Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

System won't load search engines or virus updates [Closed]


  • This topic is locked This topic is locked

#1
Dave Swanson

Dave Swanson

    Member

  • Member
  • PipPip
  • 11 posts
Good day, weird issue for me, system works well in safe mode, but in normal mode will not load any search engine, or virus update. Have run Malwarebytes & Norton (manually updated) and appears clean but still doesn't work right. Here is my OTL log, I know I'm probably missing something simple...

Attached Files

  • Attached File  OTL.Txt   62.89KB   35 downloads

  • 0

Advertisements


#2
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :yes:

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together :)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________


Scanning with GMER

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.


Posted Image
Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in your reply.

Notes:
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.



NEXT:



Re-Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:


What issues are you currently experiencing with your computer?
  • 0

#3
Dave Swanson

Dave Swanson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Here is my OTL.txt and Extras.txt, still won't update antivirus, or load search engine websites, Thanks.

OTL logfile created on: 11/21/2011 3:38:29 PM - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = F:\
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 44.30% Memory free
4.09 Gb Paging File | 3.08 Gb Available in Paging File | 75.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.78 Gb Total Space | 20.29 Gb Free Space | 18.32% Space Free | Partition Type: NTFS
Drive D: | 1.00 Gb Total Space | 1.00 Gb Free Space | 99.97% Space Free | Partition Type: FAT32
Drive F: | 3.72 Gb Total Space | 1.43 Gb Free Space | 38.53% Space Free | Partition Type: FAT32

Computer Name: CHERYL-PC | User Name: Maureen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/17 17:28:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2009/11/11 13:00:54 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009/04/10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/06/02 10:11:34 | 000,065,808 | ---- | M] (Bioscrypt Inc.) -- C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - [2008/06/10 10:13:58 | 000,018,944 | ---- | M] (Hewlett-Packard Development Company, L.P) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2008/06/05 16:07:52 | 000,256,512 | ---- | M] (SafeBoot International) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2008/06/02 10:06:56 | 000,112,400 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2008/06/02 10:06:50 | 000,137,488 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
SRV - [2008/05/15 14:11:12 | 001,176,824 | ---- | M] (AuthenTec, Inc.) [Disabled | Stopped] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2008/04/21 12:27:58 | 000,349,432 | ---- | M] (Hewlett-Packard Ltd) [Disabled | Stopped] -- C:\Windows\System32\flcdlock.exe -- (FLCDLOCK)
SRV - [2008/04/18 06:54:02 | 000,354,840 | R--- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMON.EXE -- (IAANTMON) Intel®
SRV - [2008/04/14 05:39:34 | 000,576,536 | ---- | M] (PDF Complete Inc) [Disabled | Stopped] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2008/04/08 05:12:50 | 001,112,560 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/01/20 19:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/11 11:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/10/19 00:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007/05/15 15:08:40 | 000,182,576 | ---- | M] (ActivIdentity) [Disabled | Stopped] -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)
SRV - [2006/12/22 06:31:50 | 000,108,712 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)


