15 15:56:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/15 15:56:15 | 000,000,000 | ---D | M]

[2010/01/26 18:22:06 | 000,000,000 | ---D | M] -- C:\Users\Tannehill Family\AppData\Roaming\Mozilla\Extensions
[2010/12/13 22:00:51 | 000,000,000 | ---D | M] -- C:\Users\Tannehill Family\AppData\Roaming\Mozilla\Firefox\Profiles\fqssgpsp.default\extensions
[2010/01/26 18:39:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tannehill Family\AppData\Roaming\Mozilla\Firefox\Profiles\fqssgpsp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/07 19:51:46 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Tannehill Family\AppData\Roaming\Mozilla\Firefox\Profiles\fqssgpsp.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/05/18 18:51:18 | 000,000,000 | ---D | M] -- C:\Users\Tannehill Family\AppData\Roaming\Mozilla\Firefox\Profiles\fqssgpsp.default\extensions\gamebox@toolbar
[2010/09/05 21:07:07 | 000,002,566 | ---- | M] () -- C:\Users\Tannehill Family\AppData\Roaming\Mozilla\Firefox\Profiles\fqssgpsp.default\searchplugins\askcom.xml
[2010/05/18 18:49:41 | 000,001,594 | ---- | M] () -- C:\Users\Tannehill Family\AppData\Roaming\Mozilla\Firefox\Profiles\fqssgpsp.default\searchplugins\web-search.xml
[2010/01/26 18:21:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/09/18 15:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HP Health Check Scheduler] File not found
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL ()
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL ()
O4:64bit: - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe File not found
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [Buttons & OSDs control application gen2] C:\Program Files (x86)\HP\Buttons & OSDs control application gen2\MediaButtons.exe ()
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [HP KEYBOARD] C:\Program Files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.EXE (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe (OsdMaestro)
O4 - HKLM..\Run: [PivotSoftware] C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe ()
O4 - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TSMAgent] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] c:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [HPSmartCenterBoot] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\SmartCenter 2.0\SmartCenter.exe (Hewlett-Packard)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Web-Based Email Tools http://email.secures...et/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{575c2aae-ffe1-11de-9b35-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{575c2aae-ffe1-11de-9b35-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Installer.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/20 12:57:58 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2010/12/20 12:56:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tannehill Family\Desktop\OTL.scr
[2010/12/20 12:12:39 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Users\Tannehill Family\Desktop\OTH.scr
[2010/12/20 09:58:37 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Tannehill Family\Desktop\HijackThis.exe
[2010/12/20 09:39:36 | 000,532,480 | ---- | C] (Trend Micro Incorporated) -- C:\Users\Tannehill Family\Desktop\cwshredder.exe
[2010/12/20 09:29:53 | 000,090,112 | ---- | C] (Malwarebytes) -- C:\Users\Tannehill Family\Desktop\AboutBuster.exe
[2010/12/15 19:58:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2010/12/15 19:58:20 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/12/15 19:47:27 | 000,000,000 | ---D | C] -- C:\Users\Tannehill Family\AppData\Roaming\Malwarebytes
[2010/12/15 19:47:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/12/15 19:47:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/12/15 19:47:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/12/15 19:41:14 | 007,622,112 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Tannehill Family\Desktop\mbam-setup-1.50.0.0.exe
[2010/12/15 19:40:09 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Tannehill Family\Desktop\spybotsd162.exe
[2010/12/15 19:08:37 | 000,000,000 | ---D | C] -- C:\ProgramData\cJbAl06308
[2010/12/13 20:11:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010/12/13 16:10:19 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment
[2010/12/13 07:28:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2010/12/13 07:27:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard

========== Files - Modified Within 30 Days ==========

[2010/12/20 12:56:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tannehill Family\Desktop\OTL.scr
[2010/12/20 12:21:11 | 002,961,494 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/12/20 12:21:11 | 000,921,534 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/12/20 12:21:11 | 000,005,534 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/12/20 12:17:02 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/20 12:16:40 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/20 12:16:40 | 000,000,274 | ---- | M] () -- C:\Windows\tasks\PersonalSec.job
[2010/12/20 12:16:30 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/20 12:16:30 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/20 12:16:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/20 12:14:40 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Users\Tannehill Family\Desktop\OTH.scr
[2010/12/20 09:58:42 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Tannehill Family\Desktop\HijackThis.exe
[2010/12/20 09:45:57 | 000,000,732 | ---- | M] () -- C:\Users\Tannehill Family\AppData\Local\d3d9caps64.dat
[2010/12/20 09:39:39 | 000,532,480 | ---- | M] (Trend Micro Incorporated) -- C:\Users\Tannehill Family\Desktop\cwshredder.exe
[2010/12/20 09:39:10 | 000,003,989 | ---- | M] () -- C:\Users\Tannehill Family\Desktop\cwsserviceremove.reg
[2010/12/20 08:49:21 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/12/20 08:49:00 | 000,028,884 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/12/19 19:02:13 | 000,001,356 | ---- | M] () -- C:\Users\Tannehill Family\AppData\Local\d3d9caps.dat
[2010/12/18 15:57:27 | 000,000,751 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010/12/16 20:52:24 | 000,002,279 | ---- | M] () -- C:\Users\Tannehill Family\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/12/15 19:41:20 | 007,622,112 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Tannehill Family\Desktop\mbam-setup-1.50.0.0.exe
[2010/12/15 19:40:13 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Tannehill Family\Desktop\spybotsd162.exe
[2010/12/15 19:06:38 | 000,002,010 | ---- | M] () -- C:\Users\Tannehill Family\AppData\Roaming\wklnhst.dat
[2010/12/15 19:01:36 | 000,028,884 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/12/15 14:11:59 | 000,000,520 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Tannehill Family.job
[2010/12/15 03:29:25 | 000,309,832 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/12/13 18:00:31 | 000,000,000 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk.temp
[2010/12/06 20:47:19 | 000,016,384 | ---- | M] () -- C:\Users\Tannehill Family\Documents\communications paper.wps
[2010/12/02 22:11:56 | 000,013,824 | ---- | M] () -- C:\Users\Tannehill Family\Documents\t.wps
[2010/12/02 22:11:51 | 000,014,848 | ---- | M] () -- C:\Users\Tannehill Family\Documents\d.wps
[2010/12/01 20:05:51 | 000,029,184 | ---- | M] () -- C:\Users\Tannehill Family\Documents\o.wps
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,024,152 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/11/23 17:05:26 | 000,117,248 | ---- | M] () -- C:\Users\Tannehill Family\Documents\woooooo.wps
[2010/11/23 16:49:24 | 000,046,153 | ---- | M] () -- C:\Users\Tannehill Family\Desktop\Project.docx
[2010/11/23 14:09:10 | 000,009,216 | ---- | M] () -- C:\Users\Tannehill Family\Documents\my project.wps

