Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

can't get rid of browser redirects, willing to wipe disk

Started by wayneman50 , Jan 08 2011 02:42 PM

This topic is locked

#1
wayneman50

Posted 08 January 2011 - 02:42 PM

Member

Member
588 posts

I have a google redirect virus. I have tried everything to get rid of it, including help from your site. It has spread to two more PC’s. They are all HP and have Windows. I have pretty much given up trying to fix it. I am willing to wipe the machines clean and start over, if that will fix it. A few questions:

1. I booted up a brand new desktop and the virus was on it immediately. It was attached to my Fios internet connection. My infected laptop from work was also connected to my Fios internet. Is it possible for a virus to be transmitted via them sharing the same router? A virus can’t reside on a router, right?

2. When I take the laptop to work and use it on our network and internet there, the google redirect does not happen. Do you know why?

3. Ultimately, I want to know where the virus is residing and how it is propagating, so I can stop it from spreading.

4. I did a system recovery at system startup and that did not get rid of the virus. If I do a system recovery from recovery discs, will that make any difference?

5. My new desktop also has another problem, I think. When it goes to sleep from inactivity, moving the mouse will not wake it up I have to click one of the mouse buttons to wake it up. This machine has Windows 7. Is that normal for Windows 7? I am new to this operating system.

#2
SweetTech

Posted 09 January 2011 - 12:49 PM

Sir SpamAlot

Retired Staff
7,671 posts

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together
Because of this, you must reply within three days failure to reply will result in the topic being closed!
Please do not PM me directly for help. If you have any questions, post them in this topic.
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

1. I booted up a brand new desktop and the virus was on it immediately. It was attached to my Fios internet connection. My infected laptop from work was also connected to my Fios internet. Is it possible for a virus to be transmitted via them sharing the same router? A virus can’t reside on a router, right?

There are some infections that alter the router settings.

2. When I take the laptop to work and use it on our network and internet there, the google redirect does not happen. Do you know why?

It's most likely because you have a router infection.

3. Ultimately, I want to know where the virus is residing and how it is propagating, so I can stop it from spreading.

I'm going to provide you with instructions for resetting your router, and then will request a few additional scans from you to ensure that nothing else is hiding.

4. I did a system recovery at system startup and that did not get rid of the virus. If I do a system recovery from recovery discs, will that make any difference?

If it's a router infection like I suspect then no, only a reset of the router, and a change of the password should fix the issue.

5. My new desktop also has another problem, I think. When it goes to sleep from inactivity, moving the mouse will not wake it up I have to click one of the mouse buttons to wake it up. This machine has Windows 7. Is that normal for Windows 7? I am new to this operating system.

I am not sure on that one.

Router Reset

Please read this: Malware Silently Alters Wireless Router Settings
Consult this link to find out what is the default username and password of your router and note down them: Route Passwords
Then rest your router to it's factory default settings:

"If your machine has been infected by one of these Zlob/DNSchanger Trojans, and your router settings have been altered, I would strongly recommend that you reset the router to its default configuration. Usually, this can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 30 seconds)"
This is the difficult part.
First get to the routers server. To do that type http:\\192.168.1.1 in the address bar and click Enter. You get the log in window.
Fill in the password you have already found and you will get the configuration page.
Configure the router to allow you to connect to your ISP server. In some routers it is done by a setup wizard. But you have to fill in the log in password your ISP has initially given to you.
You can also call your ISP if you don't have your initial password.
Don't forget to change the routers default password and set a strong password. Note down the password and keep it somewhere for future reference.
Please make sure of the following settings:
Go to Start -> Control Panel -> Double click on Network Connections.
Right click on your default connection (usually Local Area Connection or Wireless Network Connection) and select Properties.
Select the General tab.
Double click on Internet Protocol (TCP/IP).
Under General tab:
Select "Obtain an IP address automatically".
Select "Obtain DNS server address automatically".

[*]Click OK twice to save the settings.
[*]Reboot if you had to change any setting.[/list][/list]

NEXT:

Flush the DNS cache

Click the Start logo in the bottom left corner of the screen
Click on Run
In the command window copy/paste the following

ipconfig /flushdns

then hit enter
Exit the command window.

After that, Reboot

NEXT:

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

Double-click on RKUnhookerLE.exe to start the program.
Vista/Windows 7 users right-click and select Run As Administrator.
Click the Report tab, then click Scan.
Check Drivers, Stealth, and uncheck the rest.
Click OK.
Wait until it's finished and then go to File > Save Report.
Save the report to your Desktop.
Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

NEXT:

OTL Custom Scan

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under Extra Registry select Use Safe List
Under Custom Scan paste this in

netsvcs
drivers32
%Windir%\pchealth\helpctr\System|*.exe;false;true;true /FP
%Windir%\pchealth\helpctr\System\DVDUpgrd\*.exe
%Windir%\pchealth\helpctr\System\ErrMsg\*.exe
%Windir%\pchealth\helpctr\System\errors\*.exe
%Temp%\IXP000.TMP\*.exe
%AppData%\*.dat
%AppData%\Microsoft\Crypto\RSA\S-1-5-21-606747145-764733703-839522115-1003\*.*
c:\RECYCLER\S-1-5-21-6789101336-0645104624-973937180-6312\*.*
%UserProfile%\Microsoft\*.*
%Windir%\Windows\*.*
%System%\Update\*.exe
%System%\Update\*.dat
%System%\adobe*.exe
%System%\NEV*.*
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%APPDATA%\Microsoft\ /s
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\*.exe /x
%ProgramFiles%\Microsoft Common\*.*
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%USERPROFILE%\Cookies\*.txt /x
%systemroot%\system32\*.quo
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\Computers\*.*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
You may need two posts to fit them both in.

NEXT:

NEXT:

Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The log that was produced after running the RKU scan.
3. The logs that were produced after running the OTL scan (OTL.txt & Extras.txt).
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

#3
wayneman50

Posted 09 January 2011 - 09:18 PM

Member

Topic Starter
Member
588 posts

Hi SweetTech:
Thanks for getting back to me so soon. I read the article you provided the link to. Interesting. It seems that Verizon and my friends were wrong about the problem not being with my router.