========== Driver Services (SafeList) ==========

DRV - [2011/05/13 17:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2011/05/13 17:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010/02/25 00:03:16 | 000,014,904 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBTTN.sys -- (HBtnKey)
DRV - [2009/04/29 06:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009/02/27 14:51:40 | 000,171,400 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)
DRV - [2009/02/27 14:51:36 | 000,149,512 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmx00.sys -- (SWMX00) Sierra Wireless USB MUX Driver (#00)
DRV - [2008/11/21 20:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/11/17 14:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/09/16 13:18:32 | 000,026,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/06/05 16:08:44 | 000,051,376 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2008/06/05 16:08:42 | 000,012,928 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\Windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2008/06/05 16:08:40 | 000,012,496 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\Windows\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2008/06/05 16:08:38 | 000,109,184 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2008/05/15 12:29:32 | 000,475,520 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2008/04/09 14:05:00 | 000,032,256 | R--- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DAMDrv.sys -- (DAMDrv)
DRV - [2008/02/13 12:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)
DRV - [2008/01/20 19:23:51 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2007/09/19 08:05:14 | 000,061,680 | ---- | M] (Bsecure Technologies, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\bsprotlh.sys -- (bsprotlh)
DRV - [2007/06/18 19:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/02/26 12:44:08 | 000,007,400 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\BSINIT.sys -- (bsinit_svc)
DRV - [2006/12/12 10:16:06 | 000,022,528 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emAudio.sys -- (emAudio)
DRV - [2005/12/21 08:14:52 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2005/12/21 08:14:52 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2005/12/21 08:14:52 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2005/09/23 22:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3538991759-4008017233-308032027-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1
IE - HKU\S-1-5-21-3538991759-4008017233-308032027-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3538991759-4008017233-308032027-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 61 30 7D E9 86 A5 CC 01 [binary data]
IE - HKU\S-1-5-21-3538991759-4008017233-308032027-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/09/16 22:06:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}: C:\Users\Cheryl\AppData\Roaming\Mozilla\FireFox\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/01 17:20:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/11/17 16:47:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maureen\AppData\Roaming\Mozilla\Extensions
[2011/11/01 17:20:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/06/25 12:11:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/09/28 23:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/28 17:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/11/08 11:54:13 | 000,437,362 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15069 more lines...
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKU\S-1-5-21-3538991759-4008017233-308032027-1005\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-3538991759-4008017233-308032027-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.111.1 192.168.111.1 192.168.111.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92D28D5C-63AE-47EE-BDF1-4FC3A2BC342F}: DhcpNameServer = 192.168.111.1 192.168.111.1 192.168.111.1
O20 - AppInit_DLLs: (C:\Windows\System32\APSHook.dll) -C:\Windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - AppInit_DLLs: (C:\Windows\System32\APSHook.dll) -C:\Windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - AppInit_DLLs: (APSHook.dll) -C:\Windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\Windows\System32\DeviceNP.dll (Hewlett-Packard Limited)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/17 16:46:57 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Roaming\Mozilla
[2011/11/17 16:46:57 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Local\Mozilla
[2011/11/16 14:47:30 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Roaming\Malwarebytes
[2011/11/16 12:31:26 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/11/10 19:10:11 | 000,000,000 | ---D | C] -- C:\Users\Maureen\Tracing
[2011/11/10 14:55:22 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Roaming\Macromedia
[2011/11/10 14:55:14 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Roaming\Adobe
[2011/11/10 14:51:27 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Roaming\Sierra Wireless
[2011/11/10 14:50:55 | 000,000,000 | R--D | C] -- C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/11/10 14:50:55 | 000,000,000 | R--D | C] -- C:\Users\Maureen\Searches
[2011/11/10 14:50:55 | 000,000,000 | R--D | C] -- C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/11/10 14:50:43 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Roaming\Identities
[2011/11/10 14:50:41 | 000,000,000 | R--D | C] -- C:\Users\Maureen\Contacts
[2011/11/10 14:49:26 | 000,000,000 | -HSD | C] -- C:\Users\Maureen\AppData\Local\Temporary Internet Files
[2011/11/10 14:49:26 | 000,000,000 | -HSD | C] -- C:\Users\Maureen\Templates
[2011/11/10 14:49:26 | 000,000,000 | -HSD | C] -- C:\Users\Maureen\Start Menu
[2011/11/10 14:49:26 | 000,000,000 | -HSD | C] -- C:\Users\Maureen\SendTo
[2011/11/10 14:49:26 | 000,000,000 | -HSD | C] -- C:\Users\Maureen\Recent
[2011/11/10 14:49:26 | 000,000,000 | -HSD | C] -- C:\Users\Maureen\PrintHood
[2011/11/10 14:49:26 | 000,000,000 | -HSD | C] -- C:\Users\Maureen\NetHood
[2011/11/10 14:49:26 | 000,000,000 | -HSD | C] -- C:\Users\Maureen\Documents\My Videos
[2011/11/10 14:49:26 | 000,000,000 | -HSD | C] -- C:\Users\Maureen\Documents\My Pictures
[2011/11/10 14:49:26 | 000,000,000 | -HSD | C] -- C:\Users\Maureen\Documents\My Music
[2011/11/10 14:49:26 | 000,000,000 | -HSD | C] -- C:\Users\Maureen\My Documents
[2011/11/10 14:49:26 | 000,000,000 | -HSD | C] -- C:\Users\Maureen\Local Settings
[2011/11/10 14:49:26 | 000,000,000 | -HSD | C] -- C:\Users\Maureen\AppData\Local\History
[2011/11/10 14:49:26 | 000,000,000 | -HSD | C] -- C:\Users\Maureen\Cookies
[2011/11/10 14:49:26 | 000,000,000 | -HSD | C] -- C:\Users\Maureen\Application Data
[2011/11/10 14:49:26 | 000,000,000 | -HSD | C] -- C:\Users\Maureen\AppData\Local\Application Data
[2011/11/10 14:49:25 | 000,000,000 | --SD | C] -- C:\Users\Maureen\AppData\Roaming\Microsoft
[2011/11/10 14:49:25 | 000,000,000 | R--D | C] -- C:\Users\Maureen\Videos
[2011/11/10 14:49:25 | 000,000,000 | R--D | C] -- C:\Users\Maureen\Saved Games
[2011/11/10 14:49:25 | 000,000,000 | R--D | C] -- C:\Users\Maureen\Pictures
[2011/11/10 14:49:25 | 000,000,000 | R--D | C] -- C:\Users\Maureen\Music
[2011/11/10 14:49:25 | 000,000,000 | R--D | C] -- C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/11/10 14:49:25 | 000,000,000 | R--D | C] -- C:\Users\Maureen\Links
[2011/11/10 14:49:25 | 000,000,000 | R--D | C] -- C:\Users\Maureen\Favorites
[2011/11/10 14:49:25 | 000,000,000 | R--D | C] -- C:\Users\Maureen\Downloads
[2011/11/10 14:49:25 | 000,000,000 | R--D | C] -- C:\Users\Maureen\Documents
[2011/11/10 14:49:25 | 000,000,000 | R--D | C] -- C:\Users\Maureen\Desktop
[2011/11/10 14:49:25 | 000,000,000 | R--D | C] -- C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/11/10 14:49:25 | 000,000,000 | -H-D | C] -- C:\Users\Maureen\AppData
[2011/11/10 14:49:25 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Local\temp
[2011/11/10 14:49:25 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Local\Microsoft Help
[2011/11/10 14:49:25 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Local\Microsoft
[2011/11/10 14:49:25 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Roaming\hpqLog