========== Files Created - No Company Name ==========

[2010/12/20 09:39:09 | 000,003,989 | ---- | C] () -- C:\Users\Tannehill Family\Desktop\cwsserviceremove.reg
[2010/12/18 15:57:35 | 000,001,356 | ---- | C] () -- C:\Users\Tannehill Family\AppData\Local\d3d9caps.dat
[2010/12/15 19:58:36 | 000,001,848 | ---- | C] () -- C:\Users\Tannehill Family\AppData\Local\dd_vcredistMSI7243.txt
[2010/12/15 19:58:35 | 000,010,614 | ---- | C] () -- C:\Users\Tannehill Family\AppData\Local\dd_vcredistUI7247.txt
[2010/12/15 19:58:34 | 000,011,480 | ---- | C] () -- C:\Users\Tannehill Family\AppData\Local\dd_vcredistUI7243.txt
[2010/12/15 19:47:14 | 000,024,152 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/12/14 20:34:11 | 009,259,520 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/12/14 20:34:08 | 012,474,368 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/12/14 20:34:08 | 002,340,864 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/12/14 20:34:08 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2010/12/14 20:34:06 | 001,486,848 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/12/14 20:34:06 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/12/14 20:34:05 | 000,710,656 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/12/14 20:34:05 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/12/14 20:34:05 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/12/14 20:34:05 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/12/14 20:34:05 | 000,096,768 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll
[2010/12/14 20:34:05 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2010/12/14 20:34:04 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2010/12/14 20:34:04 | 000,479,232 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2010/12/14 20:34:04 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2010/12/14 20:34:04 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/12/14 20:34:04 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2010/12/14 20:34:04 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2010/12/14 20:34:04 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2010/12/14 20:34:04 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2010/12/14 20:34:04 | 000,056,832 | ---- | C] () -- C:\Windows\SysNative\licmgr10.dll
[2010/12/14 20:34:04 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/12/14 20:34:03 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/12/14 20:34:03 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2010/12/14 20:32:48 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2010/12/14 19:50:05 | 000,367,104 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll
[2010/12/14 19:50:05 | 000,096,256 | ---- | C] () -- C:\Windows\SysNative\fontsub.dll
[2010/12/14 19:50:05 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll
[2010/12/14 19:49:55 | 000,854,528 | ---- | C] () -- C:\Windows\SysNative\schedsvc.dll
[2010/12/14 19:49:55 | 000,655,872 | ---- | C] () -- C:\Windows\SysNative\taskschd.dll
[2010/12/14 19:49:55 | 000,499,712 | ---- | C] () -- C:\Windows\SysNative\wmicmiplugin.dll
[2010/12/14 19:49:55 | 000,410,112 | ---- | C] () -- C:\Windows\SysNative\taskcomp.dll
[2010/12/14 19:49:55 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\taskeng.exe
[2010/12/14 19:49:33 | 000,087,552 | ---- | C] () -- C:\Windows\SysNative\consent.exe
[2010/12/14 19:49:12 | 002,751,488 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2010/12/13 18:19:23 | 000,000,751 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010/12/13 18:00:31 | 000,000,000 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk.temp
[2010/12/06 20:47:19 | 000,016,384 | ---- | C] () -- C:\Users\Tannehill Family\Documents\communications paper.wps
[2010/12/02 22:11:56 | 000,013,824 | ---- | C] () -- C:\Users\Tannehill Family\Documents\t.wps
[2010/12/02 22:11:51 | 000,014,848 | ---- | C] () -- C:\Users\Tannehill Family\Documents\d.wps
[2010/11/23 17:05:26 | 000,117,248 | ---- | C] () -- C:\Users\Tannehill Family\Documents\woooooo.wps
[2010/11/23 16:49:15 | 000,046,153 | ---- | C] () -- C:\Users\Tannehill Family\Desktop\Project.docx
[2010/11/23 14:09:10 | 000,009,216 | ---- | C] () -- C:\Users\Tannehill Family\Documents\my project.wps
[2010/11/22 20:33:00 | 000,029,184 | ---- | C] () -- C:\Users\Tannehill Family\Documents\o.wps
[2010/06/17 18:36:13 | 000,028,884 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/06/17 18:35:56 | 000,028,884 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/06/12 18:26:45 | 000,007,432 | ---- | C] () -- C:\Windows\SysWow64\Machnm32.sys
[2010/03/28 13:10:00 | 000,427,866 | ---- | C] () -- C:\Users\Tannehill Family\AppData\Local\dd_vcredistMSI42B1.txt
[2010/03/28 13:09:58 | 000,011,642 | ---- | C] () -- C:\Users\Tannehill Family\AppData\Local\dd_vcredistUI42B1.txt
[2010/03/11 20:57:51 | 000,000,732 | ---- | C] () -- C:\Users\Tannehill Family\AppData\Local\d3d9caps64.dat
[2010/02/08 19:32:22 | 000,002,010 | ---- | C] () -- C:\Users\Tannehill Family\AppData\Roaming\wklnhst.dat
[2010/01/19 20:59:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/12 19:29:25 | 000,015,872 | ---- | C] () -- C:\Users\Tannehill Family\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/03 17:07:10 | 003,754,896 | ---- | C] () -- C:\Windows\SysWow64\erdmpg-6.dll
[2008/09/28 11:33:01 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\Manipulate.dll
[2008/08/28 05:20:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\comLyricGetter.dll
[2008/08/28 05:17:22 | 000,097,280 | ---- | C] () -- C:\Windows\SysWow64\Uncommon.dll
[2008/08/28 05:17:20 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\NormalizeDSP.dll
[2008/07/03 21:45:57 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008/07/03 21:45:57 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/06/13 11:06:46 | 000,058,672 | ---- | C] () -- C:\Windows\SysWow64\ASUSACPIDLL.dll
[2008/01/20 20:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 20:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006/11/06 13:30:38 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll

========== LOP Check ==========

[2010/04/29 10:01:17 | 000,000,000 | ---D | M] -- C:\Users\Tannehill Family\AppData\Roaming\BitTorrent
[2010/04/22 23:00:33 | 000,000,000 | ---D | M] -- C:\Users\Tannehill Family\AppData\Roaming\ImgBurn
[2010/01/12 19:34:12 | 000,000,000 | ---D | M] -- C:\Users\Tannehill Family\AppData\Roaming\muvee Technologies
[2010/02/08 19:32:25 | 000,000,000 | ---D | M] -- C:\Users\Tannehill Family\AppData\Roaming\Template
[2010/01/13 19:48:38 | 000,000,000 | ---D | M] -- C:\Users\Tannehill Family\AppData\Roaming\WinBatch
[2010/12/20 12:16:40 | 000,000,274 | ---- | M] () -- C:\WINDOWS\Tasks\PersonalSec.job
[2010/12/20 08:49:21 | 000,032,574 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >



Extras.txt

OTL Extras logfile created on: 12/20/2010 1:00:39 PM - Run 1
OTL by OldTimer - Version 3.2.17.4 Folder = C:\Users\Tannehill Family\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.27 Gb Total Space | 312.52 Gb Free Space | 68.80% Space Free | Partition Type: NTFS
Drive D: | 11.49 Gb Total Space | 1.50 Gb Free Space | 13.09% Space Free | Partition Type: NTFS

Computer Name: TANNEHILLFAM-PC | User Name: Tannehill Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallDisableNotify" = 0
"FirewallOverride" = 0
"FirstRunDisabled" =

