Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

system restore virus

Started by jfbrophy , Oct 25 2011 12:50 PM

This topic is locked

#1
jfbrophy

Posted 25 October 2011 - 12:50 PM

New Member

Member
6 posts

Group:
Member Posts:
92 Joined:
03-June 07 Posted 21 October 2011 - 07:27 AM

clicked on a bad link in an email and started getting bombarded with obviously fake scans that read "System Restore: Pc Performance & Stability Report". Then 20 or so warnings/alerts popped up reading "Windows delayed write failed...etc." and a few reading "files indexation process failed". The biggest issue is that it hid all of my files and folders. I ran a couple scans, cleaned some things up, and unhid all my files through the command prompt and it worked for about 24 hrs just fine. Now it is back doing the exact same thing so I must no have cleaned it all up. Any help would be GREATLY appreciated!

---Above is a previous post from another user i believe i have the same virus on my system
an error message involving "system 32" continusly popped my icons are missing with the exception of the the trash bin
i ran otl and the logs are attached below
thank you for any help

OTL logfile created on: 10/25/2011 1:52:49 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = G:\OTL
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

957.87 Mb Total Physical Memory | 395.68 Mb Available Physical Memory | 41.31% Memory free
2.13 Gb Paging File | 0.66 Gb Available in Paging File | 30.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 59.17 Gb Total Space | 28.65 Gb Free Space | 48.42% Space Free | Partition Type: NTFS
Drive D: | 45.48 Gb Total Space | 45.08 Gb Free Space | 99.13% Space Free | Partition Type: NTFS
Drive F: | 6.85 Gb Total Space | 0.87 Gb Free Space | 12.63% Space Free | Partition Type: NTFS
Drive G: | 7.40 Gb Total Space | 7.29 Gb Free Space | 98.54% Space Free | Partition Type: FAT32

Computer Name: JOEBROPHY | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/24 19:22:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- G:\OTL\OTL.exe
PRC - [2011/07/28 20:04:38 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/05/02 00:53:18 | 000,235,168 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe
PRC - [2011/01/07 22:09:32 | 000,585,728 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2009/04/10 23:27:46 | 001,792,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/29 20:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/09/12 21:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2006/12/25 08:00:00 | 000,177,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIAIA.EXE
PRC - [2006/12/18 16:12:31 | 000,077,824 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0\bin\jusched.exe
PRC - [2006/11/24 19:34:20 | 000,118,877 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
PRC - [2006/11/24 19:34:16 | 000,270,431 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/16 03:44:14 | 000,235,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\5debac527eb5d431bbc033e36c80826a\TaskScheduler.ni.dll
MOD - [2011/10/16 03:42:24 | 001,536,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MMCEx\dc38366e3458237ab394a5082b2f17fe\MMCEx.ni.dll
MOD - [2011/10/16 03:41:17 | 006,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\7a21126b43da3012cdf81aefc8af03d7\MIGUIControls.ni.dll
MOD - [2011/10/16 03:41:12 | 000,558,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\dbc1816a7bd59302368ec20a8b1cdfb5\Microsoft.ManagementConsole.ni.dll
MOD - [2011/10/16 03:41:12 | 000,285,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\daadd85d23b93f162d03a05c4cb0f2c3\MMCFxCommon.ni.dll
MOD - [2011/10/16 03:41:11 | 000,543,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\EventViewer\988d71b788a69c083b6dd6993b37269d\EventViewer.ni.dll
MOD - [2011/10/16 03:39:32 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8645de531003807d00822e03986a075d\System.ServiceProcess.ni.dll
MOD - [2011/10/16 03:38:43 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011/10/16 03:37:09 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/16 03:36:42 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/16 03:36:28 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/16 03:35:04 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/16 03:34:29 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/01/07 22:09:34 | 000,516,599 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2011/01/07 22:09:32 | 000,585,728 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2011/01/07 22:09:32 | 000,352,256 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetect.dll
MOD - [2011/01/07 22:09:32 | 000,139,264 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2011/01/07 22:09:32 | 000,139,264 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2011/01/07 22:09:32 | 000,094,208 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2006/11/24 19:34:20 | 000,339,968 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
MOD - [2006/11/24 19:34:04 | 000,233,573 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
MOD - [2006/11/24 19:34:04 | 000,114,783 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
MOD - [2006/11/24 19:34:04 | 000,032,768 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll
MOD - [2006/11/24 19:33:18 | 000,061,440 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2008/01/29 20:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/12 21:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 21:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2006/11/24 19:34:20 | 000,118,877 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006/11/24 19:34:16 | 000,270,431 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2006/06/26 13:50:08 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2004/10/22 07:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)

========== Driver Services (SafeList) ==========

DRV - [2011/05/10 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/03/24 10:57:54 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2011/03/24 10:57:54 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/06/23 10:23:44 | 000,023,040 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010/01/18 16:39:06 | 000,003,200 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rcmirror.sys -- (rcmirror)
DRV - [2009/06/10 00:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2006/12/07 00:25:00 | 004,456,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006/11/18 15:32:16 | 000,145,920 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2006/11/15 13:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/15 08:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/15 06:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/02 03:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006/09/15 04:44:18 | 000,011,520 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/08/05 05:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/06/28 13:57:00 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/06/28 13:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4232943091-3845391729-3869957007-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.philadelphiaeagles.com/
IE - HKU\S-1-5-21-4232943091-3845391729-3869957007-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4232943091-3845391729-3869957007-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4232943091-3845391729-3869957007-1000..\Run: [EPSON Stylus Photo R220 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_62468070.lnk = C:\Users\User\AppData\Local\Temp\_uninst_62468070.bat ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-4232943091-3845391729-3869957007-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C24E73B9-E452-4298-A409-623AC28A134F}: DhcpNameServer = 192.168.1.1 71.252.0.12
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/18 15:58:05 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - F:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{8edbc054-76bf-11e0-93e7-001b243f8fd6}\Shell - "" = AutoRun
O33 - MountPoints2\{8edbc054-76bf-11e0-93e7-001b243f8fd6}\Shell\AutoRun\command - "" = G:\iStudio.exe
O33 - MountPoints2\{94909e2a-85bf-11e0-85db-001b243f8fd6}\Shell - "" = AutoRun
O33 - MountPoints2\{94909e2a-85bf-11e0-85db-001b243f8fd6}\Shell\AutoRun\command - "" = I:\iStudio.exe
O33 - MountPoints2\{9daf452e-7ac2-11e0-871a-001b243f8fd6}\Shell - "" = AutoRun
O33 - MountPoints2\{9daf452e-7ac2-11e0-871a-001b243f8fd6}\Shell\AutoRun\command - "" = I:\iStudio.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/24 14:25:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\Kaspersky Lab
[2011/10/18 12:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\VitalSource Bookshelf
[2011/10/13 13:40:11 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/10/13 13:39:32 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/10/13 13:39:32 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011/10/13 13:39:32 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2011/10/13 13:39:31 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2011/10/13 13:38:26 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/10/13 13:38:25 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/10/13 13:38:21 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/10/13 13:38:21 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/10/13 13:38:21 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/10/13 13:38:21 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/10/13 13:38:20 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/10/13 13:38:20 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/10/13 13:38:20 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/10/13 13:38:20 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/10/13 13:38:20 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/10/13 13:38:19 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/10/13 13:38:19 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/10/13 13:38:19 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/10/13 13:38:19 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/10/13 13:38:19 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/10/13 13:38:19 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/10/13 13:38:19 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/10/13 13:37:35 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2011/10/13 13:37:34 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2011/10/07 19:02:10 | 000,306,181 | -H-- | C] (Windows ® Win 7 DDK provider) -- C:\Users\User\AppData\Roaming\ScanDisc.exe
[2011/09/25 20:09:26 | 000,000,000 | -H-D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