[2011/11/04 16:52:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/11/04 16:52:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/11/04 16:52:41 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/11/03 09:55:57 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/03 09:48:12 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/11/01 17:36:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/01 17:36:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/01 17:36:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/01 17:36:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/01 17:34:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/01 16:45:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2011/10/31 17:35:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/10/25 15:25:52 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/10/25 15:25:52 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/10/25 14:39:22 | 000,000,000 | ---D | C] -- C:\Windows\QLB
[2011/10/25 14:22:13 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2011/10/25 14:22:06 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/10/25 14:22:05 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/10/25 14:21:59 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/10/24 13:44:42 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/10/24 13:44:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/21 15:22:53 | 000,646,290 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/21 15:22:53 | 000,121,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/21 15:21:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/21 13:51:07 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/21 13:51:07 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/17 17:09:40 | 2073,321,472 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/17 17:08:50 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/11/17 16:20:41 | 000,000,680 | ---- | M] () -- C:\Users\Maureen\AppData\Local\d3d9caps.dat
[2011/11/16 10:59:27 | 000,041,580 | ---- | M] () -- C:\Users\Maureen\Documents\cc_20111116_105920.reg
[2011/11/10 19:28:22 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
[2011/11/10 19:28:22 | 000,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
[2011/11/10 14:54:22 | 000,000,943 | ---- | M] () -- C:\Users\Maureen\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/08 11:54:13 | 000,437,362 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/11/07 12:34:04 | 000,437,362 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20111108-115413.backup
[2011/11/03 09:48:02 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20111107-123404.backup
[2011/11/01 17:20:24 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/11/01 16:48:27 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/10/25 15:01:21 | 000,486,960 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/25 14:40:26 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/17 16:28:26 | 2073,321,472 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/16 16:44:17 | 000,000,680 | ---- | C] () -- C:\Users\Maureen\AppData\Local\d3d9caps.dat
[2011/11/16 10:59:23 | 000,041,580 | ---- | C] () -- C:\Users\Maureen\Documents\cc_20111116_105920.reg
[2011/11/10 19:27:59 | 000,001,905 | ---- | C] () -- C:\Windows\diagwrn.xml
[2011/11/10 19:27:59 | 000,001,905 | ---- | C] () -- C:\Windows\diagerr.xml
[2011/11/10 14:54:22 | 000,000,943 | ---- | C] () -- C:\Users\Maureen\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/10 14:51:04 | 000,000,949 | ---- | C] () -- C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/11/10 14:50:52 | 000,000,944 | ---- | C] () -- C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/11/10 14:50:40 | 000,000,915 | ---- | C] () -- C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2011/11/10 14:49:25 | 000,000,258 | ---- | C] () -- C:\Users\Maureen\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/11/10 14:49:25 | 000,000,240 | ---- | C] () -- C:\Users\Maureen\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/11/01 17:36:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/01 17:36:48 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/01 17:36:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/01 17:36:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/01 17:36:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/01 17:20:24 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/11/01 17:20:24 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/25 14:40:26 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
[2011/01/11 00:19:29 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011/01/11 00:19:29 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011/01/11 00:19:29 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011/01/11 00:19:29 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011/01/11 00:19:29 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011/01/11 00:19:29 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011/01/11 00:19:29 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011/01/11 00:19:29 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011/01/11 00:19:29 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011/01/11 00:19:29 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011/01/11 00:19:29 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011/01/11 00:19:29 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011/01/11 00:19:29 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011/01/11 00:19:29 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011/01/11 00:19:29 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011/01/11 00:19:29 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/12/10 18:44:56 | 000,468,269 | ---- | C] () -- C:\Windows\hphins33.dat.temp
[2009/12/10 18:44:56 | 000,000,586 | ---- | C] () -- C:\Windows\hphmdl33.dat.temp
[2009/09/16 22:00:27 | 000,157,656 | ---- | C] () -- C:\Windows\hphins33.dat
[2009/06/25 15:54:12 | 000,000,399 | ---- | C] () -- C:\Windows\System32\Remover.ini
[2009/06/25 15:54:11 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP207.ini
[2009/06/23 07:10:17 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/06/23 07:09:59 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/23 07:08:49 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/06/23 07:08:49 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/05/22 02:32:14 | 000,000,586 | ---- | C] () -- C:\Windows\hphmdl33.dat
[2009/03/26 15:22:56 | 000,007,400 | ---- | C] () -- C:\Windows\System32\drivers\BSINIT.sys
[2009/03/11 13:46:43 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009/03/09 21:51:38 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009/03/09 15:47:17 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2009/03/09 15:47:17 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2009/03/09 15:47:17 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2009/03/09 15:47:17 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2009/03/09 15:47:16 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2009/03/09 15:47:16 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2009/03/09 15:15:56 | 000,000,571 | ---- | C] () -- C:\Windows\HBCIKRNL.INI
[2009/03/09 15:10:42 | 002,144,744 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009/03/09 15:10:42 | 000,469,344 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009/03/09 15:10:42 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1488.dll
[2009/03/09 15:10:42 | 000,100,900 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2009/03/09 15:09:53 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/09/16 13:18:32 | 000,026,888 | ---- | C] () -- C:\Windows\System32\drivers\swmsflt.sys
[2008/06/05 16:08:38 | 000,109,184 | ---- | C] () -- C:\Windows\System32\drivers\SafeBoot.sys
[2008/04/21 10:43:54 | 000,294,912 | ---- | C] () -- C:\Windows\System32\flcdlmsg.dll
[2006/11/02 05:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:47:43 | 000,486,960 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 03:33:01 | 000,646,290 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,121,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/04/03 20:30:00 | 000,110,592 | ---- | C] () -- C:\Windows\System32\scardsyn.dll
[2001/11/14 11:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1998/05/07 01:10:00 | 000,069,632 | ---- | C] () -- C:\Windows\System32\ODMA32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