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0ADC55CB-327E-452C-BFCD-ED41E1E2B231}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5923EAF4-7D14-4E5D-AD96-E96578ADC0F3}" = rport=10243 | protocol=6 | dir=out | app=system |
"{70602E2B-D996-4C76-9AB0-55B81C44485F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8D2A0F49-618E-4C5B-8CE9-5B42AFF2ADCE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9B02A8F8-FF1D-4F4C-9D20-533033BB24D3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AD684287-118B-40A1-9E71-21A138274C6D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C0480E52-7E72-4FE0-8C8B-D22164F3C21D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D5087C45-B8EE-4696-9497-5C9D4507ADF8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DD4B66AE-0AD9-43DE-AC24-3189407E6182}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02667D9D-B143-4AE6-B3A6-1AFB21B74D59}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{06656FB9-8978-4872-9603-2FC11C22D8F3}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{0B656388-CA5C-4D56-ACD3-06D180D28D6C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0BFB14CC-5F79-495D-9CFD-FB4846DAAB2C}" = protocol=6 | dir=out | app=system |
"{1B1E27FD-1018-4E84-BA70-1A15F1746B1E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1CF29BA8-CC9C-4489-8368-19B08CEA5D1C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{31045EA5-9F71-416C-B68A-C73758B2F3FF}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{39DA5F6E-BB9D-4BC8-AD4F-D16CFFBA1BAD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3BF914C2-69FF-42D5-9C40-2A8A4793A867}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{4B0BF2C8-EE1E-49F7-B809-56C231208B9E}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{4D82E481-CC8A-4143-A7BA-2C1004E64C11}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{532424DB-E318-42D5-BD54-50E08B8C90BC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{54F213C0-B6EC-404C-8841-F692331B4802}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{57D3671B-6CC2-44D7-A484-74C9BD338785}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5956F62D-789F-4448-8B1C-190E55B7C5C9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6FEF186F-753A-4416-BF0A-31E2B7235065}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{75F9038F-66F0-4CBA-8FCF-A4FD46CEE656}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{76A03E1E-276C-44C8-9685-3AD5DAC583AD}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7A847CD7-4EF2-4161-BEE8-36CA82F3B96B}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-downloader.exe |
"{7C3E744C-8A3C-44F0-9676-1780D54794B4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{85AC4AF9-93E8-4143-A262-9CD0B7244065}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{8881A398-0AA2-44F7-A602-6C62064244C8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8AF5DAA7-6AD4-4544-983A-326FDF726607}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{8F37FE41-AFE3-4780-A965-8298E9B0CD7F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{92A78467-E117-4D44-BD2D-C57239D50B44}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{9701093B-8171-4BBC-820F-69A68AF225E9}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{977004BF-59AD-4AE1-ACED-214C06283DC6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9E4ADE17-A4C4-47F1-8205-B44A71A7E857}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{A0C51ACE-3909-4BEC-A273-B8FE7CE326DE}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{A41B9668-A083-43A4-8FC0-128D91E6CB08}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{A4B1B8E0-3AEE-4A72-859B-E5A77037CAF5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A813423F-4414-4354-84AB-5C0CD1080890}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{B9C304FD-E11F-4CB6-B747-048E95499E92}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-downloader.exe |
"{C53070AF-E7BA-4454-A024-5C33C229705E}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{CB8ED774-7E0C-4EB4-8099-E157104ED07A}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D2354E9B-0A22-4B0B-8550-508F08C9B326}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{D2F10DBC-2238-4CC7-AFFE-2F2F8D94CD43}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D6D87444-5CC9-414A-BA9E-C6A092DA9C6B}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{DE757263-FFF9-42FB-ABC6-FE7AEB4700BC}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{E2CDF1D8-14A9-44D1-902F-9618B1C25FD0}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{EC79799E-2E20-4C8A-B54B-A0343BFEB20F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EF3BB8A8-8AC5-4AF8-A585-2A0A8D533DAD}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{F541C158-0012-44C8-833D-D8F5076B1F2E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{290559D8-7AD9-4515-AB45-3B11930C69E2}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |
"TCP Query User{582C8E91-31BF-4820-9EDE-3068CFCC0C6E}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{CEA21CDE-9607-4463-8F6E-F57F2B2ACC06}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |
"TCP Query User{CEAF52C4-2AA8-4934-96A2-E688AF29411F}C:\users\tannehill family\appdata\local\temp\lmicc9.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\tannehill family\appdata\local\temp\lmicc9.tmp\lmi_rescue.exe |
"UDP Query User{AA340DBE-DD21-4679-9496-6F14EE0C1105}C:\users\tannehill family\appdata\local\temp\lmicc9.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\tannehill family\appdata\local\temp\lmicc9.tmp\lmi_rescue.exe |
"UDP Query User{CD54B4E1-082F-4799-9793-93A889BFAD24}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{D9960AE4-08A9-4E3E-BC8F-78BE8232FC68}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |
"UDP Query User{E9602C0B-6891-4645-A21F-B996123019DA}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = Bluetooth by hp 6.1.0.2200
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{243579CC-CCE4-42F2-B48B-C90D15687A26}" = HP Touch Screen Configuration
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C9C243B9-03BD-44BA-A592-AB09630AE2D2}" = iTunes
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{13086F8B-2AA9-4488-BC9C-BB6B912A5524}" = muvee autoProducer 6.1
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{5A3736D0-2105-40D5-971C-4FFC2E2C6373}" = HP TouchSmart Calendar
"{5A627DFB-EA4C-4FFA-B711-69E849FB40D8}" = Buttons & OSDs control application gen2
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP TouchSmart Media
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA}" = Blaze Media Pro
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CD7E9E0C-201A-4BB2-8AE6-D939E4511D65}" = HP TouchSmart
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D7BA6898-F0D0-4F23-898B-928530DAF061}" = HP Touch Screen Enhance Service
"{E0810CC2-4B5B-4439-B1D0-452306AF2D64}" = HP Active Support Library
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F31E9A47-0177-4DB6-849C-6BE6DA942A45}" = HP TouchSmart Notes
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast5" = avast! Free Antivirus
"AVerMedia MiniCard Hybrid TV" = AVerMedia MiniCard Hybrid TV 1.3.64.53
"BitTorrent" = BitTorrent
"Blaze Media Pro" = Blaze Media Pro
"Host OpenAL (ADI)" = Host OpenAL (ADI)
"HP KEYBOARD V1.5.2_is1" = HP KEYBOARD V1.5.2
"ImgBurn" = ImgBurn
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP TouchSmart Media
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"MainConcept Encoder x64 for AVerMedia" = MainConcept Encoder x64 for AVerMedia 1.2.3374.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MapleStory" = MapleStory
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NSS" = Norton Security Scan
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"sp40348" = sp40348
"sp41098" = sp41098
"sp41121" = sp41121
"WildTangent hp Master Uninstall" = My HP Games
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/13/2010 8:15:12 PM | Computer Name = TannehillFam-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 12/13/2010 8:15:12 PM | Computer Name = TannehillFam-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 12/13/2010 8:15:17 PM | Computer Name = TannehillFam-PC | Source = Windows Search Service | ID = 7040
Description =