My router is an Actiontec. I looked it up on the link provided and I do not see any of those model numbers on my box. I think mine is MI424WR. All the possibilities on that link showed some combination of username "admin" and password "password" or blank. I went to the url you provided: http:\\192.168.1.1, and tried "admin" and blank, then "admin" and "password". They didn't work. Odd - when I typed a character in the Password field, two circles would appear in the field. I expected one circle per character.

I could call Verizon to get the username and password.

#4
SweetTech

Posted 10 January 2011 - 11:21 AM

Sir SpamAlot

Retired Staff
7,671 posts

Hello,

From what I am able to find it appears that the username for your router is admin and the password is password. You may want to give Verizon a call and see if they can help you with the username and password.

#5
wayneman50

Posted 11 January 2011 - 06:07 PM

Member

Topic Starter
Member
588 posts

•Consult this link to find out what is the default username and password of your router and note down them: Route Passwords...I called Verizon. The password was 10 letters and digits, and it was on the sticker afixed to the router.

•Then rest your router to it's factory default settings:...
Done. That seems to have fixed the redirect.

Don't forget to change the routers default password and set a strong password. Note down the password and keep it somewhere for future reference.
...I changed my username, password, SSID, and WEP Key code.

•Please make sure of the following settings:
◦Go to Start -> Control Panel -> Double click on Network Connections.

◦Right click on your default connection (usually Local Area Connection or Wireless Network Connection) and select Properties.
◦Select the General tab.

◦Double click on Internet Protocol (TCP/IP).

■Under General tab:

■Select "Obtain an IP address automatically".

■Select "Obtain DNS server address automatically".

I have Windows 7. I think this is what I want: I went to:
Basic Network information and setup connections
Access type: Internet connections: Local Area Connection
I clicked on Local Area Connections.
I came to a screen with one tab: "General". At the top, it reads:
IPv4 Connectivity: Internet
IPv6 Connectivity: No network access
I clicked on "Properties".
I double clicked on both: Internet Protocol Version 6; Internet Protocol Version 4
Both of your specifications are already selected for both.

Flush the DNS cache
.....Done

After that, Reboot
.....Done

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop....I got it from Link 1.

Vista/Windows 7 users right-click and select Run As Administrator.

I get "Error loading driver, NTSTATUS code 0xC000036B"

#6
SweetTech

Posted 11 January 2011 - 06:11 PM

Sir SpamAlot

Retired Staff
7,671 posts

Hello,

Glad to hear that you were able to reset your router.

Please try downloading this tool and see if you can run it instead of RKU.

Scanning with GMER

Please download GMER from one of the following locations and save it to your desktop:

Main Mirror
This version will download a randomly named file (Recommended)
Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.
Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning.

#7
wayneman50

Posted 11 January 2011 - 07:31 PM

Member

Topic Starter
Member
588 posts

I ran the scan. When I returned to the PC, a message displayed which read "GMER hasn't found any system modification." I did a Save of the log. I brought the log into Wordpad. It's blank. I clicked Copy. I didn't see anything happen.

#8
SweetTech

Posted 11 January 2011 - 07:34 PM

Sir SpamAlot

Retired Staff
7,671 posts

Hello,

Please proceed with running the OTL scan.

#9
wayneman50

Posted 11 January 2011 - 08:39 PM

Member

Topic Starter
Member
588 posts

OTL logfile created on: 1/11/2011 9:27:25 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\WAYNE\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 75.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583.63 Gb Total Space | 548.25 Gb Free Space | 93.94% Space Free | Partition Type: NTFS
Drive D: | 12.44 Gb Total Space | 1.52 Gb Free Space | 12.25% Space Free | Partition Type: NTFS