========== Files - Modified Within 30 Days ==========

[2011/10/25 13:50:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/25 13:19:00 | 000,000,904 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4232943091-3845391729-3869957007-1000UA.job
[2011/10/25 12:54:33 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/25 12:54:33 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/25 02:50:00 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/24 15:02:07 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/24 15:02:07 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/24 14:55:40 | 000,000,146 | -H-- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/10/24 14:54:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/24 14:54:19 | 1003,094,016 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/24 14:52:58 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/10/24 14:51:26 | 000,000,176 | -HS- | M] () -- C:\Windows\5294447drv.spi
[2011/10/24 14:25:53 | 000,000,802 | -H-- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_62468070.lnk
[2011/10/24 14:19:00 | 000,000,852 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4232943091-3845391729-3869957007-1000Core.job
[2011/10/24 02:33:32 | 000,000,464 | -H-- | M] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/10/24 02:32:01 | 000,000,232 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/10/24 02:32:01 | 000,000,112 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/10/24 02:30:41 | 000,012,978 | -H-- | M] () -- C:\Users\User\AppData\Roaming\nvModes.001
[2011/10/24 02:10:27 | 000,012,978 | -H-- | M] () -- C:\Users\User\AppData\Roaming\nvModes.dat
[2011/10/19 13:02:47 | 000,491,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/17 18:50:09 | 000,000,318 | -H-- | M] () -- C:\Windows\tasks\HPCeeScheduleForUser.job
[2011/10/14 00:02:19 | 000,002,627 | -H-- | M] () -- C:\Users\User\Desktop\Microsoft Office Word 2007.lnk
[2011/10/13 19:40:49 | 000,011,929 | ---- | M] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2011/10/07 19:02:10 | 000,001,553 | -H-- | M] () -- C:\Users\User\Desktop\Computer.lnk
[2011/10/07 19:02:10 | 000,000,288 | -H-- | M] () -- C:\Users\User\AppData\Roaming\7CDC8564.reg
[2011/10/07 19:01:16 | 000,306,181 | -H-- | M] (Windows ® Win 7 DDK provider) -- C:\Users\User\AppData\Roaming\ScanDisc.exe
[2011/10/07 11:16:27 | 000,002,037 | -H-- | M] () -- C:\Users\User\Desktop\Google Chrome.lnk
[2011/09/30 19:06:08 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/09/30 19:03:05 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/09/30 19:02:36 | 000,602,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/09/30 19:02:36 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/09/30 19:02:06 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/09/30 19:01:57 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/09/30 19:01:51 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/09/30 19:01:34 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/09/30 19:01:34 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/09/30 19:01:34 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/09/30 19:01:33 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/09/30 19:01:33 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/09/30 19:01:29 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/09/30 18:07:25 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/09/30 17:29:54 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/09/30 17:29:44 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/09/30 17:29:05 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/09/30 17:28:36 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

========== Files Created - No Company Name ==========

[2011/10/24 14:51:26 | 000,000,176 | -HS- | C] () -- C:\Windows\5294447drv.spi
[2011/10/24 14:25:53 | 000,000,802 | -H-- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_62468070.lnk
[2011/10/24 13:48:23 | 1003,094,016 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/24 02:32:01 | 000,000,112 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/10/24 02:32:00 | 000,000,232 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/10/24 02:28:38 | 000,000,464 | -H-- | C] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/10/13 19:35:22 | 000,011,929 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2011/10/07 19:02:10 | 000,001,553 | -H-- | C] () -- C:\Users\User\Desktop\Computer.lnk
[2011/10/07 19:02:10 | 000,000,288 | -H-- | C] () -- C:\Users\User\AppData\Roaming\7CDC8564.reg
[2011/09/25 20:09:46 | 000,002,037 | -H-- | C] () -- C:\Users\User\Desktop\Google Chrome.lnk
[2011/09/25 20:08:16 | 000,000,904 | -H-- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4232943091-3845391729-3869957007-1000UA.job
[2011/09/25 20:08:15 | 000,000,852 | -H-- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4232943091-3845391729-3869957007-1000Core.job
[2011/08/09 22:22:36 | 000,000,680 | -H-- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat
[2011/08/09 14:21:21 | 000,130,806 | ---- | C] () -- C:\Windows\hpoins18.dat
[2011/08/09 14:20:23 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2011/04/16 17:16:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/04/16 17:15:21 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/04/16 11:26:45 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/04/14 23:42:23 | 000,005,120 | -H-- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/13 21:25:12 | 002,340,992 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2011/04/13 21:25:12 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2011/04/13 21:25:12 | 000,018,048 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2011/04/13 21:25:12 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2011/04/13 21:25:12 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2011/04/06 22:33:47 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011/04/06 22:33:47 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011/04/06 22:33:47 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011/04/06 22:33:47 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011/04/06 22:33:46 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011/04/06 22:33:46 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011/04/06 22:33:46 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011/04/06 22:33:46 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011/04/06 22:33:46 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011/04/06 22:33:46 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011/04/06 22:33:46 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011/04/06 22:33:46 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011/04/06 22:33:46 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011/04/06 22:33:46 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011/04/06 22:33:46 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011/04/06 22:33:46 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011/04/06 21:38:51 | 000,000,010 | ---- | C] () -- C:\Windows\WinInit.ini
[2011/04/01 21:32:36 | 000,012,978 | -H-- | C] () -- C:\Users\User\AppData\Roaming\nvModes.001
[2011/04/01 21:28:49 | 000,012,978 | -H-- | C] () -- C:\Users\User\AppData\Roaming\nvModes.dat
[2010/01/18 16:38:46 | 000,010,496 | ---- | C] () -- C:\Windows\System32\rcmirror.dll
[2008/01/14 17:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2006/12/18 14:49:30 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2006/11/29 03:32:42 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,491,344 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/19 03:02:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/19 03:02:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/03/09 19:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/08/26 15:28:34 | 000,143,360 | ---- | C] () -- C:\Windows\unzip.exe
[2005/08/26 15:27:58 | 000,045,056 | ---- | C] () -- C:\Windows\devenum.exe
[2005/05/07 08:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2004/09/16 16:24:26 | 003,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll

========== LOP Check ==========

[2011/04/27 21:15:25 | 000,000,000 | -H-D | M] -- C:\Users\User\AppData\Roaming\Avery
[2011/06/15 12:21:47 | 000,000,000 | -H-D | M] -- C:\Users\User\AppData\Roaming\HTC
[2011/04/24 23:56:44 | 000,000,000 | -H-D | M] -- C:\Users\User\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011/04/09 19:02:44 | 000,000,000 | -H-D | M] -- C:\Users\User\AppData\Roaming\WildTangent
[2011/10/24 14:53:09 | 000,024,940 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 10/25/2011 1:52:49 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = G:\OTL
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

957.87 Mb Total Physical Memory | 395.68 Mb Available Physical Memory | 41.31% Memory free
2.13 Gb Paging File | 0.66 Gb Available in Paging File | 30.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 59.17 Gb Total Space | 28.65 Gb Free Space | 48.42% Space Free | Partition Type: NTFS
Drive D: | 45.48 Gb Total Space | 45.08 Gb Free Space | 99.13% Space Free | Partition Type: NTFS
Drive F: | 6.85 Gb Total Space | 0.87 Gb Free Space | 12.63% Space Free | Partition Type: NTFS
Drive G: | 7.40 Gb Total Space | 7.29 Gb Free Space | 98.54% Space Free | Partition Type: FAT32

Computer Name: JOEBROPHY | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{090CF6CF-EE2B-41E5-8C78-4E27BDD9A0C7}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{0CA0798A-3E2C-4FD7-BEAB-7513E7519FE5}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{49D3A59D-5DA6-4C72-9281-549AFA9D3F6F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{60DEC888-F219-4253-B879-9DCB9F49D1E6}" = protocol=17 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{69766FF7-C030-44B6-941A-342BD87A0965}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{6B57F522-FAAD-41A8-B1C1-953062BF9446}" = dir=in | app=c:\program files\hp connections\6811507\program\hp connections |
"{6B858232-CDA8-4787-BC69-95686C88817A}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{81A65DC1-77E6-4167-8E14-4B7FCA87FA72}" = protocol=17 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{847B4D9A-56A3-49A5-9521-2D7585715908}" = protocol=6 | dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{90528E1E-A1FE-4A81-B793-12DCFBBD3662}" = protocol=17 | dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{95ECDD01-AB84-4195-A36C-29147C571235}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{964A17A2-B864-49C4-AE05-C970AF48F245}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{9E02C4F2-DF48-4ADA-B6DF-757714F01315}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{AB06BDE8-59B8-48EC-BE3A-F47C57907ABE}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{D0E33B3D-1A5D-4264-A998-9D761F9F2B0E}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{E4F8C58C-172C-4E9F-87BD-9C7CCBAA8251}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{EC58DC15-F7C5-434D-85D3-CDAD99FD9AC4}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02F33FB0-F7D5-4C0A-B4AD-8CE5CE230BBE}" = HP Wireless Assistant
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{21E62565-8639-457C-B64C-A3FF0A8B4D80}" = HP Active Support Library
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{32821558-2C36-4FD0-A891-CA65360B0EC7}" = DesignPro 5
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.10 B9
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{405ABBEB-8DF1-4174-86C0-DCB5E1C78F14}" = NetDeviceManager
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.0
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4BD5B5D2-406D-4bc5-BB10-2F0D1D367C95}" = c6100_Help
"{55559ABB-AB08-416F-A227-6319B545AF83}" = VitalSource Bookshelf
"{5645FB61-898F-4F59-AF80-52FEF3D63A64}" = HTC Sync
"{612F4E20-3661-4D44-AD79-823F1B613FB3}" = HP Update
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{99C5770C-1C90-42E7-9B74-D47CFAF14621}" = muvee autoProducer 5.0
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{A12A3DED-CCDA-4F29-A1BA-00F0C6521CD5}" = HP Total Care Advisor
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{ABFBC596-7EB3-4E4D-A1A3-D2B6806EF1FE}" = HP User Guide 0041
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E4DDBA93-769B-49D8-BA33-8814E45ED0C1}" = HP Help and Support
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{FAA9B753-45CE-4581-876C-55D97939B631}" = C6100
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = ASL_HS_Installer32
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7" = Soft Data Fax Modem with SmartCP
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 8.0.1 Home Edition
"EPSON Printer and Utilities" = EPSON Printer Software
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"HPOOVClient-6811507 Uninstaller" = HP Connections (remove only)
"InstallShield_{32821558-2C36-4FD0-A891-CA65360B0EC7}" = DesignPro 5
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WildTangent hplaptop Master Uninstall" = My HP Games
"Yahoo! Companion" = Yahoo! Toolbar for Internet Explorer
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4232943091-3845391729-3869957007-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/7/2011 7:01:39 PM | Computer Name = JoeBrophy | Source = Application Error | ID = 1000
Description = Faulting application AcroRd32.exe, version 8.2.0.81, time stamp 0x4b2bb4a5,
faulting module AcroForm.api, version 8.2.0.81, time stamp 0x4b2baba2, exception
code 0xc0000409, fault offset 0x0048cdef, process id 0xc6c, application start time
0x01cc8544e7d424a0.