OTL Extras logfile created on: 11/21/2011 3:38:29 PM - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = F:\
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 44.30% Memory free
4.09 Gb Paging File | 3.08 Gb Available in Paging File | 75.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.78 Gb Total Space | 20.29 Gb Free Space | 18.32% Space Free | Partition Type: NTFS
Drive D: | 1.00 Gb Total Space | 1.00 Gb Free Space | 99.97% Space Free | Partition Type: FAT32
Drive F: | 3.72 Gb Total Space | 1.43 Gb Free Space | 38.53% Space Free | Partition Type: FAT32

Computer Name: CHERYL-PC | User Name: Maureen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3538991759-4008017233-308032027-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Sierra Wireless Inc\Watcher\SwiApiMux.exe" = C:\Program Files\Sierra Wireless Inc\Watcher\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)
"C:\Program Files\Sierra Wireless Inc\Watcher\TRUUpdater.exe" = C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe:*:Enabled:TRUUpdater -- (Sierra Wireless, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0888A0A5-A0CC-4079-B16C-02E3D0C44CDC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0F4A98EA-7E58-400D-AB1C-BB46D5C72F86}" = lport=445 | protocol=6 | dir=in | app=system |
"{33E3D512-875F-4F46-B667-35EFAD40948A}" = rport=445 | protocol=6 | dir=out | app=system |
"{5E0A3D00-2CD1-402D-B2D2-B0F77CF6166F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7A431B07-4568-49BD-9F00-EC4BC4A20CA9}" = rport=137 | protocol=17 | dir=out | app=system |
"{AF890E49-654E-41FE-B56D-DCBD67A3D13B}" = rport=138 | protocol=17 | dir=out | app=system |
"{CEA09407-98CB-424F-87A1-8CF11E0B6332}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EB900985-EF83-4820-A241-2A8097038E31}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{EBA37E7C-2F9D-44CB-A16A-1AD5084C0E82}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{EEF8C286-7D44-4FFD-8B01-6D2ACD5F89D8}" = lport=139 | protocol=6 | dir=in | app=system |
"{F0AD3785-9E8E-443E-BABF-EDCE1965F9DE}" = rport=139 | protocol=6 | dir=out | app=system |
"{F0CE46FD-F4E3-4602-A751-F93C3035EE6E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{F44D6C8E-10FB-451F-BD49-8DF88AE59A46}" = lport=137 | protocol=17 | dir=in | app=system |
"{F779F076-2303-4F4B-A240-543DB16CDBCF}" = lport=138 | protocol=17 | dir=in | app=system |
"{F7BE36AE-884D-49E1-B9F8-F984F169E1F3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0200B1D9-238D-42C5-AAE0-F8030F53877C}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\umi.exe |
"{02324936-BD9F-42D2-93ED-1B175D1FE903}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{07BCC7BD-52A8-4995-B2BB-74AE5D0634B2}" = protocol=58 | dir=in | [email protected],-28545 |
"{0E5CC987-F676-4336-A201-506F61D0CB06}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{0F0E6A99-1A6F-4045-8A1B-A24961481F40}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{0F18CFFC-58EC-4054-843A-87610EF8B1BC}" = protocol=58 | dir=out | [email protected],-28546 |
"{1A1E88F7-0869-4821-8095-D0B8DBE7D447}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{1B383235-F17C-4103-8054-C63548DFCC03}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{2D60F119-A177-499C-B27C-C9E4A71EA20B}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{40E9143C-FD20-410A-A8A6-48D536F71DA6}" = protocol=1 | dir=in | [email protected],-28543 |
"{4CF2C8D8-44E9-44D2-A58A-6FEB3ABCC08F}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{505377ED-2DF1-4DAA-82A3-7FE88D28E363}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{53599CD6-73BC-4290-BE18-3A231EB3AF04}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{5A50CD88-E66B-4DBE-857D-6D06C4AD7A49}" = protocol=1 | dir=out | [email protected],-28544 |
"{606107EF-5E02-4FB9-8C2D-7F835DC1AEFF}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{64F689DF-F270-4EEC-B89E-2ED17924EC48}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{6E2B80CA-360B-4A92-B55B-0875DA19D194}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{7B550F7F-192B-4B90-B27D-7FB5C25DFE11}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{7E587B3B-5452-4607-B021-0F66414DAC81}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{8A6BE5F8-8E13-4218-BEDC-5305C1056D2F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{91847F3C-DA5D-4993-A431-59372D8C6E19}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\rm.exe |
"{947B476A-474E-40BF-B084-ADB0F689D485}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{970A2CC0-1E28-480C-9F2C-EB69E5C167FF}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{97994F1B-8F66-43F9-AE2C-7C28CFCB4938}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{9E2F0EEF-08F9-4080-ABCD-4ACC8F0AC4FB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{A156CE43-0AD8-416F-B337-9A0067A66083}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{A6F271DF-A55B-41FF-BED6-03AD16E35B82}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{ADF49E65-3055-45E0-B42F-83FAD07366C7}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{AECA0074-D8B4-43D0-B02C-DD3CDFB532D9}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{B590482E-747A-4C02-BA79-BAB87E53E293}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{B6E202D8-E063-4FDE-B0C3-9EB1DBE9F253}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{CB6AD9A2-7853-4B29-8853-4337BD480FB6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D06E69C0-4A46-469B-8603-3A71BEB7DAAE}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{D159997D-D97A-4A0B-B453-40005ED6AAFA}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\rm.exe |
"{DA0CBD51-17BF-479C-992B-223E23C86403}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E85D2470-98BF-4280-979F-CB1014725CA9}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\studio.exe |
"{FA27CDB6-C80A-44A2-B2E7-079C848E2937}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\umi.exe |
"{FA4ACB20-97FC-43D5-ADE3-7F7553176C3A}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\studio.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6200
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{207A8D54-51C9-48B6-80E6-CBA5403B3ED4}" = Vista Default Settings
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{244E21B9-164C-4EC1-AED8-9BD64161E66D}" = ArcSoft VideoImpression 2
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{2CD0168D-FBBC-4667-8810-105CB6EC6348}" = HP Deskjet D1600 Printer Driver Software 13.0 Rel .6
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{48DC0314-8310-4D35-B52D-878B5255F26A}" = HP JavaCard for HP ProtectTools
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4C203E35-B5C7-4E35-9834-619668C0FFEE}" = HP 3D DriveGuard
"{4F0F82CF-F03A-4681-8606-C4FB3AE30E3A}" = Adobe Photoshop Elements 5.0.2 Patcher
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{5727583F-3530-45FD-B09E-7E1CB6C135AD}" = DJ_SF_06_D1600_SW_Min
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{583C712B-884A-424A-9DAC-F169C73FB275}" = Credential Manager for HP ProtectTools
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{63C8FE88-478F-4E14-ADD0-B55227CC3234}" = Personalize Your PC
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Driver
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{819F6BAD-35DA-4094-BCE6-F57AACE116D1}" = ESU for Microsoft Vista SP1
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8595812B-9104-4196-B629-FD298D819399}" = HP User Guides 0097
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8DF92D68-F8EE-4F9C-89A2-26254C1C4B6B}" = HP Help and Support
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{983980FC-66FB-4ECC-A5D8-4565BE217733}" = SCR3xxx Smart Card Reader
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9CDB5063-D699-42BA-9135-7B8C4ECAC856}" = BIOS Configuration for HP ProtectTools
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient 6.1 x86
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C1212AE3-DBB9-4365-8473-F8ABC7B06BBB}" = Pinnacle Instant DVD Recorder
"{C1D11949-25D7-4C0F-AA72-7759FD8A089B}" = Sierra Wireless Watcher
"{C26B06A9-27BB-45B0-9873-9C623EC2BA38}" = iTunes
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C43F0316-CAA1-45C3-AAA7-B2E52D7AE8CA}" = HP ProtectTools Security Manager
"{C679F9B9-C65D-4C65-BD6C-BF90B859E281}" = PC [email protected]
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D041EB9E-890A-4098-8F94-51DA194AC72A}" = Pinnacle Studio 12
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EAE8CF06-28CA-4213-839C-A32817A47E00}" = D1600
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB05CD66-D5EC-4B2A-8C6C-D434133323F4}" = Drive Encryption for HP ProtectTools
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom NetXtreme Ethernet Controller
"{FECEF9D2-9D3D-449B-9EA4-CFA775C99461}" = AuthenTec Fingerprint System
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AVS Ringtone Maker 1.6_is1" = AVS Ringtone Maker version 1.6
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"BitTorrent" = BitTorrent
"BitTorrentBar Toolbar" = BitTorrentBar Toolbar
"BookSmart® 2.5.1 2.5.1" = BookSmart® 2.5.1 2.5.1
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"FrostWire" = FrostWire 4.21.8
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InetCntrl" = D-Link SecureSpot Thin Client
"LimeWire" = LimeWire 4.18.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"PDF Complete" = PDF Complete
"PROHYBRIDR" = 2007 Microsoft Office system
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/16/2011 5:44:40 PM | Computer Name = Cheryl-PC | Source = EventSystem | ID = 4609
Description =