Computer Name: WAYNE-HP | User Name: WAYNE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\WAYNE\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Users\WAYNE\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (CinemaNow Service) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe (Symantec Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (pdfcDispatcher) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1200000.080\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1200000.080\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1200000.080\SymEFA64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1200000.080\SymDS64.sys (Symantec Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1200000.080\Ironx64.sys (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1200000.080\symnets.sys (Symantec Corporation)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (rcmirror) -- C:\Windows\SysNative\drivers\rcmirror.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (Normandy) -- C:\Windows\SysWow64\drivers\Normandy.sys ()
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110111.002\EX64.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110111.002\ENG64.SYS (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20101123.003\BHDrvx64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110110.002\IDSviA64.sys (Symantec Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\Firefox [2010/12/28 17:33:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/01/07 00:09:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn\ [2011/01/11 08:24:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn\ [2011/01/11 08:24:04 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h20364.www2....DataManager.CAB (Hewlett-Packard Online Support Services)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/01/11 17:34:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011/01/11 12:50:50 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/01/11 12:50:33 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2011/01/11 12:48:50 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/01/11 09:25:09 | 000,802,864 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\symefa64.sys
[2011/01/11 09:25:09 | 000,735,864 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\srtsp64.sys
[2011/01/11 09:25:09 | 000,450,608 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\symds64.sys
[2011/01/11 09:25:09 | 000,382,072 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\symnets.sys
[2011/01/11 09:25:09 | 000,171,128 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\ironx64.sys
[2011/01/11 09:25:09 | 000,040,568 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\srtspx64.sys
[2011/01/11 09:24:55 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D
[2011/01/11 09:03:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2011/01/11 08:47:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\WAYNE\Desktop\OTL.exe
[2011/01/11 08:26:24 | 000,000,000 | ---D | C] -- C:\Users\WAYNE\AppData\Local\Windows Live
[2011/01/11 08:23:48 | 000,173,616 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/01/11 08:23:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/01/11 08:23:48 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/01/08 09:37:38 | 000,000,000 | ---D | C] -- C:\c602670ef6a0d2a3b4a61c510819a6
[2011/01/08 07:20:37 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/01/08 07:01:28 | 000,000,000 | ---D | C] -- C:\Users\WAYNE\AppData\Local\Diagnostics
[2011/01/08 03:01:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011/01/08 03:00:21 | 000,000,000 | ---D | C] -- C:\Users\WAYNE\AppData\Roaming\HpUpdate
[2011/01/07 03:20:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2011/01/07 03:20:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2011/01/06 23:50:29 | 000,000,000 | ---D | C] -- C:\Users\WAYNE\AppData\Roaming\Malwarebytes
[2011/01/06 23:50:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/01/06 23:50:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/06 23:50:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/01/06 23:50:20 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/01/06 23:50:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/01/06 23:48:44 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\WAYNE\Desktop\mbam-setup-1.50.1.1100.exe
[2011/01/06 22:24:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/01/06 22:24:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/01/06 22:23:16 | 000,000,000 | ---D | C] -- C:\Users\WAYNE\AppData\Roaming\Adobe
[2011/01/06 22:21:25 | 000,000,000 | ---D | C] -- C:\Users\WAYNE\AppData\Roaming\ATI
[2011/01/06 22:21:25 | 000,000,000 | ---D | C] -- C:\Users\WAYNE\AppData\Local\ATI
[2011/01/06 22:21:23 | 000,000,000 | ---D | C] -- C:\Users\WAYNE\AppData\Roaming\PictureMover
[2011/01/06 22:20:23 | 000,000,000 | ---D | C] -- C:\Users\WAYNE\AppData\Local\PDFC
[2011/01/06 22:20:12 | 000,000,000 | R--D | C] -- C:\Users\WAYNE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/01/06 22:20:12 | 000,000,000 | R--D | C] -- C:\Users\WAYNE\Searches
[2011/01/06 22:20:12 | 000,000,000 | R--D | C] -- C:\Users\WAYNE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/01/06 22:20:12 | 000,000,000 | -H-D | C] -- C:\Users\WAYNE\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/01/06 22:20:06 | 000,000,000 | ---D | C] -- C:\Users\WAYNE\AppData\Roaming\Identities
[2011/01/06 22:20:04 | 000,000,000 | R--D | C] -- C:\Users\WAYNE\Contacts
[2011/01/06 22:20:03 | 000,000,000 | ---D | C] -- C:\Users\WAYNE\AppData\Local\VirtualStore
[2011/01/06 22:19:38 | 000,000,000 | ---D | C] -- C:\Users\WAYNE\AppData\Local\Hewlett-Packard
[2011/01/06 22:10:06 | 000,000,000 | ---D | C] -- C:\Users\WAYNE\AppData\Roaming\Hewlett-Packard
[2011/01/06 22:09:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011/01/06 22:07:55 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/01/06 22:07:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2011/01/06 22:07:06 | 000,000,000 | -HSD | C] -- C:\Users\WAYNE\AppData\Local\Temporary Internet Files
[2011/01/06 22:07:06 | 000,000,000 | -HSD | C] -- C:\Users\WAYNE\Templates
[2011/01/06 22:07:06 | 000,000,000 | -HSD | C] -- C:\Users\WAYNE\Start Menu
[2011/01/06 22:07:06 | 000,000,000 | -HSD | C] -- C:\Users\WAYNE\SendTo
[2011/01/06 22:07:06 | 000,000,000 | -HSD | C] -- C:\Users\WAYNE\Recent
[2011/01/06 22:07:06 | 000,000,000 | -HSD | C] -- C:\Users\WAYNE\PrintHood
[2011/01/06 22:07:06 | 000,000,000 | -HSD | C] -- C:\Users\WAYNE\NetHood
[2011/01/06 22:07:06 | 000,000,000 | -HSD | C] -- C:\Users\WAYNE\Documents\My Videos
[2011/01/06 22:07:06 | 000,000,000 | -HSD | C] -- C:\Users\WAYNE\Documents\My Pictures
[2011/01/06 22:07:06 | 000,000,000 | -HSD | C] -- C:\Users\WAYNE\Documents\My Music
[2011/01/06 22:07:06 | 000,000,000 | -HSD | C] -- C:\Users\WAYNE\My Documents
[2011/01/06 22:07:06 | 000,000,000 | -HSD | C] -- C:\Users\WAYNE\Local Settings
[2011/01/06 22:07:06 | 000,000,000 | -HSD | C] -- C:\Users\WAYNE\AppData\Local\History
[2011/01/06 22:07:06 | 000,000,000 | -HSD | C] -- C:\Users\WAYNE\Cookies
[2011/01/06 22:07:06 | 000,000,000 | -HSD | C] -- C:\Users\WAYNE\Application Data
[2011/01/06 22:07:06 | 000,000,000 | -HSD | C] -- C:\Users\WAYNE\AppData\Local\Application Data
[2011/01/06 22:07:05 | 000,000,000 | --SD | C] -- C:\Users\WAYNE\AppData\Roaming\Microsoft
[2011/01/06 22:07:05 | 000,000,000 | R--D | C] -- C:\Users\WAYNE\Videos
[2011/01/06 22:07:05 | 000,000,000 | R--D | C] -- C:\Users\WAYNE\Saved Games
[2011/01/06 22:07:05 | 000,000,000 | R--D | C] -- C:\Users\WAYNE\Pictures
[2011/01/06 22:07:05 | 000,000,000 | R--D | C] -- C:\Users\WAYNE\Music
[2011/01/06 22:07:05 | 000,000,000 | R--D | C] -- C:\Users\WAYNE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/01/06 22:07:05 | 000,000,000 | R--D | C] -- C:\Users\WAYNE\Links
[2011/01/06 22:07:05 | 000,000,000 | R--D | C] -- C:\Users\WAYNE\Favorites
[2011/01/06 22:07:05 | 000,000,000 | R--D | C] -- C:\Users\WAYNE\Downloads
[2011/01/06 22:07:05 | 000,000,000 | R--D | C] -- C:\Users\WAYNE\My Documents
[2011/01/06 22:07:05 | 000,000,000 | R--D | C] -- C:\Users\WAYNE\Desktop
[2011/01/06 22:07:05 | 000,000,000 | R--D | C] -- C:\Users\WAYNE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/01/06 22:07:05 | 000,000,000 | -H-D | C] -- C:\Users\WAYNE\AppData