Error - 10/8/2011 12:03:03 AM | Computer Name = JoeBrophy | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.19120 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: ec8 Start Time: 01cc84d952865a00 Termination Time: 1074

Error - 10/11/2011 4:28:12 PM | Computer Name = JoeBrophy | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe_HPSLPSVC, version 6.0.6001.18000,
time stamp 0x47918b89, faulting module unknown, version 0.0.0.0, time stamp 0x00000000,
exception code 0xc0000005, fault offset 0x006f006c, process id 0xaa8, application
start time 0x01cc7cd4824deb48.

Error - 10/12/2011 1:42:44 AM | Computer Name = JoeBrophy | Source = Application Hang | ID = 1002
Description = The program WINWORD.EXE version 12.0.6545.5000 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: bec Start Time: 01cc7e1b400388e0 Termination Time: 9691

Error - 10/12/2011 12:04:37 PM | Computer Name = JoeBrophy | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Initialization of the COM subsystem failed.
Error code: 0x8007041D

Error - 10/13/2011 1:13:13 PM | Computer Name = JoeBrophy | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Initialization of the COM subsystem failed.
Error code: 0x8007041D

Error - 10/14/2011 10:41:43 PM | Computer Name = JoeBrophy | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.19120, time stamp
0x4e2a9406, faulting module Flash10p.ocx, version 10.2.159.1, time stamp 0x4da39a4c,
exception code 0xc0000005, fault offset 0x004042af, process id 0xe58, application
start time 0x01cc8ab7cac312e0.

Error - 10/21/2011 11:46:19 AM | Computer Name = JoeBrophy | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe_HPSLPSVC, version 6.0.6001.18000,
time stamp 0x47918b89, faulting module unknown, version 0.0.0.0, time stamp 0x00000000,
exception code 0xc0000005, fault offset 0x002e0064, process id 0x8c8, application
start time 0x01cc8f4a2e43049d.

Error - 10/24/2011 2:22:45 AM | Computer Name = JoeBrophy | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe_HPSLPSVC, version 6.0.6001.18000,
time stamp 0x47918b89, faulting module unknown, version 0.0.0.0, time stamp 0x00000000,
exception code 0xc0000005, fault offset 0x006f006c, process id 0x900, application
start time 0x01cc914c3b1f2976.

Error - 10/24/2011 12:32:09 PM | Computer Name = JoeBrophy | Source = EventSystem | ID = 4609
Description =

[ OSession Events ]
Error - 4/15/2011 7:38:59 PM | Computer Name = JoeBrophy | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 764
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/24/2011 12:33:01 PM | Computer Name = JoeBrophy | Source = Service Control Manager | ID = 7026
Description =

Error - 10/24/2011 12:33:01 PM | Computer Name = JoeBrophy | Source = Service Control Manager | ID = 7001
Description =

Error - 10/24/2011 12:33:01 PM | Computer Name = JoeBrophy | Source = Service Control Manager | ID = 7001
Description =

Error - 10/24/2011 12:33:01 PM | Computer Name = JoeBrophy | Source = Service Control Manager | ID = 7001
Description =

Error - 10/24/2011 12:33:01 PM | Computer Name = JoeBrophy | Source = Service Control Manager | ID = 7001
Description =

Error - 10/24/2011 1:54:24 PM | Computer Name = JoeBrophy | Source = Service Control Manager | ID = 7009
Description =

Error - 10/24/2011 1:54:24 PM | Computer Name = JoeBrophy | Source = Service Control Manager | ID = 7000
Description =

Error - 10/24/2011 1:57:59 PM | Computer Name = JoeBrophy | Source = Service Control Manager | ID = 7022
Description =

Error - 10/24/2011 2:51:59 PM | Computer Name = JoeBrophy | Source = DCOM | ID = 10000
Description =

Error - 10/24/2011 3:00:40 PM | Computer Name = JoeBrophy | Source = Service Control Manager | ID = 7022
Description =

< End of report >

#2
SweetTech

Posted 25 October 2011 - 02:21 PM

Sir SpamAlot

Retired Staff
7,671 posts

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :yes:

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together
Because of this, you must reply within three days failure to reply will result in the topic being closed!
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Please download UnHide.exe by Grinler.

It will unhide folders/files that were set to be hidden by the infection you had.

NEXT:

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox.

:Services
:Processes
KILLALLPROCESSES
:OTL
O4 - HKLM..\Run: [] File not found
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_62468070.lnk = C:\Users\User\AppData\Local\Temp\_uninst_62468070.bat ()
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-4232943091-3845391729-3869957007-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O33 - MountPoints2\{8edbc054-76bf-11e0-93e7-001b243f8fd6}\Shell - "" = AutoRun
O33 - MountPoints2\{8edbc054-76bf-11e0-93e7-001b243f8fd6}\Shell\AutoRun\command - "" = G:\iStudio.exe
O33 - MountPoints2\{94909e2a-85bf-11e0-85db-001b243f8fd6}\Shell - "" = AutoRun
O33 - MountPoints2\{94909e2a-85bf-11e0-85db-001b243f8fd6}\Shell\AutoRun\command - "" = I:\iStudio.exe
O33 - MountPoints2\{9daf452e-7ac2-11e0-871a-001b243f8fd6}\Shell - "" = AutoRun
O33 - MountPoints2\{9daf452e-7ac2-11e0-871a-001b243f8fd6}\Shell\AutoRun\command - "" = I:\iStudio.exe
[2011/10/24 14:51:26 | 000,000,176 | -HS- | M] () -- C:\Windows\5294447drv.spi
[2011/10/24 14:25:53 | 000,000,802 | -H-- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_62468070.lnk
[2011/10/24 14:19:00 | 000,000,852 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4232943091-3845391729-3869957007-1000Core.job
[2011/10/24 02:33:32 | 000,000,464 | -H-- | M] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/10/24 02:32:01 | 000,000,232 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/10/24 02:32:01 | 000,000,112 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/10/07 19:02:10 | 000,001,553 | -H-- | M] () -- C:\Users\User\Desktop\Computer.lnk
[2011/10/07 19:02:10 | 000,000,288 | -H-- | M] () -- C:\Users\User\AppData\Roaming\7CDC8564.reg
[2011/10/07 19:01:16 | 000,306,181 | -H-- | M] (Windows ® Win 7 DDK provider) -- C:\Users\User\AppData\Roaming\ScanDisc.exe
[2011/10/24 14:51:26 | 000,000,176 | -HS- | C] () -- C:\Windows\5294447drv.spi
[2011/10/24 14:25:53 | 000,000,802 | -H-- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_62468070.lnk
[2011/10/24 02:32:01 | 000,000,112 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/10/24 02:32:00 | 000,000,232 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/10/24 02:28:38 | 000,000,464 | -H-- | C] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/10/07 19:02:10 | 000,001,553 | -H-- | C] () -- C:\Users\User\Desktop\Computer.lnk
[2011/10/07 19:02:10 | 000,000,288 | -H-- | C] () -- C:\Users\User\AppData\Roaming\7CDC8564.reg

:Reg

:Files
echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptyjava]
[EMPTYFLASH]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:

Scanning with GMER

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Download GMER Rootkit Scanner from here or here.

Extract the contents of the zipped file to desktop.
Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and attach it in your reply.

Notes:
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning.

NEXT:

What issues are you currently experiencing with your computer?