Error - 11/16/2011 7:13:36 PM | Computer Name = Cheryl-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/16/2011 7:35:15 PM | Computer Name = Cheryl-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/16/2011 7:43:04 PM | Computer Name = Cheryl-PC | Source = EventSystem | ID = 4609
Description =

Error - 11/16/2011 7:44:14 PM | Computer Name = Cheryl-PC | Source = EventSystem | ID = 4609
Description =

Error - 11/17/2011 7:09:56 PM | Computer Name = Cheryl-PC | Source = EventSystem | ID = 4609
Description =

Error - 11/17/2011 7:10:05 PM | Computer Name = Cheryl-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/17/2011 7:14:02 PM | Computer Name = Cheryl-PC | Source = EventSystem | ID = 4609
Description =

Error - 11/17/2011 7:29:59 PM | Computer Name = Cheryl-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/17/2011 8:11:12 PM | Computer Name = Cheryl-PC | Source = WinMgmt | ID = 10
Description =

[ Credential Manager Events ]
Error - 7/8/2011 5:18:25 AM | Computer Name = Cheryl-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. User:
[email protected] Client GUID: {Password} Error: 0xC516020B Client Host: localhost Client
Address: 127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

Error - 7/8/2011 5:18:25 AM | Computer Name = Cheryl-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected] Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 7/8/2011 5:18:34 AM | Computer Name = Cheryl-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. User:
[email protected] Client GUID: {Password} Error: 0xC516020B Client Host: localhost Client
Address: 127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

Error - 7/8/2011 5:18:34 AM | Computer Name = Cheryl-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected] Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 7/8/2011 5:19:22 AM | Computer Name = Cheryl-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected] Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 7/8/2011 5:19:22 AM | Computer Name = Cheryl-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. User:
[email protected] Client GUID: {Password} Error: 0xC516020B Client Host: localhost Client
Address: 127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

Error - 7/8/2011 5:22:13 AM | Computer Name = Cheryl-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected] Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 7/8/2011 5:22:13 AM | Computer Name = Cheryl-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. User:
[email protected] Client GUID: {Password} Error: 0xC516020B Client Host: localhost Client
Address: 127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

Error - 7/8/2011 5:22:29 AM | Computer Name = Cheryl-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. User:
[email protected] Client GUID: {Password} Error: 0xC516020B Client Host: localhost Client
Address: 127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

Error - 7/8/2011 5:22:29 AM | Computer Name = Cheryl-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected] Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

[ System Events ]
Error - 11/18/2011 2:43:57 PM | Computer Name = Cheryl-PC | Source = BROWSER | ID = 8032
Description =

Error - 11/18/2011 6:04:48 PM | Computer Name = Cheryl-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 11/18/2011 6:53:27 PM | Computer Name = Cheryl-PC | Source = bowser | ID = 8003
Description =

Error - 11/18/2011 7:11:56 PM | Computer Name = Cheryl-PC | Source = bowser | ID = 8003
Description =

Error - 11/18/2011 7:17:12 PM | Computer Name = Cheryl-PC | Source = bowser | ID = 8003
Description =

Error - 11/18/2011 7:29:12 PM | Computer Name = Cheryl-PC | Source = bowser | ID = 8003
Description =

Error - 11/19/2011 1:51:57 PM | Computer Name = Cheryl-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 11/21/2011 6:21:35 PM | Computer Name = Cheryl-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 11/21/2011 6:22:43 PM | Computer Name = Cheryl-PC | Source = bowser | ID = 8003
Description =

Error - 11/21/2011 6:25:38 PM | Computer Name = Cheryl-PC | Source = bowser | ID = 8003
Description =


< End of report >

Attached Files

  • Attached File  gmer.txt   810.06KB   45 downloads

  • 0

#4
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Good Evening!

From your logs I can see that TDSSKiller was run as well as ComboFix.

Can you please post those log files for me to review?

You can find the TDSSKiller and ComboFix log files in your C:\ drive.