[2011/01/06 22:07:05 | 000,000,000 | ---D | C] -- C:\Users\WAYNE\AppData\Local\Temp
[2011/01/06 22:07:05 | 000,000,000 | ---D | C] -- C:\Users\WAYNE\AppData\Local\Microsoft
[2011/01/06 22:07:05 | 000,000,000 | ---D | C] -- C:\Users\WAYNE\AppData\Roaming\Media Center Programs
[2011/01/06 22:07:05 | 000,000,000 | ---D | C] -- C:\Users\WAYNE\AppData\Roaming\Macromedia
[2011/01/06 22:07:05 | 000,000,000 | ---D | C] -- C:\Users\WAYNE\AppData\Local\HuluDesktop
[2011/01/06 22:06:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\User Guides
[2011/01/06 21:58:01 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/01/06 21:20:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
[2010/12/28 17:52:04 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2010/12/28 17:52:04 | 000,372,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2010/12/28 17:52:04 | 000,346,144 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2010/12/28 17:52:04 | 000,330,656 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2010/12/28 17:52:04 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2010/12/28 17:52:04 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2010/12/28 17:52:04 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2010/12/28 17:52:04 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2010/12/28 17:52:04 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2010/12/28 17:52:04 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2010/12/28 17:52:03 | 000,458,752 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2010/12/28 17:52:03 | 000,203,264 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2010/12/28 17:52:03 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2010/12/28 17:52:03 | 000,055,296 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst.dll
[2010/12/28 17:52:03 | 000,012,288 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2010/12/28 17:44:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/12/28 17:37:58 | 000,815,664 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1200000.080\SymEFA64.sys
[2010/12/28 17:37:58 | 000,701,800 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1200000.080\srtsp64.sys
[2010/12/28 17:37:58 | 000,450,096 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1200000.080\SymDS64.sys
[2010/12/28 17:37:58 | 000,380,464 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1200000.080\symnets.sys
[2010/12/28 17:37:58 | 000,168,496 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1200000.080\Ironx64.sys
[2010/12/28 17:37:58 | 000,038,248 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1200000.080\srtspx64.sys
[2010/12/28 17:37:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64
[2010/12/28 17:37:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1200000.080
[2010/12/28 17:37:45 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2010/12/28 17:37:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2010/12/28 17:37:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/12/28 17:37:17 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/12/28 17:37:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2010/12/28 17:33:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010/12/28 17:33:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar
[2010/12/28 17:33:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bing Bar Installer
[2010/12/28 17:33:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2010/12/28 17:33:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/12/28 17:32:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010/12/28 17:32:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kobo
[2010/12/28 17:32:30 | 000,000,000 | ---D | C] -- C:\Windows\PRIndex
[2010/12/28 17:32:21 | 000,000,000 | ---D | C] -- C:\ProgramData\NewspaperDirect
[2010/12/28 17:32:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NewspaperDirect
[2010/12/28 17:32:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eReaders
[2010/12/28 17:32:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zinio Reader 4
[2010/12/28 17:32:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2010/12/28 17:31:46 | 000,000,000 | ---D | C] -- C:\Program Files\PlayReady
[2010/12/28 17:25:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
[2010/12/28 17:24:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LS Getting Started
[2010/12/28 17:24:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe
[2010/12/28 17:20:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP Games
[2010/12/28 17:20:43 | 000,000,000 | ---D | C] -- C:\ProgramData\WildTangent
[2010/12/28 17:20:34 | 000,000,000 | ---D | C] -- C:\ProgramData\PictureMover
[2010/12/28 17:20:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PictureMover
[2010/12/28 17:20:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Online Backup
[2010/12/28 17:20:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010/12/28 17:20:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Symantec
[2010/12/28 17:20:17 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services
[2010/12/28 17:20:16 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Online Services
[2010/12/28 17:14:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Uninstall
[2010/12/28 17:14:19 | 000,000,000 | ---D | C] -- C:\ProgramData\CinemaNow
[2010/12/28 17:14:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CinemaNow
[2010/12/28 17:14:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE
[2010/12/28 17:14:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Sonic
[2010/12/28 17:13:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio
[2010/12/28 17:13:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Roxio Shared
[2010/12/28 17:13:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrovision
[2010/12/28 17:11:51 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2010/12/28 17:09:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink
[2010/12/28 17:08:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2010/12/28 17:07:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hp
[2010/12/28 17:07:26 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery Manager
[2010/12/28 17:07:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2010/12/28 17:05:41 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010/12/28 17:04:51 | 000,064,000 | ---- | C] (LSI Corporation) -- C:\Windows\SysWow64\agrsmdel.exe
[2010/12/28 17:04:51 | 000,027,648 | ---- | C] (LSI Corporation) -- C:\Windows\SysWow64\agrsco64.dll
[2010/12/28 17:04:44 | 000,000,000 | ---D | C] -- C:\Windows\Options
[2010/12/28 17:04:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2010/12/28 17:03:51 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010/12/28 17:03:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2010/12/28 17:02:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2010/12/28 17:02:34 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2010/12/28 17:02:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2010/12/28 17:02:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Complete
[2010/12/28 17:02:26 | 000,019,464 | ---- | C] (PDF Complete, Inc.) -- C:\Windows\SysNative\pdfc_port.dll
[2010/12/28 17:02:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Complete
[2010/12/28 17:02:21 | 000,000,000 | ---D | C] -- C:\ProgramData\PDFC
[2010/12/28 17:01:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2010/12/28 17:01:29 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2010/12/28 17:01:27 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/12/28 17:01:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2010/12/28 17:00:51 | 000,000,000 | ---D | C] -- C:\ProgramData\{0F47B255-CF9F-48C5-B558-B7DAF9345268}
[2010/12/28 17:00:14 | 000,000,000 | ---D | C] -- C:\Program Files\hp
[2010/12/28 17:00:10 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2010/12/28 17:00:03 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2010/12/28 16:59:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard
[2010/12/28 16:59:57 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools
[2010/12/28 16:58:41 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/12/28 16:55:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2010/12/28 16:55:17 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek

========== Files - Modified Within 30 Days ==========

[2011/01/11 21:30:30 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/11 21:30:30 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/11 21:29:09 | 000,735,882 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/01/11 21:29:09 | 000,630,182 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/01/11 21:29:09 | 000,109,260 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/01/11 21:23:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/11 21:23:12 | 3220,660,224 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/11 19:52:03 | 000,296,448 | ---- | M] () -- C:\Users\WAYNE\Desktop\hg2te85i.exe
[2011/01/11 18:58:43 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2011/01/11 17:31:21 | 000,001,977 | ---- | M] () -- C:\Users\WAYNE\Documents\router problem.rtf
[2011/01/11 08:47:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\WAYNE\Desktop\OTL.exe
[2011/01/11 08:46:27 | 000,133,632 | ---- | M] () -- C:\Users\WAYNE\Desktop\RKUnhookerLE.EXE
[2011/01/11 08:25:48 | 001,251,040 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1200000.080\Cat.DB
[2011/01/11 08:23:48 | 000,173,616 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/01/11 08:23:48 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/01/11 08:23:48 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/01/11 08:23:45 | 000,002,578 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011/01/08 06:28:07 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\file.ext
[2011/01/07 03:21:54 | 000,285,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/01/07 01:06:11 | 000,039,219 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011/01/07 01:06:11 | 000,039,219 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011/01/06 23:50:25 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/06 23:48:55 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\WAYNE\Desktop\mbam-setup-1.50.1.1100.exe
[2011/01/06 22:25:05 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/01/06 22:24:57 | 000,730,638 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/06 22:23:12 | 000,001,443 | ---- | M] () -- C:\Users\WAYNE\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/01/06 22:09:19 | 000,000,020 | ---- | M] () -- C:\Windows\”ù¿
[2011/01/06 22:07:14 | 000,000,000 | RHS- | M] () -- C:\Windows\SysWow64\drivers\103C_HP_53316J G D_p6650z_Y53316J G D_0U_Q2MD052_E2MD052015F DPS_4A_I2AB1_SFOXCONN_V1.00_6.04_T100907_WU3-0_L409_M4096_J640_7AMD_8F53_92.90_#110106_N10EC8136_(XM546AV#ABA)_X_CD3_Z_2_G100268F9.MRK
[2011/01/06 22:07:14 | 000,000,000 | RHS- | M] () -- C:\Windows\SysNative\drivers\103C_HP_53316J G D_p6650z_Y53316J G D_0U_Q2MD052_E2MD052015F DPS_4A_I2AB1_SFOXCONN_V1.00_6.04_T100907_WU3-0_L409_M4096_J640_7AMD_8F53_92.90_#110106_N10EC8136_(XM546AV#ABA)_X_CD3_Z_2_G100268F9.MRK
[2010/12/28 17:46:28 | 000,000,000 | RHS- | M] () -- C:\OS
[2010/12/28 17:33:46 | 000,002,272 | ---- | M] () -- C:\Users\Public\Desktop\eBay.lnk
[2010/12/28 17:24:18 | 000,002,216 | ---- | M] () -- C:\Users\Public\Desktop\Play HP Games.lnk
[2010/12/28 17:20:34 | 000,002,003 | ---- | M] () -- C:\Users\Public\Desktop\Snapfish PictureMover.lnk
[2010/12/28 17:01:24 | 000,002,179 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2010/12/28 16:55:04 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/01/11 19:51:59 | 000,296,448 | ---- | C] () -- C:\Users\WAYNE\Desktop\hg2te85i.exe
[2011/01/11 18:55:08 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2011/01/11 17:31:21 | 000,001,977 | ---- | C] () -- C:\Users\WAYNE\Documents\router problem.rtf
[2011/01/11 09:25:09 | 000,007,492 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\iron.cat
[2011/01/11 09:25:09 | 000,007,462 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\srtspx64.cat
[2011/01/11 09:25:09 | 000,007,460 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\symefa64.cat
[2011/01/11 09:25:09 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\symnet64.cat
[2011/01/11 09:25:09 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\srtsp64.cat
[2011/01/11 09:25:09 | 000,007,454 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\symds64.cat
[2011/01/11 09:25:09 | 000,003,374 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\symefa.inf
[2011/01/11 09:25:09 | 000,002,792 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\symds.inf
[2011/01/11 09:25:09 | 000,001,446 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\symnet.inf
[2011/01/11 09:25:09 | 000,001,438 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\srtsp64.inf
[2011/01/11 09:25:09 | 000,001,422 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\srtspx64.inf
[2011/01/11 09:25:09 | 000,000,772 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\iron.inf
[2011/01/11 09:24:55 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\isolate.ini
[2011/01/11 08:46:21 | 000,133,632 | ---- | C] () -- C:\Users\WAYNE\Desktop\RKUnhookerLE.EXE
[2011/01/11 08:23:51 | 001,251,040 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1200000.080\Cat.DB
[2011/01/11 08:23:48 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/01/11 08:23:48 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/01/06 23:50:25 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/06 23:18:49 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\file.ext
[2011/01/06 22:25:05 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/01/06 22:24:57 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/06 22:23:12 | 000,001,443 | ---- | C] () -- C:\Users\WAYNE\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/01/06 22:09:52 | 000,002,272 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk
[2011/01/06 22:09:18 | 000,000,020 | ---- | C] () -- C:\Windows\”ù¿
[2011/01/06 22:07:14 | 000,000,000 | RHS- | C] () -- C:\Windows\SysWow64\drivers\103C_HP_53316J G D_p6650z_Y53316J G D_0U_Q2MD052_E2MD052015F DPS_4A_I2AB1_SFOXCONN_V1.00_6.04_T100907_WU3-0_L409_M4096_J640_7AMD_8F53_92.90_#110106_N10EC8136_(XM546AV#ABA)_X_CD3_Z_2_G100268F9.MRK
[2011/01/06 22:07:14 | 000,000,000 | RHS- | C] () -- C:\Windows\SysNative\drivers\103C_HP_53316J G D_p6650z_Y53316J G D_0U_Q2MD052_E2MD052015F DPS_4A_I2AB1_SFOXCONN_V1.00_6.04_T100907_WU3-0_L409_M4096_J640_7AMD_8F53_92.90_#110106_N10EC8136_(XM546AV#ABA)_X_CD3_Z_2_G100268F9.MRK
[2011/01/06 22:07:05 | 000,000,290 | ---- | C] () -- C:\Users\WAYNE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/01/06 22:07:05 | 000,000,272 | ---- | C] () -- C:\Users\WAYNE\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/01/06 21:57:56 | 3220,660,224 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/28 17:52:04 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2010/12/28 17:52:03 | 000,534,960 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2010/12/28 17:52:03 | 000,534,960 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2010/12/28 17:52:03 | 000,332,288 | ---- | C] () -- C:\Windows\SysNative\ATIODE.exe
[2010/12/28 17:52:03 | 000,203,336 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
[2010/12/28 17:52:03 | 000,051,200 | ---- | C] () -- C:\Windows\SysNative\ATIODCLI.exe
[2010/12/28 17:52:03 | 000,021,360 | ---- | C] () -- C:\Windows\atiogl.xml
[2010/12/28 17:52:03 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/12/28 17:52:03 | 000,002,137 | ---- | C] () -- C:\Windows\SysNative\atipblag.dat
[2010/12/28 17:52:02 | 000,057,192 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2010/12/28 17:46:28 | 000,000,000 | RHS- | C] () -- C:\OS
[2010/12/28 17:38:00 | 000,002,578 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010/12/28 17:37:52 | 000,003,375 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1200000.080\SymEFA.inf
[2010/12/28 17:37:52 | 000,002,792 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1200000.080\SymDS.inf
[2010/12/28 17:37:52 | 000,001,446 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1200000.080\SymNet.inf
[2010/12/28 17:37:52 | 000,001,438 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1200000.080\srtsp64.inf
[2010/12/28 17:37:52 | 000,001,422 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1200000.080\srtspx64.inf
[2010/12/28 17:37:52 | 000,000,772 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1200000.080\Iron.inf
[2010/12/28 17:37:47 | 000,007,414 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1200000.080\srtspx64.cat
[2010/12/28 17:37:47 | 000,007,412 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1200000.080\SymEFA64.cat
[2010/12/28 17:37:47 | 000,007,410 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1200000.080\srtsp64.cat
[2010/12/28 17:37:47 | 000,007,406 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1200000.080\SymDS64.cat
[2010/12/28 17:37:47 | 000,007,402 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1200000.080\iron.cat
[2010/12/28 17:37:47 | 000,007,368 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1200000.080\symnet64.cat
[2010/12/28 17:37:47 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1200000.080\isolate.ini
[2010/12/28 17:20:54 | 000,002,216 | ---- | C] () -- C:\Users\Public\Desktop\Play HP Games.lnk
[2010/12/28 17:20:34 | 000,002,003 | ---- | C] () -- C:\Users\Public\Desktop\Snapfish PictureMover.lnk
[2010/12/28 17:01:24 | 000,002,179 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2010/12/28 16:58:12 | 000,043,254 | ---- | C] () -- C:\Windows\SysNative\HP_Logo.bmp
[2010/12/28 16:55:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/02/09 21:58:12 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/01/14 17:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll

========== LOP Check ==========

[2011/01/06 22:21:25 | 000,000,000 | ---D | M] -- C:\Users\WAYNE\AppData\Roaming\PictureMover
[2009/07/14 00:08:49 | 000,003,370 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %Windir%\pchealth\helpctr\System|*.exe;false;true;true /FP >

< %Windir%\pchealth\helpctr\System\DVDUpgrd\*.exe >

< %Windir%\pchealth\helpctr\System\ErrMsg\*.exe >

< %Windir%\pchealth\helpctr\System\errors\*.exe >

< %Temp%\IXP000.TMP\*.exe >

< %AppData%\*.dat >

< %AppData%\Microsoft\Crypto\RSA\S-1-5-21-606747145-764733703-839522115-1003\*.* >

< c:\RECYCLER\S-1-5-21-6789101336-0645104624-973937180-6312\*.* >

< %UserProfile%\Microsoft\*.* >

< %Windir%\Windows\*.* >

Invalid Environment Variable: System

Invalid Environment Variable: System

Invalid Environment Variable: System

Invalid Environment Variable: System

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %APPDATA%\Microsoft\ /s >

< %PROGRAMFILES%\*.* >
[2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/01/06 22:23:12 | 000,000,221 | -HS- | M] () -- C:\Users\WAYNE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/01/11 19:52:03 | 000,296,448 | ---- | M] () -- C:\Users\WAYNE\Desktop\hg2te85i.exe
[2011/01/06 23:48:55 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\WAYNE\Desktop\mbam-setup-1.50.1.1100.exe
[2011/01/11 08:47:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\WAYNE\Desktop\OTL.exe
[2011/01/11 08:46:27 | 000,133,632 | ---- | M] () -- C:\Users\WAYNE\Desktop\RKUnhookerLE.EXE

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe /x >

< %ProgramFiles%\Microsoft Common\*.* >

< %USERPROFILE%\Favorites\*.url /x >
[2011/01/06 22:20:18 | 000,000,402 | -HS- | M] () -- C:\Users\WAYNE\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %USERPROFILE%\Cookies\*.txt /x >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\Computers\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< >

< >

< End of report >

#10
wayneman50

Posted 11 January 2011 - 08:40 PM

Member

Topic Starter
Member
588 posts

OTL Extras logfile created on: 1/11/2011 9:27:25 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\WAYNE\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 75.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583.63 Gb Total Space | 548.25 Gb Free Space | 93.94% Space Free | Partition Type: NTFS
Drive D: | 12.44 Gb Total Space | 1.52 Gb Free Space | 12.25% Space Free | Partition Type: NTFS