#3
jfbrophy

Posted 27 October 2011 - 01:17 PM

New Member

Topic Starter
Member
6 posts

Ran unhide, otl fix, and gmer otl and gmer logs below, have not reboot will post again after reboot
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_62468070.lnk moved successfully.
C:\Users\User\AppData\Local\Temp\_uninst_62468070.bat moved successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http not found.
Registry value HKEY_USERS\S-1-5-21-4232943091-3845391729-3869957007-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8edbc054-76bf-11e0-93e7-001b243f8fd6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8edbc054-76bf-11e0-93e7-001b243f8fd6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8edbc054-76bf-11e0-93e7-001b243f8fd6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8edbc054-76bf-11e0-93e7-001b243f8fd6}\ not found.
File G:\iStudio.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94909e2a-85bf-11e0-85db-001b243f8fd6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94909e2a-85bf-11e0-85db-001b243f8fd6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94909e2a-85bf-11e0-85db-001b243f8fd6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94909e2a-85bf-11e0-85db-001b243f8fd6}\ not found.
File I:\iStudio.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9daf452e-7ac2-11e0-871a-001b243f8fd6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9daf452e-7ac2-11e0-871a-001b243f8fd6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9daf452e-7ac2-11e0-871a-001b243f8fd6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9daf452e-7ac2-11e0-871a-001b243f8fd6}\ not found.
File I:\iStudio.exe not found.
C:\Windows\5294447drv.spi moved successfully.
File C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_62468070.lnk not found.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4232943091-3845391729-3869957007-1000Core.job moved successfully.
C:\ProgramData\6DSS92c31Apgjk moved successfully.
C:\ProgramData\~6DSS92c31Apgjk moved successfully.
C:\ProgramData\~6DSS92c31Apgjkr moved successfully.
C:\Users\User\Desktop\Computer.lnk moved successfully.
C:\Users\User\AppData\Roaming\7CDC8564.reg moved successfully.
C:\Users\User\AppData\Roaming\ScanDisc.exe moved successfully.
File C:\Windows\5294447drv.spi not found.
File C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_62468070.lnk not found.
File C:\ProgramData\~6DSS92c31Apgjkr not found.
File C:\ProgramData\~6DSS92c31Apgjk not found.
File C:\ProgramData\6DSS92c31Apgjk not found.
File C:\Users\User\Desktop\Computer.lnk not found.
File C:\Users\User\AppData\Roaming\7CDC8564.reg not found.
========== REGISTRY ==========
========== FILES ==========
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\Windows\system32\drivers\etc\hosts
G:\OTL\cmd.bat deleted successfully.
G:\OTL\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
G:\OTL\cmd.bat deleted successfully.
G:\OTL\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Error creating restore point.

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: User
->Java cache emptied: 1059644 bytes

Total Java Files Cleaned = 1.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56502 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: User
->Flash cache emptied: 103803 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 10252011_220452

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Gmer---
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-27 15:17:24
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000061 ST912082 rev.7.24
Running: gmer.exe; Driver: C:\Users\User\AppData\Local\Temp\kxlcapog.sys

---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x89C0F340, 0x2926E7, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[1208] USER32.dll!CreateWindowExW 75F11305 5 Bytes JMP 6BA4DB5C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1208] USER32.dll!DialogBoxParamW 75F310B0 5 Bytes JMP 6B9754D5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1208] USER32.dll!DialogBoxIndirectParamW 75F32EF5 5 Bytes JMP 6BB453C7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1208] USER32.dll!DialogBoxParamA 75F48152 5 Bytes JMP 6BB45364 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1208] USER32.dll!DialogBoxIndirectParamA 75F4847D 5 Bytes JMP 6BB4542A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1208] USER32.dll!MessageBoxIndirectA 75F5D4D9 5 Bytes JMP 6BB452F9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1208] USER32.dll!MessageBoxIndirectW 75F5D5D3 5 Bytes JMP 6BB4528E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1208] USER32.dll!MessageBoxExA 75F5D639 5 Bytes JMP 6BB4522C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1208] USER32.dll!MessageBoxExW 75F5D65D 5 Bytes JMP 6BB451CA C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1308] USER32.dll!CreateDialogParamW 75F072A2 5 Bytes JMP 6BA4DEE8 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1308] USER32.dll!GetAsyncKeyState 75F0863C 5 Bytes JMP 6B968EF7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1308] USER32.dll!SetWindowsHookExW 75F087AD 5 Bytes JMP 6BA49AE9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1308] USER32.dll!CallNextHookEx 75F08E3B 5 Bytes JMP 6BA3D125 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1308] USER32.dll!UnhookWindowsHookEx 75F098DB 5 Bytes JMP 6B9B467E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1308] USER32.dll!EnableWindow 75F0CD8B 5 Bytes JMP 6BA4DD75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1308] USER32.dll!CreateWindowExW 75F11305 5 Bytes JMP 6BA4DB5C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1308] USER32.dll!GetKeyState 75F18CB1 5 Bytes JMP 6BA4D323 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1308] USER32.dll!IsDialogMessageW 75F20745 5 Bytes JMP 6B9759E7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1308] USER32.dll!CreateDialogParamA 75F217AA 5 Bytes JMP 6BB46033 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1308] USER32.dll!IsDialogMessage 75F21847 5 Bytes JMP 6BB458CF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1308] USER32.dll!CreateDialogIndirectParamA 75F226F1 5 Bytes JMP 6BB4606A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1308] USER32.dll!CreateDialogIndirectParamW 75F29A62 5 Bytes JMP 6BB460A1 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1308] USER32.dll!SetKeyboardState 75F30987 5 Bytes JMP 6BB45C3E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1308] USER32.dll!DialogBoxParamW 75F310B0 5 Bytes JMP 6B9754D5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1308] USER32.dll!DialogBoxIndirectParamW 75F32EF5 5 Bytes JMP 6BB453C7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1308] USER32.dll!SendInput 75F32F75 5 Bytes JMP 6BB467FB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1308] USER32.dll!EndDialog 75F3326E 5 Bytes JMP 6B977E8E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1308] USER32.dll!SetCursorPos 75F46FB2 5 Bytes JMP 6BB4684F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1308] USER32.dll!DialogBoxParamA 75F48152 5 Bytes JMP 6BB45364 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1308] USER32.dll!DialogBoxIndirectParamA 75F4847D 5 Bytes JMP 6BB4542A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1308] USER32.dll!MessageBoxIndirectA 75F5D4D9 5 Bytes JMP 6BB452F9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1308] USER32.dll!MessageBoxIndirectW 75F5D5D3 5 Bytes JMP 6BB4528E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1308] USER32.dll!MessageBoxExA 75F5D639 5 Bytes JMP 6BB4522C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1308] USER32.dll!MessageBoxExW 75F5D65D 5 Bytes JMP 6BB451CA C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1308] USER32.dll!keybd_event 75F5D972 5 Bytes JMP 6BB46B7F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1308] SHELL32.dll!SHRestricted + D95 763789A8 4 Bytes [4D, 30, 1C, 6A] {DEC EBP; XOR [EDX+EBP*2], BL}
.text C:\Program Files\Internet Explorer\iexplore.exe[1308] SHELL32.dll!SHRestricted + D9D 763789B0 8 Bytes [57, 2F, 1C, 6A, 9C, 5B, 1B, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[1308] ole32.dll!OleLoadFromStream 776C1E80 5 Bytes JMP 6BB4572F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1308] ole32.dll!CoCreateInstance 776F9F3E 5 Bytes JMP 6BA4DBB8 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016417e6b47
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016417e6b47 (not active ControlSet)

---- EOF - GMER 1.0.15 ----

#4
jfbrophy

Posted 27 October 2011 - 01:29 PM

New Member

Topic Starter
Member
6 posts

Rebooted so far i havent had the "system restore" pop up but things are still hidden on startmenu / control panel, computer, docuents etc havnt notice issues with proformance yet

#5
SweetTech

Posted 27 October 2011 - 10:10 PM

Sir SpamAlot

Retired Staff
7,671 posts

Hi!

Please run this tool and lets see how things are running.

Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the C:\ComboFix.txt for further review.