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
    O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
    O3 - HKU\S-1-5-21-3538991759-4008017233-308032027-1005\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
    O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
    [2011/11/07 12:34:04 | 000,437,362 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20111108-115413.backup
    [2011/11/03 09:48:02 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20111107-123404.backup
    
    :Reg
    
    :Files
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

  • 0

#5
Dave Swanson

Dave Swanson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OTL Fix log

========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
All processes killed
Error: Unable to interpret <:OTLIE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found> in the current context!
Error: Unable to interpret <O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)> in the current context!
Error: Unable to interpret <O3 - HKU\S-1-5-21-3538991759-4008017233-308032027-1005\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.> in the current context!
Error: Unable to interpret <O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)> in the current context!
Error: Unable to interpret <O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)> in the current context!
Error: Unable to interpret <[2011/11/07 12:34:04 | 000,437,362 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20111108-115413.backup> in the current context!
Error: Unable to interpret <[2011/11/03 09:48:02 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20111107-123404.backup> in the current context!
========== REGISTRY ==========
========== FILES ==========
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\Windows\system32\drivers\etc\hosts
F:\cmd.bat deleted successfully.
F:\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
F:\cmd.bat deleted successfully.
F:\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully


[EMPTYFLASH]

User: All Users

User: Cheryl
->Flash cache emptied: 1067 bytes

User: Default

User: Default User

User: Guest

User: Maureen
->Flash cache emptied: 2412 bytes

User: Mom & Dad
->Flash cache emptied: 749 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 11222011_110624