Error - 12/13/2010 8:21:12 PM | Computer Name = TannehillFam-PC | Source = LoadPerf | ID = 3012
Description =

Error - 12/13/2010 8:21:12 PM | Computer Name = TannehillFam-PC | Source = LoadPerf | ID = 3011
Description =

Error - 12/13/2010 9:27:51 PM | Computer Name = TannehillFam-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 12/13/2010 9:59:38 PM | Computer Name = TannehillFam-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12/13/2010 9:59:38 PM | Computer Name = TannehillFam-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/13/2010 10:05:46 PM | Computer Name = TannehillFam-PC | Source = LoadPerf | ID = 3012
Description =

Error - 12/13/2010 10:05:46 PM | Computer Name = TannehillFam-PC | Source = LoadPerf | ID = 3011
Description =

[ System Events ]
Error - 7/5/2010 5:18:28 PM | Computer Name = TannehillFam-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:16:08 PM on 7/5/2010 was unexpected.

Error - 7/5/2010 5:18:31 PM | Computer Name = TannehillFam-PC | Source = HTTP | ID = 15016
Description =

Error - 7/5/2010 9:44:16 PM | Computer Name = TannehillFam-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:24:17 PM on 7/5/2010 was unexpected.

Error - 7/5/2010 9:44:20 PM | Computer Name = TannehillFam-PC | Source = HTTP | ID = 15016
Description =

Error - 7/6/2010 12:49:47 PM | Computer Name = TannehillFam-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:19:08 AM on 7/6/2010 was unexpected.