#6
jfbrophy

Posted 30 October 2011 - 04:06 PM

New Member

Topic Starter
Member
6 posts

Hi here is the combofix log

ComboFix 11-10-30.03 - User 10/30/2011 17:14:42.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.958.330 [GMT -4:00]
Running from: c:\users\User\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\HPCPCUninstaller-6.3.2.139-6811507.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-30 )))))))))))))))))))))))))))))))
.
.
2011-10-30 21:23 . 2011-10-30 21:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-30 21:07 . 2011-10-30 21:07 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{40CCD186-0724-44FD-B34C-A0C9981A3FF8}\offreg.dll
2011-10-28 07:38 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{40CCD186-0724-44FD-B34C-A0C9981A3FF8}\mpengine.dll
2011-10-26 13:40 . 2011-08-13 04:43 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-10-24 18:25 . 2011-10-24 18:25 -------- d-----w- c:\programdata\Kaspersky Lab
2011-10-18 16:02 . 2011-10-18 16:02 -------- d-----w- c:\program files\VitalSource Bookshelf
2011-10-13 17:40 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-10-13 17:39 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 17:39 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 17:39 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-13 17:39 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-13 17:37 . 2011-09-14 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-10-13 17:37 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-13 17:37 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 17:37 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 17:37 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-07 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-11-24 167936]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-11-28 46704]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2006-12-18 77824]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-07 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-07 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-07 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-01-08 585728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Connections.lnk - c:\program files\HP Connections\6811507\Program\HP Connections.exe [2006-12-18 34520]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2006-11-22 00:36 1474560 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-07 136176]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-03-24 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-03-24 8456]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-07 136176]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-06-10 24576]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [2010-01-18 3200]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-07 19:23]
.
2011-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-07 19:23]
.
2011-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4232943091-3845391729-3869957007-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-26 03:38]
.
2011-10-17 c:\windows\Tasks\HPCeeScheduleForUser.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2006-12-18 00:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.philadelphiaeagles.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-30 17:23
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-10-30 17:27:06
ComboFix-quarantined-files.txt 2011-10-30 21:27
.
Pre-Run: 31,102,251,008 bytes free
Post-Run: 31,997,374,464 bytes free
.
- - End Of File - - BFD7B3A6DDE6BF37454268AE520D5D1A

#7
SweetTech

Posted 30 October 2011 - 10:46 PM

Sir SpamAlot

Retired Staff
7,671 posts

Hi!

How are things running?

Scanning with MalwareBytes' Anti-Malware

Please download Malwarebytes' Anti-Malware (v1.51.0.1200) and save it to your desktop.
Download Link 1
Download Link 2Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to this Guide.
When the installation begins, follow the prompts and do not make any changes to default settings.
Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
If an update is found, the program will automatically update itself. Press the OK button and continue.
If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
Click on the Scan button.
When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
Make sure that everything is checked and then click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
Exit Malwarebytes' when done.

Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.

NEXT:

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Make sure that the option "Remove found threats" is Unchecked
When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
- Enable Anti-Stealth technology
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

NEXT:

Security Check
Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

#8
jfbrophy

Posted 01 November 2011 - 08:23 PM

New Member

Topic Starter
Member
6 posts

==========================results of Malwarebytes====================
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8057

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

11/1/2011 1:56:39 AM
mbam-log-2011-11-01 (01-56-39).txt

Scan type: Quick scan
Objects scanned: 171779
Time elapsed: 8 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

=============================results of eset====================
eset scan

C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\User\Desktop\0.33446841228754287.exe a variant of Win32/Kryptik.UIY trojan
C:\Users\User\AppData\Local\Temp\miaD7AD.tmp\data\OFFLINE\D038292B\DBD9B16A\Launcher.exe Win32/RegistryBooster application
C:\Users\User\AppData\Local\Temp\miaD7AD.tmp\data\OFFLINE\D038292B\DBD9B16A\rbmonitor.exe Win32/RegistryBooster application
C:\Users\User\AppData\Local\Temp\miaD7AD.tmp\data\OFFLINE\D038292B\DBD9B16A\rbnotifier.exe Win32/RegistryBooster application
C:\Users\User\AppData\Local\Temp\miaD7AD.tmp\data\OFFLINE\D038292B\DBD9B16A\rb_move_serial.exe Win32/RegistryBooster application
C:\Users\User\AppData\Local\Temp\miaD7AD.tmp\data\OFFLINE\D038292B\DBD9B16A\rb_ubm.exe Win32/RegistryBooster application
C:\Users\User\AppData\Local\Temp\miaD7AD.tmp\data\OFFLINE\D038292B\DBD9B16A\registrybooster.exe Win32/RegistryBooster application
C:\Users\User\Desktop\registrybooster.exe Win32/RegistryBooster application