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


ComboFix 11-11-01.04 - Cheryl 11/01/2011 18:39:54.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.1976.798 [GMT -6:00]
Running from: F:\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Fast Browser Search
c:\program files\Fast Browser Search\1.bat
c:\program files\Fast Browser Search\about.html
c:\program files\Fast Browser Search\affid.dat
c:\program files\Fast Browser Search\basis.xml
c:\program files\Fast Browser Search\basis_br.xml
c:\program files\Fast Browser Search\basis_de.xml
c:\program files\Fast Browser Search\basis_en.xml
c:\program files\Fast Browser Search\basis_es.xml
c:\program files\Fast Browser Search\basis_fr.xml
c:\program files\Fast Browser Search\basis_it.xml
c:\program files\Fast Browser Search\basis_nr.xml
c:\program files\Fast Browser Search\basis_pt.xml
c:\program files\Fast Browser Search\basis_ru.xml
c:\program files\Fast Browser Search\basis_tr.xml
c:\program files\Fast Browser Search\BHO.dll
c:\program files\Fast Browser Search\ClearRecycleBin.exe
c:\program files\Fast Browser Search\error.html
c:\program files\Fast Browser Search\fbsProtection.xml
c:\program files\Fast Browser Search\FbsSearchProvider.xml
c:\program files\Fast Browser Search\FbsSearchProviderIE8.exe
c:\program files\Fast Browser Search\FBStoolbar.dll
c:\program files\Fast Browser Search\fbstoolbar.jar
c:\program files\Fast Browser Search\fbstoolbar.manifest
c:\program files\Fast Browser Search\icons.bmp
c:\program files\Fast Browser Search\IE\basis.xml
c:\program files\Fast Browser Search\IE\fbsSearchProvider.xml
c:\program files\Fast Browser Search\IE\FBStoolbar.exe
c:\program files\Fast Browser Search\IE\sgpUpdater.exe
c:\program files\Fast Browser Search\IE\sgpUpdater.xml
c:\program files\Fast Browser Search\IE\SGPUpdaterS.exe
c:\program files\Fast Browser Search\IE\tbhelper.dll
c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js
c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js
c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js
c:\program files\Fast Browser Search\IE\Toolbar Help.htm
c:\program files\Fast Browser Search\ie3sh.exe
c:\program files\Fast Browser Search\info.txt
c:\program files\Fast Browser Search\local.xml
c:\program files\Fast Browser Search\logobg.bmp
c:\program files\Fast Browser Search\MTWB3SH.dll
c:\program files\Fast Browser Search\MTWBtoolbar.html
c:\program files\Fast Browser Search\search.bmp
c:\program files\Fast Browser Search\search_br.bmp
c:\program files\Fast Browser Search\search_de.bmp
c:\program files\Fast Browser Search\search_es.bmp
c:\program files\Fast Browser Search\search_fr.bmp
c:\program files\Fast Browser Search\search_it.bmp
c:\program files\Fast Browser Search\search_pt.bmp
c:\program files\Fast Browser Search\search_ru.bmp
c:\program files\Fast Browser Search\SearchAssistant.dll
c:\program files\Fast Browser Search\SearchGuardPlus.ico
c:\program files\Fast Browser Search\SGPU.ico
c:\program files\Fast Browser Search\uninstall.exe
c:\program files\Fast Browser Search\uninstalSGP.exe
c:\program files\Fast Browser Search\uninstalSGPU.exe
c:\program files\Fast Browser Search\version.txt
c:\program files\Search Guard Plus
c:\program files\Search Guard Plus\fbsProtectionI.xml
c:\program files\Search Guard Plus\fbsSearchProvider.xml
c:\program files\Search Guard PlusU
c:\program files\Search Guard PlusU\sgpUpdater.exe
c:\program files\Search Guard PlusU\sgpUpdater.xml
c:\program files\Search Guard PlusU\sgpUpdaters.exe
c:\program files\SGPSA
.
.
((((((((((((((((((((((((( Files Created from 2011-10-03 to 2011-11-03 )))))))))))))))))))))))))))))))
.
.
2011-11-02 00:57 . 2011-11-03 16:48 -------- d-----w- c:\users\Cheryl\AppData\Local\temp
2011-11-02 00:57 . 2011-11-02 00:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-02 00:57 . 2011-11-02 00:57 -------- d-----w- c:\users\Mom & Dad\AppData\Local\temp
2011-11-02 00:57 . 2011-11-02 00:57 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-11-02 00:21 . 2011-11-02 00:21 -------- d-----w- c:\users\Cheryl\AppData\Local\Mozilla
2011-11-01 00:35 . 2011-11-01 00:35 127096 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-11-01 00:35 . 2011-11-01 00:59 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-11-01 00:35 . 2011-11-01 00:35 -------- d-----w- c:\program files\Symantec
2011-11-01 00:34 . 2011-11-01 00:34 -------- d-----w- c:\windows\system32\drivers\NIS
2011-11-01 00:34 . 2011-11-01 00:34 -------- d-----w- c:\program files\Norton Internet Security
2011-10-28 20:11 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{75F0A922-3DD7-41E0-8DF6-00EB2329C8D6}\mpengine.dll
2011-10-25 22:25 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-10-25 22:25 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-10-25 21:40 . 2011-10-25 21:40 -------- d-----w- c:\users\Default\AppData\Roaming\hpqLog
2011-10-25 21:39 . 2011-10-25 21:40 -------- d-----w- c:\windows\QLB
2011-10-25 21:22 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2011-10-25 21:22 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-10-25 21:22 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-10-25 21:22 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-10-25 21:22 . 2011-09-14 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-10-25 21:21 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-10-24 20:44 . 2011-10-24 20:44 -------- d-----w- c:\program files\Trend Micro