Error - 7/6/2010 12:49:51 PM | Computer Name = TannehillFam-PC | Source = HTTP | ID = 15016
Description =

Error - 7/6/2010 7:25:49 PM | Computer Name = TannehillFam-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:25:42 PM on 7/6/2010 was unexpected.

Error - 7/6/2010 7:25:54 PM | Computer Name = TannehillFam-PC | Source = HTTP | ID = 15016
Description =

Error - 7/6/2010 10:26:28 PM | Computer Name = TannehillFam-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:37:37 PM on 7/6/2010 was unexpected.

Error - 7/6/2010 10:26:34 PM | Computer Name = TannehillFam-PC | Source = HTTP | ID = 15016
Description =


< End of report >

[mitch8]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
  O4:64bit: - HKLM..\Run: [HP Health Check Scheduler] File not found
  O4 - HKLM..\Run: [] File not found
  [2010/12/15 19:08:37 | 000,000,000 | ---D | C] -- C:\ProgramData\cJbAl06308
  
  :Services
  
  :Reg
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [EMPTYFLASH]
  [Reboot]
  

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done

Next,

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Next,

Download GMER from Here. Note the file's name and save it to your root folder, such as C:\.

• Disconnect from the Internet and close all running programs.
• Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
• Click on this link to see a list of programs that should be disabled.
• Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
• Allow the driver to load if asked.
• You may be prompted to scan immediately if it detects rootkit activity.
• If you are prompted to scan your system click "No", save the log and post back the results.
• If not prompted, click the "Rootkit/Malware" tab.
• On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
• Select all drives that are connected to your system to be scanned.
• Click the Scan button to begin. (Please be patient as it can take some time to complete)
• When the scan is finished, click Save to save the scan results to your Desktop.
• Save the file as Results.log and copy/paste the contents in your next reply.
• Exit the program and re-enable all active protection when done.

[ctannehill]

k did all the steps, except when I got to the GMER run application the following error:
"C:\v37fpsqt.exe invalid access to memory location." (this error comes when I right click run as admin)

If I double click the following error occurs: "C:\v37fpsqt.exe is not a valid Win32 application."

[mitch8]

Can you post the log from MBAM here?

Can you change your background back to normal?

[ctannehill]

yes as of now I do not have the wallpaper and the it seems as the virus scan alerts have stopped..

MBAM-log.txt

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5363

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18999

12/20/2010 2:01:59 PM
mbam-log-2010-12-20 (14-01-59).txt

Scan type: Quick scan
Objects scanned: 154419
Time elapsed: 2 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\GamevanceText.DLL (Adware.GameVance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AppDataLow\gvtl (Adware.GameVance) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\Users\tannehill family\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected] (Adware.GamesVance) -> Delete on reboot.
c:\Users\tannehill family\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\chrome (Adware.GamesVance) -> Quarantined and deleted successfully.
c:\Users\tannehill family\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components (Adware.GamesVance) -> Quarantined and deleted successfully.

Files Infected:
c:\Users\tannehill family\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\chrome.manifest (Adware.GamesVance) -> Quarantined and deleted successfully.
c:\Users\tannehill family\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\install.rdf (Adware.GamesVance) -> Quarantined and deleted successfully.
c:\Users\tannehill family\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\chrome\gvtextlinks.jar (Adware.GamesVance) -> Quarantined and deleted successfully.
c:\Users\tannehill family\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components\gvtlf.dll (Adware.GamesVance) -> Quarantined and deleted successfully.
c:\Users\tannehill family\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components\gvtlf.xpt (Adware.GamesVance) -> Quarantined and deleted successfully.

[mitch8]

Any other computer problems?

This scan will take a while.

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

• Save it to your desktop.
• Reboot your computer into SafeMode.
  

  You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
  Use your up arrow key to highlight SafeMode then hit enter.

• Double click the setup file to run it.
• Click Next to continue.
• Accept the Licence agreement and click on next
• It will by default install it to your desktop folder.Click Next.
• It will then open a box There will be a tab that says Automatic scan.
• Under Automatic scan make sure these are checked.