=============================results of SecurityCheck===============

Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java™ SE Runtime Environment 6
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSASCui.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Windows Defender MSASCui.exe
``````````End of Log````````````
==============================================================
SecurityCheck ran & post made by John Brophy, while Joe was at work.

#9
SweetTech

Posted 02 November 2011 - 10:14 PM

Sir SpamAlot

Retired Staff
7,671 posts

Hi!

You should look into getting yourself an Anti-Virus program for this computer.

Also, I'm providing instructions for updating Java to the latest version. If you need the previous version to be installed, please skip the instructions for updating it.

These threat(s) below will be removed very shortly:

C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\User\Desktop\0.33446841228754287.exe a variant of Win32/Kryptik.UIY trojan
C:\Users\User\AppData\Local\Temp\miaD7AD.tmp\data\OFFLINE\D038292B\DBD9B16A\Launcher.exe Win32/RegistryBooster application
C:\Users\User\AppData\Local\Temp\miaD7AD.tmp\data\OFFLINE\D038292B\DBD9B16A\rbmonitor.exe Win32/RegistryBooster application
C:\Users\User\AppData\Local\Temp\miaD7AD.tmp\data\OFFLINE\D038292B\DBD9B16A\rbnotifier.exe Win32/RegistryBooster application
C:\Users\User\AppData\Local\Temp\miaD7AD.tmp\data\OFFLINE\D038292B\DBD9B16A\rb_move_serial.exe Win32/RegistryBooster application
C:\Users\User\AppData\Local\Temp\miaD7AD.tmp\data\OFFLINE\D038292B\DBD9B16A\rb_ubm.exe Win32/RegistryBooster application
C:\Users\User\AppData\Local\Temp\miaD7AD.tmp\data\OFFLINE\D038292B\DBD9B16A\registrybooster.exe Win32/RegistryBooster application
C:\Users\User\Desktop\registrybooster.exe Win32/RegistryBooster application

____________________________________________________

From the looks of your SecurityCheck log, I can see that we have some outdated programs that need to be updated.

Lets address those programs that need updating now!

Your SecurityCheck log indicates that your version of Flash Player is outdated. This is a vulnerability that needs to be addressed. Please remove the outdated version of Flash Player and then install the latest version.

Java Outdated

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

Please follow these steps to remove older version Java components and update:

Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
Look for "Java Platform, Standard Edition".
Click the "Download JRE" button to the right.
Read the License Agreement, and then check the box that says: "Accept License Agreement".
From the list, select your OS and Platform:
- 32-bit Select: Windows x86 Offline.
- 64-bit Select: Windows x64.
If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
Close any programs you may have running - especially your web browser.

Go to

> Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.

Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-7-windows-i586.exe to install the newest version.
If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
When the Java Setup - Welcome window opens, click the Install > button.
If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:

Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
Click Ok and reboot your computer.

NEXT

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox.

:Services
:OTL

:Reg

:Files
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\User\Desktop\0.33446841228754287.exe
C:\Users\User\AppData\Local\Temp\miaD7AD.tmp\data\OFFLINE\D038292B\DBD9B16A\Launcher.exe
C:\Users\User\AppData\Local\Temp\miaD7AD.tmp\data\OFFLINE\D038292B\DBD9B16A\rbmonitor.exe
C:\Users\User\AppData\Local\Temp\miaD7AD.tmp\data\OFFLINE\D038292B\DBD9B16A\rbnotifier.exe
C:\Users\User\AppData\Local\Temp\miaD7AD.tmp\data\OFFLINE\D038292B\DBD9B16A\rb_move_serial.exe
C:\Users\User\AppData\Local\Temp\miaD7AD.tmp\data\OFFLINE\D038292B\DBD9B16A\rb_ubm.exe
C:\Users\User\AppData\Local\Temp\miaD7AD.tmp\data\OFFLINE\D038292B\DBD9B16A\registrybooster.exe
C:\Users\User\Desktop\registrybooster.exe
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:

OTL Custom Scan

We need to run an OTL Custom Scan

Please reopen on your desktop.
Copy and Paste the following code into the textbox.

netsvcs
drivers32
hklm\software\clients\startmenuinternet|command /rs
%USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Push the button.
A report will open. Copy and Paste that report in your next reply.

NEXT:

What outstanding issues (if any) are you still experiencing with your computer?

#10
jfbrophy

Posted 03 November 2011 - 10:32 AM

New Member

Topic Starter
Member
6 posts

otl fix
All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\User\Desktop\0.33446841228754287.exe moved successfully.
C:\Users\User\AppData\Local\Temp\miaD7AD.tmp\data\OFFLINE\D038292B\DBD9B16A\Launcher.exe moved successfully.
C:\Users\User\AppData\Local\Temp\miaD7AD.tmp\data\OFFLINE\D038292B\DBD9B16A\rbmonitor.exe moved successfully.
C:\Users\User\AppData\Local\Temp\miaD7AD.tmp\data\OFFLINE\D038292B\DBD9B16A\rbnotifier.exe moved successfully.
C:\Users\User\AppData\Local\Temp\miaD7AD.tmp\data\OFFLINE\D038292B\DBD9B16A\rb_move_serial.exe moved successfully.
C:\Users\User\AppData\Local\Temp\miaD7AD.tmp\data\OFFLINE\D038292B\DBD9B16A\rb_ubm.exe moved successfully.
C:\Users\User\AppData\Local\Temp\miaD7AD.tmp\data\OFFLINE\D038292B\DBD9B16A\registrybooster.exe moved successfully.
C:\Users\User\Desktop\registrybooster.exe moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
G:\OTL\cmd.bat deleted successfully.
G:\OTL\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: User
->Temp folder emptied: 30921411 bytes
->Temporary Internet Files folder emptied: 133459690 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 43381386 bytes
->Flash cache emptied: 1981 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 59734 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 198.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: User
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 11032011_120741

Files\Folders moved on Reboot...
C:\Users\User\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\VJCTK1QK\ads[1].htm moved successfully.
C:\Users\User\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\VJCTK1QK\ads[2].htm moved successfully.
C:\Users\User\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\VJCTK1QK\ads[3].htm moved successfully.
C:\Users\User\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\VJCTK1QK\page__gopid__2076516[1].htm moved successfully.
C:\Users\User\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\AT7J37D8\fastbutton[1].htm moved successfully.
C:\Users\User\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\34K0DTEN\ads[1].htm moved successfully.
C:\Users\User\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\34K0DTEN\si[1].htm moved successfully.
C:\Users\User\AppData\Local\Temp\ehmsas.txt moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...

otl scan log
OTL logfile created on: 11/3/2011 12:23:50 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = G:\OTL
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

957.87 Mb Total Physical Memory | 241.64 Mb Available Physical Memory | 25.23% Memory free
2.13 Gb Paging File | 1.00 Gb Available in Paging File | 46.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 59.17 Gb Total Space | 29.84 Gb Free Space | 50.43% Space Free | Partition Type: NTFS
Drive D: | 45.48 Gb Total Space | 45.09 Gb Free Space | 99.14% Space Free | Partition Type: NTFS
Drive F: | 6.85 Gb Total Space | 0.87 Gb Free Space | 12.63% Space Free | Partition Type: NTFS
Drive G: | 7.40 Gb Total Space | 7.26 Gb Free Space | 98.08% Space Free | Partition Type: FAT32

Computer Name: JOEBROPHY | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/24 19:22:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- G:\OTL\OTL.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/07/28 20:04:38 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/05/02 00:53:18 | 000,235,168 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe
PRC - [2011/01/07 22:09:32 | 000,585,728 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2011/01/07 22:09:30 | 002,530,671 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\adb.exe
PRC - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/29 20:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/09/12 21:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2006/11/24 19:34:20 | 000,118,877 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
PRC - [2006/11/24 19:34:16 | 000,270,431 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
PRC - [2006/10/10 20:44:10 | 000,034,520 | ---- | M] (Hewlett Packard) -- C:\Program Files\HP Connections\6811507\Program\HP Connections.exe

========== Modules (No Company Name) ==========

MOD - [2011/01/07 22:09:34 | 000,516,599 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2011/01/07 22:09:32 | 000,585,728 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2011/01/07 22:09:32 | 000,352,256 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetect.dll
MOD - [2011/01/07 22:09:32 | 000,139,264 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2011/01/07 22:09:32 | 000,139,264 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2011/01/07 22:09:32 | 000,094,208 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2011/01/07 22:09:30 | 002,530,671 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\adb.exe
MOD - [2006/12/18 15:52:25 | 000,098,339 | ---- | M] () -- C:\Program Files\HP Connections\6811507\6.3.2.139-6811507\Program\FrExt.dll
MOD - [2006/12/18 15:52:24 | 000,151,589 | ---- | M] () -- C:\Program Files\HP Connections\6811507\6.3.2.139-6811507\Program\bwfiles.dll
MOD - [2006/12/18 15:52:24 | 000,061,496 | ---- | M] () -- C:\Program Files\HP Connections\6811507\6.3.2.139-6811507\Program\clntutil.dll
MOD - [2006/12/18 15:52:21 | 000,135,168 | ---- | M] () -- C:\Program Files\HP Connections\6811507\Program\HPClientExt.dll
MOD - [2006/11/24 19:34:20 | 000,339,968 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
MOD - [2006/11/24 19:34:04 | 000,233,573 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
MOD - [2006/11/24 19:34:04 | 000,114,783 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
MOD - [2006/11/24 19:34:04 | 000,032,768 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll
MOD - [2006/11/24 19:33:18 | 000,061,440 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2008/01/29 20:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/12 21:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 21:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2006/11/24 19:34:20 | 000,118,877 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006/11/24 19:34:16 | 000,270,431 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2006/06/26 13:50:08 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2004/10/22 07:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)

========== Driver Services (SafeList) ==========

DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/05/10 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/03/24 10:57:54 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2011/03/24 10:57:54 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/06/23 10:23:44 | 000,023,040 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010/01/18 16:39:06 | 000,003,200 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rcmirror.sys -- (rcmirror)
DRV - [2009/06/10 00:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2006/12/07 00:25:00 | 004,456,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006/11/18 15:32:16 | 000,145,920 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2006/11/15 13:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/15 08:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/15 06:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/02 03:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006/09/15 04:44:18 | 000,011,520 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/08/05 05:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/06/28 13:57:00 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/06/28 13:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.philadelphiaeagles.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\

O1 HOSTS File: ([2011/11/03 12:07:57 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C24E73B9-E452-4298-A409-623AC28A134F}: DhcpNameServer = 192.168.1.1 71.252.0.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/18 15:58:05 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - F:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - File not found
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivXNetworks, Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2011/11/03 12:04:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/11/03 12:04:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/11/03 12:03:29 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/11/01 02:00:58 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/11/01 01:47:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2011/11/01 01:46:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/01 01:46:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/01 01:46:49 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/11/01 01:46:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/01 01:46:03 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\User\Desktop\mbam-setup-1.51.2.1300.exe
[2011/11/01 01:45:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\PackageAware
[2011/10/30 17:27:14 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/10/30 17:12:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/30 17:12:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/30 17:12:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/30 17:12:02 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/30 17:11:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/30 17:11:06 | 004,278,520 | R--- | C] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
[2011/10/24 14:25:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/10/18 12:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\VitalSource Bookshelf

========== Files - Modified Within 30 Days ==========

[2011/11/03 12:19:16 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4232943091-3845391729-3869957007-1000UA.job