Computer Name: WAYNE-HP | User Name: WAYNE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{422DAAC6-8E99-ED2E-CD46-0DEEE1A09EF8}" = ATI Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5B08AF35-B699-4A44-BB89-3E51E70611E8}" = HP MediaSmart SmartMenu
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8AC3CFAD-B8C0-668C-8761-920A63B1B574}" = ccc-utility64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E77543EE-6FB5-4FF6-AB70-635392C8C756}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0935B1FB-71D5-D1F7-9045-F44394E3FBDA}" = CCC Help Czech
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0
"{13F0CFEB-1131-4DC1-5DEF-7E0F91858D99}" = CCC Help Finnish
"{18166604-72E6-F535-B9E9-4D8EF2C599C8}" = CCC Help Polish
"{19A4B59F-A887-9A3B-C4CD-871A333AE838}" = CCC Help Thai
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1C8E0A7E-2707-8E5F-BFCD-AE3CD1EB528E}" = Catalyst Control Center Graphics Previews Vista
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Premium
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{222A544B-E6B7-496F-B4D7-6FE74FF0E616}" = Bing Bar Platform
"{23D18B1A-8B73-73AB-DE37-929A14A524F8}" = CCC Help Russian
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
"{289FF83C-14F2-F82F-C478-9342170C5029}" = CCC Help Chinese Traditional
"{2CE4119A-FF7F-3EE6-42A4-EB53C6057FFE}" = Zinio Reader 4
"{2E238AA5-5B07-DEBF-4B9B-50FD33D108A2}" = CCC Help Japanese
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{319E272A-B5DB-4939-99D0-1F1F0C55699E}" = HP Support Assistant
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3B341D0B-E84E-EFF7-9665-553E0315DC8E}" = CCC Help Turkish
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{59E5D73C-E574-1C9A-CB26-0AA0D7298C31}" = Catalyst Control Center Graphics Previews Common
"{5D729989-59A9-591A-6419-08444EEAEDB3}" = CCC Help Portuguese
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7D29228E-ECCC-055E-F0DF-3D52831D90D8}" = CCC Help Spanish
"{7F421DF0-AFD5-CA29-0F36-7E1F006150FA}" = CCC Help Hungarian
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{822C792C-371F-0990-14EE-C1583E4CE2E0}" = ccc-core-static
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8614FEE9-1E19-9A56-E445-E9F14178B7F2}" = CCC Help Greek
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B026F59-3DB2-97C6-538D-0326B8855080}" = CCC Help Korean
"{8B41F2D9-B924-F249-CDFA-6792B4F58A34}" = CCC Help French
"{8BFB1992-45FC-BAAB-6AE3-69306202B584}" = CCC Help Swedish
"{8CB19DF9-B209-E0B4-D541-AB171E65135E}" = Catalyst Control Center InstallProxy
"{8DC9EAD2-B869-A5C6-AEDB-35700F1444F4}" = CCC Help Chinese Standard
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0
"{912CED74-88D3-4C5B-ACB0-13231864975D}" = PressReader
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{954A99E7-D1BB-936A-FAEA-7E5A999D1506}" = CCC Help Italian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8D6EA97-E688-417B-0A39-3E77AE60AA43}" = Catalyst Control Center Localization All
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{BC702A05-A75D-F845-FC9D-ED37A04F78B8}" = CCC Help German
"{BDDA1E1E-204E-4368-B0C2-737F16B76307}" = HP MediaSmart/TouchSmart Netflix
"{BED677E3-F67A-15E5-45F3-76D61D245EDF}" = CCC Help English
"{C07FEFB3-D039-182C-8D27-AF2852C70015}" = HydraVision
"{C50ADEEF-AAAC-76BF-D9A0-E7BED8D855A8}" = CCC Help Danish
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D9390EF1-CBB2-4B06-A24C-73C03C8D2E2C}" = Catalyst Control Center - Branding
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E64A3228-2FDC-8A9D-F69F-E7AED8938C7D}" = CCC Help Dutch
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEA6954A-0B3E-C230-FBD2-B7A2926C0013}" = CCC Help Norwegian
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Premium
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Kobo" = Kobo
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"My HP Game Console" = HP Game Console
"NIS" = Norton Internet Security
"PDF Complete" = PDF Complete Special Edition
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087328" = Blackhawk Striker 2
"WT087335" = Build-a-lot 2
"WT087342" = Dora's Carnival Adventure
"WT087360" = Escape Rosecliff Island
"WT087361" = FATE
"WT087362" = Final Drive Nitro
"WT087372" = Heroes of Hellas 2 - Olympia
"WT087373" = Jewel Quest 3
"WT087379" = Jewel Quest Solitaire 2
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087414" = Virtual Families
"WT087415" = Wheel of Fortune 2
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087513" = Virtual Villagers - The Secret City
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"HuluDesktop" = Hulu Desktop

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/6/2011 11:06:48 PM | Computer Name = WAYNE-HP | Source = Microsoft-Windows-User Profiles Service | ID = 1533
Description = Windows cannot delete the profile directory C:\Users\Administrator.
This error may be caused by files in this directory being used by another program.
DETAIL - The directory is not empty.

[ System Events ]
Error - 1/7/2011 1:03:07 AM | Computer Name = WAYNE-HP | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Visual C++ 2005 Service Pack
1 Redistributable Package (KB973923).

Error - 1/7/2011 1:07:31 AM | Computer Name = WAYNE-HP | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft XML Core Services 4.0 Service
Pack 2 for x64-based Systems (KB954430).

Error - 1/7/2011 1:08:16 AM | Computer Name = WAYNE-HP | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Update for Microsoft XML Core Services 4.0 Service Pack
2 for x64-based Systems (KB973688).

Error - 1/7/2011 4:01:43 AM | Computer Name = WAYNE-HP | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Visual C++ 2005 Service Pack
1 Redistributable Package (KB973923).

Error - 1/7/2011 4:03:16 AM | Computer Name = WAYNE-HP | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft XML Core Services 4.0 Service
Pack 2 for x64-based Systems (KB954430).

Error - 1/7/2011 4:05:16 AM | Computer Name = WAYNE-HP | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Update for Microsoft XML Core Services 4.0 Service Pack
2 for x64-based Systems (KB973688).

< End of report >

#11
SweetTech

Posted 12 January 2011 - 12:19 PM

Sir SpamAlot

Retired Staff
7,671 posts

Hello wayneman50,

How are things running?

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox.

:Services
:OTL
O4 - HKLM..\Run: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
[2011/01/11 19:52:03 | 000,296,448 | ---- | M] () -- C:\Users\WAYNE\Desktop\hg2te85i.exe
[2010/12/28 16:55:04 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2011/01/06 22:09:18 | 000,000,020 | ---- | C] () -- C:\Windows\”ù¿

:Reg

:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click .
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

Open Malwarebytes' Anti-Malware
Select the Update tab
Click Check for Updates
After the update have been completed, Select the Scanner tab.
Select Perform quick scan, then click on Scan
Leave the default options as it is and click on Start Scan
When done, you will be prompted. Click OK, then click on Show Results
Checked (ticked) all items and click on Remove Selected
After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT:

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

NEXT:

Security Check
Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

#12
wayneman50

Posted 12 January 2011 - 06:56 PM

Member

Topic Starter
Member
588 posts

First, here's the OTL log

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
C:\Users\WAYNE\Desktop\hg2te85i.exe moved successfully.
C:\Windows\ativpsrm.bin moved successfully.
C:\Windows\”ù¿ moved successfully.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\WAYNE\Desktop\cmd.bat deleted successfully.
C:\Users\WAYNE\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: WAYNE
->Temp folder emptied: 4536483 bytes
->Temporary Internet Files folder emptied: 58010131 bytes
->Flash cache emptied: 43135 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 27632760 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50132 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 86.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: WAYNE
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.20.1 log created on 01122011_195045

Files\Folders moved on Reboot...
C:\Users\WAYNE\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\WAYNE\AppData\Local\Temp\~DF092A27DE3E450190.TMP not found!
File\Folder C:\Users\WAYNE\AppData\Local\Temp\~DF107F2DEFF643D157.TMP not found!
File\Folder C:\Users\WAYNE\AppData\Local\Temp\~DF10C0CC3A855106AF.TMP not found!
File\Folder C:\Users\WAYNE\AppData\Local\Temp\~DF1ABA9288ECABE78D.TMP not found!
File\Folder C:\Users\WAYNE\AppData\Local\Temp\~DF1FD8EF0D1B695BBF.TMP not found!
File\Folder C:\Users\WAYNE\AppData\Local\Temp\~DF3A3E1F28B13C5859.TMP not found!
File\Folder C:\Users\WAYNE\AppData\Local\Temp\~DF45DD5BBD2506859F.TMP not found!
File\Folder C:\Users\WAYNE\AppData\Local\Temp\~DF46B403EE3C06F606.TMP not found!
File\Folder C:\Users\WAYNE\AppData\Local\Temp\~DF628312535C0EB3DA.TMP not found!
File\Folder C:\Users\WAYNE\AppData\Local\Temp\~DF7D59ED747C11AFE4.TMP not found!
File\Folder C:\Users\WAYNE\AppData\Local\Temp\~DF86CA21DB9A744F71.TMP not found!
File\Folder C:\Users\WAYNE\AppData\Local\Temp\~DF8D59EE42CD9D0CC1.TMP not found!
File\Folder C:\Users\WAYNE\AppData\Local\Temp\~DF8DB47EBB82C48493.TMP not found!
File\Folder C:\Users\WAYNE\AppData\Local\Temp\~DF936EC5FEFF658B82.TMP not found!
File\Folder C:\Users\WAYNE\AppData\Local\Temp\~DF9B6C4F0CFE1C869A.TMP not found!
File\Folder C:\Users\WAYNE\AppData\Local\Temp\~DFA3062759BBF615BE.TMP not found!
File\Folder C:\Users\WAYNE\AppData\Local\Temp\~DFA4D1D03D5FC0C7DF.TMP not found!
File\Folder C:\Users\WAYNE\AppData\Local\Temp\~DFB2755DCA5AFE0D80.TMP not found!
File\Folder C:\Users\WAYNE\AppData\Local\Temp\~DFB4F6741D307BFD1B.TMP not found!
File\Folder C:\Users\WAYNE\AppData\Local\Temp\~DFB9D6FE3F46C4ECFB.TMP not found!
File\Folder C:\Users\WAYNE\AppData\Local\Temp\~DFE5A69D590DFD846B.TMP not found!
File\Folder C:\Users\WAYNE\AppData\Local\Temp\~DFFD83CE5AD6722046.TMP not found!
C:\Users\WAYNE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LYHR20RM\1492322697@Top,Position1!Position1[1].htm moved successfully.
C:\Users\WAYNE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LYHR20RM\driver[1].htm moved successfully.
C:\Users\WAYNE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LYHR20RM\page__pid__1954380[1].htm moved successfully.
C:\Users\WAYNE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DSWAN4PV\xd_proxy[1].htm moved successfully.
C:\Users\WAYNE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9Q0ZHDCJ\like[1].htm moved successfully.
C:\Users\WAYNE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Users\WAYNE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\WAYNE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.

Registry entries deleted on Reboot...

#13
wayneman50

Posted 12 January 2011 - 07:10 PM

Member

Topic Starter
Member
588 posts

Things seem to be running OK, but then I haven't used much of anything on this PC except Internet Explorer and Wordpad, and of course, the utilities you've been having me run.

While my Malwarebytes scan is running, I have a question. Apparently I have some malicious software on my new PC. Is that right? How is the world did it get on here? I took it out of the box, booted it up, and went through the setup. I chose not to install Norton because I wanted Microsoft Security Essentials. I went straight to the Microsoft site, downloaded it, and installed it. Then I went to get Malwarebytes and saw the google redirect. I did not visit any other sites. I did not, and have not, tried to transfer any data from the other PC's - no flash drives, no external drives, nothing. Like I wrote before, my work laptop was connected to my internet at the same time. Viruses couldn't go across the internet connection, could they?

The Malwarebytes message reads "No malicious items were detected." I'm going to do the ESET next.

en Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5508

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

1/12/2011 8:00:12 PM
mbam-log-2011-01-12 (20-00-12).txt

Scan type: Quick scan
Objects scanned: 158171
Time elapsed: 2 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#14
wayneman50

Posted 13 January 2011 - 05:38 AM

Member

Topic Starter
Member
588 posts

When I left ESET last night, it was at about 48%. This morning, the session was gone. I also had this page up. That's gone too. When I looked at the PC this morning, it had one Explorer session and it was my "home" page, which is msn.com.

#15
SweetTech

Posted 13 January 2011 - 10:13 AM

Sir SpamAlot

Retired Staff
7,671 posts

Hello wayneman50,

Glad to hear that things are running better.

Viruses couldn't go across the internet connection, could they?

If your work laptop is/was infected it's quite possible that the infection spread to your router, and infected your new computer that way.

I would really like to get a look at the ESET log.

I don't believe it was saved, but lets check anyways.

Locate ESET Online Scanner Log

Please do the following:
On your keyboard press the Windows key + R
By pressing those two keys at the same time this should display the run dialog box.
Once the Run Dialog box appears please copy and paste the following:
C:\Program Files\ESET\log.txt
After you've copied and pasted the above please select OK.
This should display the ESET Online Scanner log.

Once the ESET Online Scanner log is displayed please copy and paste the contents of the file into your next post.

If there is no log there I'd like to ask that you re-run the ESET scan and see what it finds if anything.