• Hidden Startup Objects
• System Memory
• Disk Boot Sectors.
• My Computer.
• Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.

• Then click on Scan at the to right hand Corner.
• It will automatically Neutralize any objects found.
• If some objects are left un-neutralized then click the button that says Neutralize all
• If it says it cannot be Neutralized then choose The delete option when prompted.
• After that is done click on the reports button at the bottom and save it to file name it Kas.
• Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
  
  

  Note: This tool will self uninstall when you close it so please save the log before closing it.

[ctannehill]

ok, i am getting ready to reboot to safe mode and do as instructed.

In the meantime, you asked if I was having any other computer problems?

The virus in question seems to be gone, or at least subdued...I am not having any of the issues I had when I first posted to this forum.
However currently I am getting very slow reactions to my mouse.

Right clicking seems to function as normal, promptly as soon as clicked.
Left clicking seems to react very slow and eratic.
when I try to click a link or drag/drop from my desktop it takes several clicks before a reaction. There are fresh batteries and it is a relatively new mouse. I only bring this up because I read somewhere else that someone else had this problem and it was suggested that it could be a virus.
Don't know how true that statement is....FYI

[ctannehill]

Ok Mitch,
Thanks again for sticking with me.
I ran the tool twice and this is the only report it gives.

kas.txt

Autoscan: completed 4 minutes ago (events: 2, objects: 372417, time: 00:44:33)
12/20/2010 4:07:34 PM Task started
12/20/2010 4:52:07 PM Task completed

[mitch8]

Did your mouse problems happen before you were infected? From my end it you look good, not sure if this is malware related.

[ctannehill]

No the mouse was working properly before the virus, but it does seem that everything besides the mouse is back on track.
Thanks Mitch8, I realize that you are dedicating your personal time to helping random people out, and I think you are giving a great service.
I hope others that use this site see the value in the efforts put forth by yourself and other professionals that do this for nothing more than
the satisfaction of helping people.
I hope you have a Happy Holliday, and again thank you very much for your time and help.

[mitch8]

Hi,

If you want to get the mouse fixed you can go to the hardware forum, the tech guys will know a lot more about this than I would.

Happy Holidays!
Mitch8

It looks like you log is clean You need to remove the malware removal tools from your computer, to do that:

Open up OTL and click on CleanUp

Please follow the steps below to keep your computer clean.

• Clean restore points - To get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
  
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE
  You now have a clean restore point, to get rid of the bad ones:
  
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done
• Update your computer - To check for updates yourself go to http://windowsupdate.microsoft.com It is very important to check for updates often as my security problems are fixed with updates. Also make sure your computer will update automatically, to do that:
  
  • Go the control panel
  • Click on security center
  • Then "Automatic Updates"
  • Select Automatic (recommended)
  • Pick the time and click ok
• Update Java - It's very important to keep java up to date because older versions have vulnerabilities that malware can use to infect your system.
  Please download JavaRa to your desktop and unzip it to its own folder
  
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.
• Update Adobe Reader- It's good to keep Adobe Reader updated to because many security problems are fixed in updates. To check for updates:
  
  • Open Adobe Reader
  • On the menu bar click on help then check for updates...
  • The program will then tell you if updates are available
• Anti-spyware programs - These programs will scan your computer and delete spyware. If you do not have any anti-spyware programs on your computer I recommend:
  
  • Malware Bytes
  • SUPERAntiSpyware
• Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A good tutorial on SpywareBlaster can be found at http://www.bleepingcomputer.com/tutorials/tutorial49.html
  
• Safe web browsing - You can install one of the toolbars below that will warn you about a malicious website.
  
  • WOT (web of trust)
  • McAfee SiteAdvisor
• Update your security software! You have to update you security software to make sure your computer is safe from new malware threats.
  
• And also see TonyKlein's article
  So how did I get infected in the first place?