[2011/11/03 12:19:11 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/03 12:19:11 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/03 12:12:54 | 000,000,146 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/11/03 12:12:34 | 000,012,978 | ---- | M] () -- C:\Users\User\AppData\Roaming\nvModes.001
[2011/11/03 12:12:14 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/03 12:11:49 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/03 12:11:49 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/03 12:11:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/03 12:11:36 | 1005,174,784 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/03 12:10:25 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/11/03 12:07:57 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/11/03 11:58:49 | 000,012,978 | ---- | M] () -- C:\Users\User\AppData\Roaming\nvModes.dat
[2011/11/03 11:50:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/01 22:14:56 | 000,869,194 | ---- | M] () -- C:\Users\User\Desktop\SecurityCheck.exe
[2011/11/01 01:46:53 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/01 01:46:12 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\User\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/30 17:11:20 | 004,278,520 | R--- | M] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
[2011/10/27 15:21:50 | 000,002,627 | ---- | M] () -- C:\Users\User\Desktop\Microsoft Office Word 2007.lnk
[2011/10/27 00:21:52 | 000,002,037 | ---- | M] () -- C:\Users\User\Desktop\Google Chrome.lnk
[2011/10/19 13:02:47 | 000,491,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/17 18:50:09 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForUser.job
[2011/10/13 19:40:49 | 000,011,929 | ---- | M] () -- C:\ProgramData\LUUnInstall.LiveUpdate

========== Files Created - No Company Name ==========

[2011/11/01 22:13:58 | 000,869,194 | ---- | C] () -- C:\Users\User\Desktop\SecurityCheck.exe
[2011/11/01 01:46:53 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/30 17:12:15 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/30 17:12:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/30 17:12:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/30 17:12:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/30 17:12:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/24 13:48:23 | 1005,174,784 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/13 19:35:22 | 000,011,929 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2011/08/09 22:22:36 | 000,000,680 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat
[2011/08/09 14:21:21 | 000,130,806 | ---- | C] () -- C:\Windows\hpoins18.dat
[2011/08/09 14:20:23 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2011/04/16 17:16:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/04/16 17:15:21 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/04/16 11:26:45 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/04/14 23:42:23 | 000,005,120 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/13 21:25:12 | 002,340,992 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2011/04/13 21:25:12 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2011/04/13 21:25:12 | 000,018,048 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2011/04/13 21:25:12 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2011/04/13 21:25:12 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2011/04/06 22:33:47 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011/04/06 22:33:47 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011/04/06 22:33:47 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011/04/06 22:33:47 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011/04/06 22:33:46 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011/04/06 22:33:46 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011/04/06 22:33:46 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011/04/06 22:33:46 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011/04/06 22:33:46 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011/04/06 22:33:46 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011/04/06 22:33:46 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011/04/06 22:33:46 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011/04/06 22:33:46 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011/04/06 22:33:46 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011/04/06 22:33:46 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011/04/06 22:33:46 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011/04/06 21:38:51 | 000,000,010 | ---- | C] () -- C:\Windows\WinInit.ini
[2011/04/01 21:32:36 | 000,012,978 | ---- | C] () -- C:\Users\User\AppData\Roaming\nvModes.001
[2011/04/01 21:28:49 | 000,012,978 | ---- | C] () -- C:\Users\User\AppData\Roaming\nvModes.dat
[2010/01/18 16:38:46 | 000,010,496 | ---- | C] () -- C:\Windows\System32\rcmirror.dll
[2008/01/14 17:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2006/12/18 14:49:30 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2006/11/29 03:32:42 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,491,344 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/19 03:02:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/19 03:02:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/03/09 19:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/08/26 15:28:34 | 000,143,360 | ---- | C] () -- C:\Windows\unzip.exe
[2005/08/26 15:27:58 | 000,045,056 | ---- | C] () -- C:\Windows\devenum.exe
[2005/05/07 08:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2004/09/16 16:24:26 | 003,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll

========== LOP Check ==========

[2011/04/27 21:15:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Avery
[2011/06/15 12:21:47 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\HTC
[2011/04/24 23:56:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011/04/09 19:02:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WildTangent
[2011/11/03 12:10:27 | 000,026,724 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/09/30 17:29:44 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/09/30 17:29:44 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/09/30 17:29:44 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/09/30 19:07:49 | 000,638,216 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/09/30 19:07:49 | 000,638,216 | ---- | M] (Microsoft Corporation)

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >
[2011/10/30 19:55:34 | 000,000,004 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
[2011/10/30 19:55:34 | 000,027,404 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Local State
[2011/10/24 14:29:36 | 006,939,628 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom
[2011/10/18 12:00:21 | 001,975,609 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom Filter 2
[2011/10/24 14:29:35 | 000,293,988 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Safe Browsing Download
[2011/09/25 20:09:47 | 000,053,248 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Archived History
[2011/09/25 20:11:55 | 000,000,757 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Bookmarks
[2011/09/25 20:11:55 | 000,000,757 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Bookmarks.bak
[2011/10/30 19:55:26 | 000,034,816 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies
[2011/10/30 19:55:34 | 000,001,336 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Current Session
[2011/10/30 19:55:34 | 000,000,826 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
[2011/10/24 14:28:14 | 000,045,056 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Favicons
[2011/10/30 19:55:34 | 000,286,720 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\History
[2011/09/26 14:43:26 | 000,536,576 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-09
[2011/10/30 19:55:34 | 000,061,440 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-10
[2011/10/30 19:55:34 | 000,003,360 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
[2011/10/24 14:51:16 | 000,021,494 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Last Session
[2011/10/24 14:51:59 | 000,011,502 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Last Tabs
[2011/09/26 00:35:44 | 000,012,288 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Login Data
[2011/10/30 19:55:34 | 000,018,478 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences
[2011/09/25 20:59:40 | 000,013,312 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\QuotaManager
[2011/10/30 19:55:12 | 000,053,248 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Top Sites
[2011/10/30 19:55:34 | 000,131,072 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Visited Links
[2011/10/30 19:54:56 | 000,073,728 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data
[2011/09/25 20:59:10 | 000,173,056 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Index
[2011/09/25 22:24:33 | 000,045,056 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\data_0
[2011/09/25 22:24:33 | 000,532,480 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\data_1
[2011/09/25 22:24:33 | 001,056,768 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\data_2
[2011/09/25 22:24:33 | 008,396,800 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\data_3
[2011/09/25 20:58:36 | 000,170,215 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000001
[2011/09/25 20:58:37 | 000,089,685 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000002
[2011/09/25 20:58:37 | 000,054,305 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000003
[2011/09/25 20:58:37 | 000,038,830 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000004
[2011/09/25 20:58:37 | 000,018,032 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000005
[2011/09/25 20:58:38 | 000,021,616 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000006
[2011/09/25 20:58:38 | 000,539,122 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000007
[2011/09/25 20:58:38 | 000,023,916 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000008
[2011/09/25 20:58:38 | 000,055,748 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000009
[2011/09/25 20:58:38 | 000,319,724 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00000a
[2011/09/25 20:58:38 | 000,273,534 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00000b
[2011/09/25 20:58:38 | 000,019,929 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00000c
[2011/09/25 20:58:38 | 000,216,019 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00000d
[2011/09/25 20:58:38 | 000,064,734 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00000e
[2011/09/25 20:58:38 | 000,018,675 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00000f
[2011/09/25 20:58:39 | 000,018,870 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000010
[2011/09/25 20:58:39 | 000,096,312 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000011
[2011/09/25 20:58:39 | 000,060,846 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000012
[2011/09/25 20:58:39 | 000,040,440 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000013
[2011/09/25 20:58:40 | 000,025,225 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000014
[2011/09/25 20:58:40 | 000,065,930 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000015
[2011/09/25 20:58:41 | 001,136,051 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000016
[2011/09/25 20:58:42 | 000,035,083 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000017
[2011/09/25 20:58:45 | 000,620,945 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000018
[2011/09/25 20:58:45 | 000,055,555 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000019
[2011/09/25 20:58:47 | 000,051,474 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00001a
[2011/09/25 20:58:49 | 000,735,236 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00001b
[2011/09/25 20:58:49 | 000,651,099 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00001c
[2011/09/25 20:58:49 | 000,063,887 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00001d
[2011/09/25 20:58:49 | 000,448,927 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00001e
[2011/09/25 20:58:49 | 000,282,535 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00001f
[2011/09/25 20:58:50 | 000,064,261 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000020
[2011/09/25 20:58:50 | 000,650,101 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000021
[2011/09/25 20:58:54 | 000,027,287 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000022
[2011/09/25 20:58:54 | 000,021,325 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000023
[2011/09/25 20:58:54 | 000,024,494 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000024
[2011/09/25 20:58:55 | 000,049,680 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000025
[2011/09/25 20:58:55 | 000,252,656 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000026
[2011/09/25 20:58:55 | 000,635,647 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000027
[2011/09/25 20:58:55 | 000,054,217 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000028
[2011/09/25 20:58:56 | 000,111,072 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000029
[2011/09/25 20:58:56 | 000,017,363 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00002a
[2011/09/25 20:58:57 | 000,208,104 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00002b
[2011/09/25 20:58:57 | 000,370,598 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00002c
[2011/09/25 20:58:57 | 000,114,932 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00002d
[2011/09/25 20:58:58 | 000,487,507 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00002e
[2011/09/25 20:58:58 | 000,070,877 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00002f
[2011/09/25 20:58:58 | 000,450,288 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000030
[2011/09/25 20:58:58 | 000,019,614 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000031
[2011/09/25 20:58:58 | 000,019,659 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000032
[2011/09/25 20:58:58 | 000,072,798 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000033
[2011/09/25 20:58:59 | 000,547,581 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000034
[2011/09/25 20:58:59 | 000,229,707 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000035
[2011/09/25 20:58:59 | 000,123,360 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000036
[2011/09/25 20:58:59 | 000,140,269 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000037
[2011/09/25 20:59:00 | 000,215,792 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000038
[2011/09/25 20:59:00 | 000,400,039 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000039
[2011/09/25 20:59:00 | 000,507,744 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00003a
[2011/09/25 20:59:00 | 000,071,662 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00003b
[2011/09/25 20:59:03 | 000,125,304 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00003c
[2011/09/25 20:59:03 | 000,389,565 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00003d
[2011/09/25 20:59:03 | 000,018,431 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00003e
[2011/09/25 20:59:03 | 000,019,549 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00003f
[2011/09/25 20:59:04 | 000,019,385 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000040
[2011/09/25 20:59:04 | 000,018,191 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000041
[2011/09/25 20:59:04 | 000,072,394 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000042
[2011/09/25 20:59:04 | 000,058,601 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000043
[2011/09/25 20:59:05 | 000,163,220 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000044
[2011/09/25 20:59:05 | 000,064,891 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000045
[2011/09/25 20:59:05 | 000,017,478 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000046
[2011/09/25 20:59:05 | 000,019,621 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000047
[2011/09/25 20:59:05 | 000,053,192 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000048
[2011/09/25 20:59:05 | 000,018,705 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000049
[2011/09/25 20:59:05 | 000,117,595 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00004a
[2011/09/25 20:59:05 | 000,054,576 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00004b
[2011/09/25 20:59:05 | 000,105,244 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00004c
[2011/09/25 20:59:05 | 000,020,050 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00004d
[2011/09/25 20:59:06 | 000,038,126 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00004e
[2011/09/25 20:59:06 | 000,115,289 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00004f
[2011/09/25 20:59:06 | 000,226,219 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000050
[2011/09/25 20:59:06 | 000,055,050 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000051
[2011/09/25 20:59:06 | 000,241,608 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000052
[2011/09/25 20:59:06 | 000,050,051 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000053
[2011/09/25 20:59:06 | 000,030,151 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000054
[2011/09/25 20:59:06 | 000,017,568 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000055
[2011/09/25 20:59:07 | 000,037,522 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000056
[2011/09/25 20:59:07 | 000,020,846 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000057
[2011/09/25 20:59:07 | 000,036,547 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000058
[2011/09/25 20:59:07 | 000,194,983 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000059
[2011/09/25 20:59:07 | 000,095,920 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00005a
[2011/09/25 20:59:07 | 000,075,943 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00005b
[2011/09/25 20:59:07 | 000,038,097 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00005c
[2011/09/25 20:59:07 | 000,226,267 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00005d
[2011/09/25 20:59:07 | 000,061,993 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00005e
[2011/09/25 20:59:08 | 000,018,306 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00005f
[2011/09/25 20:59:08 | 000,016,606 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000060
[2011/09/25 20:59:08 | 000,041,274 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000061
[2011/09/25 20:59:08 | 000,017,640 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000062
[2011/09/25 20:59:08 | 000,023,258 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000063
[2011/09/25 20:59:08 | 000,091,358 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000064
[2011/09/25 20:59:08 | 000,023,544 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000065
[2011/09/25 20:59:08 | 000,353,399 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000066
[2011/09/25 20:59:08 | 000,023,428 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000067
[2011/09/25 20:59:08 | 000,075,892 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000068
[2011/09/25 20:59:08 | 000,036,337 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_000069
[2011/09/25 20:59:08 | 000,085,702 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00006a
[2011/09/25 20:59:09 | 000,564,889 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00006b
[2011/09/25 20:59:09 | 000,656,407 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00006c
[2011/09/25 20:59:09 | 000,029,419 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00006d
[2011/09/25 20:59:09 | 000,019,314 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00006e
[2011/09/25 20:59:10 | 000,056,781 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00006f
[2011/09/25 20:58:32 | 000,524,656 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\index
[2011/09/25 20:59:10 | 000,007,168 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db
[2011/09/25 20:58:24 | 000,020,257 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\128.png
[2011/09/25 20:58:24 | 000,000,920 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\16.png
[2011/09/25 20:58:24 | 000,000,714 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\manifest.json
[2011/09/25 20:58:24 | 000,000,176 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\_locales\ar\messages.json
[2011/09/25 20:58:24 | 000,000,296 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\_locales\bg\messages.json
[2011/09/25 20:58:24 | 000,000,104 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\_locales\ca\messages.json
[2011/09/25 20:58:24 | 000,000,105 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\_locales\cs\messages.json
[2011/09/25 20:58:24 | 000,000,107 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\_locales\da\messages.json
[2011/09/25 20:58:24 | 000,000,106 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\_locales\de\messages.json
[2011/09/25 20:58:24 | 000,000,296 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\_locales\el\messages.json
[2011/09/25 20:58:24 | 000,000,093 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\_locales\en\messages.json
[2011/09/25 20:58:23 | 000,000,083 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\_locales\en-GB\messages.json
[2011/09/25 20:58:24 | 000,000,131 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\_locales\es\messages.json
[2011/09/25 20:58:23 | 000,000,102 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\_locales\es-419\messages.json
[2011/09/25 20:58:24 | 000,000,112 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\_locales\et\messages.json
[2011/09/25 20:58:24 | 000,000,100 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\_locales\fi\messages.json
[2011/09/25 20:58:24 | 000,000,103 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\_locales\fil\messages.json
[2011/09/25 20:58:24 | 000,000,131 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\_locales\fr\messages.json
[2011/09/25 20:58:24 | 000,000,092 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\_locales\hr\messages.json
[2011/09/25 20:58:24 | 000,000,114 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\_locales\hu\messages.json
[2011/09/25 20:58:24 | 000,000,089 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\_locales\id\messages.json
[2011/09/25 20:58:24 | 000,000,097 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\_locales\it\messages.json
[2011/09/25 20:58:23 | 000,000,096 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\_locales\iw\messages.json
[2011/09/25 20:58:24 | 000,000,179 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\_locales\ja\messages.json
[2011/09/25 20:58:24 | 000,000,182 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\_locales\ko\messages.json
[2011/09/25 20:58:24 | 000,000,121 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\_locales\lt\messages.json
[2011/09/25 20:58:24 | 000,000,113 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\_locales\lv\messages.json
[2011/09/25 20:58:24 | 000,000,090 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\_locales\nl\messages.json
[2011/09/25 20:58:23 | 000,000,083 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\_locales\no\messages.json
[2011/09/25 20:58:24 | 000,000,099 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\_locales\pl\messages.json
[2011/09/25 20:58:23 | 000,000,090 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\_locales\pt-BR\messages.json
[2011/09/25 20:58:23 | 000,000,087 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\_locales\pt-PT\messages.json
[2011/09/25 20:58:24 | 000,000,113 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\_locales\ro\messages.json
[2011/09/25 20:58:24 | 000,000,220 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\_locales\ru\messages.json
[2011/09/25 20:58:24 | 000,000,092 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\_locales\sk\messages.json
[2011/09/25 20:58:24 | 000,000,095 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\_locales\sl\messages.json
[2011/09/25 20:58:24 | 000,000,236 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\_locales\sr\messages.json
[2011/09/25 20:58:24 | 000,000,113 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\_locales\sv\messages.json
[2011/09/25 20:58:24 | 000,000,200 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\_locales\th\messages.json
[2011/09/25 20:58:24 | 000,000,113 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\_locales\tr\messages.json
[2011/09/25 20:58:25 | 000,000,254 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\_locales\uk\messages.json
[2011/09/25 20:58:25 | 000,000,176 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\_locales\vi\messages.json
[2011/09/25 20:58:24 | 000,000,085 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\_locales\zh-CN\messages.json
[2011/09/25 20:58:24 | 000,000,082 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\_locales\zh-TW\messages.json
[2011/09/25 21:37:40 | 000,004,096 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_chrome.angrybirds.com_0.localstorage
[2011/09/25 20:11:55 | 000,000,000 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\User StyleSheets\Custom.css

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-10-30 07:00:19

< >

< >

< >

< End of report >

everything seems to be ok at the moment I will post again if i notice any problems. do you recomend any good free antivirus programs?

#11
SweetTech

Posted 03 November 2011 - 10:49 PM

Sir SpamAlot

Retired Staff
7,671 posts

Hello,

If you're looking for a free ant-virus program, then you may want to consider Microsoft Security Essentials.

Your logs appear to be clean, so if you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.

Time for some housekeeping
The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /Uninstall

NEXT:

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.
Copy and Paste the following code into the textbox.
```
:Commands
[ClearAllRestorePoints]
```
Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.

NEXT:

OTL Clean-Up

We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:

Reopen on your desktop.
Click on
You will be prompted to reboot your system. Please do so.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

NEXT:

All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===

Below I have included a number of recommendations for how to protect your computer against malware infections.

Updated Anti-Virus Program
It's essential that you have an updated anti-virus program running on your computer. You don't want to run more than one as it can cause program conflicts, as well as false positives

You can view an excellent list of Free Security Software programs that has been compiled by GeekstoGo.

Avoid P2P Programs

Remember that no matter how clean the program you're using for peer-to-peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via p2p filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

If you have any of these programs installed then I highly suggest you uninstall them.

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

Internet Browsers

Many of the users that I assist here on the forums, ask me which programs they can use to prevent themselves from getting infected again in the future. The best answer I can give you is too practice safe browsing.

Please consider using an alternative browser such as Google Chrome or Opera. They are both much more secure than Internet Explorer, immune to almost all known browser hijackers, and also have great built-in pop-up blockers.

I also suggest you make your Internet Explore more secure.

Make Internet Explorer more secure

Click Start > Run
Type Inetcpl.cpl & click OK
Click on the Security tab
Click Reset all zones to default level
Make sure the Internet Zone is selected & Click Custom level
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click OK, then Apply button and then OK to exit the Internet Properties page.

Extra Goodies

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
Strong passwords: How to create and use them then consider a password keeper, to keep all your passwords safe.
Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.
You should run an updated scan with MalwareBytes' Anti-Malware weekly. Instructions are included below:
- Open Malwarebytes' Anti-Malware
- Select the Update tab
- Click Check for Updates
Be weary of e-mails from unknown senders. Keep the following in mind as well: If it's to good to be true, then it more than likely is.
FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
- Green to go
- Yellow for caution
- Red to stop
WOT has an addon available for Chrome and Opera.
Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
Think Prevention.
PC Safety and Security--What Do I Need?.

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.

#12
SweetTech

Posted 15 November 2011 - 12:27 PM

Sir SpamAlot

Retired Staff
7,671 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.