2011-10-18 21:33 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-18 21:33 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-18 21:33 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-18 21:33 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-18 21:33 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-10-15 00:42 . 2011-10-15 00:42 -------- d-----w- c:\users\Cheryl\AppData\Local\Conduit
2011-10-15 00:41 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-15 00:41 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-15 00:41 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-15 00:41 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-15 00:22 . 2011-10-26 22:58 -------- d-----w- c:\users\Mom & Dad\Tracing
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-31 23:00 . 2010-09-12 22:23 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-29 06:53 . 2011-11-02 00:20 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2008-06-10 238896]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-06-02 24848]
"WatcherHelper"="c:\program files\Sierra Wireless Inc\Watcher\WaHelper.exe" [2009-04-20 53248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2008-04-21 17:48 69632 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DVD Check.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DVD Check.lnk
backup=c:\windows\pss\DVD Check.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\accrdsub]
2007-05-15 22:08 293168 ----a-w- c:\program files\ActivIdentity\ActivClient\accrdsub.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2006-12-22 13:29 67752 ----a-w- c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2011-02-26 04:57 4772720 ----a-w- c:\program files\BitTorrent\BitTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-06-04 17:26 170520 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-04-15 19:42 70912 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 22:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2008-04-15 20:51 488752 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-04-18 13:53 178712 ----a-r- c:\program files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-06-04 17:27 150040 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InetCntrl]
2008-03-25 22:31 730416 ----a-w- c:\windows\System32\InetCntrl\InetCntrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-03-17 23:59 2289664 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC207_Monitor]
2007-12-10 21:55 323584 ----a-w- c:\windows\PixArt\PAC207\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
2008-04-14 12:39 318488 ----a-w- c:\program files\PDF Complete\pdfsty.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-06-04 17:26 141848 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 22:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2008-03-19 19:52 3842048 ----a-w- c:\program files\Analog Devices\SoundMAX\SoundMAX.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2008-04-04 15:10 1314816 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-10 17:55 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-03-14 03:36 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TRUUpdater]
2009-03-09 20:07 554264 ----a-w- c:\program files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB2Check]
2006-11-06 19:31 81920 ----a-w- c:\windows\System32\PCLECoInst.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2007-02-20 18:07 199752 ----a-w- c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
2008-05-23 23:23 197904 ----a-w- c:\program files\InterVideo\DVD Check\DVDCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3538991759-4008017233-308032027-1000]
"EnableNotificationsRef"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [2008-04-09 32256]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2008-04-21 349432]
R3 PAC207;PC [email protected];c:\windows\system32\DRIVERS\PFC027.SYS [2008-02-13 618112]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [2007-05-15 182576]
R4 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2008-04-14 576536]
R4 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-08 1112560]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1301010.003\SYMDS.SYS [2011-07-26 340088]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1301010.003\SYMEFA.SYS [2011-07-29 897656]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20110901.001\BHDrvx86.sys [2011-09-02 815736]
S1 bsprotlh;D-Link SecureSpot thin client;c:\windows\system32\DRIVERS\bsprotlh.sys [2007-09-19 61680]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1301010.003\ccSetx86.sys [2011-08-08 132744]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20110726.001\IDSVix86.sys [2011-07-21 368248]
S1 RsvLock;RsvLock; [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1301010.003\Ironx86.SYS [2011-07-26 149624]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\NIS\1301010.003\SYMTDIV.SYS [2011-07-26 344184]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2008-05-15 1176824]
S2 bsinit_svc;bsinit_svc;c:\windows\System32\Drivers\BSINIT.sys [2007-02-26 7400]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2008-06-10 18944]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2008-06-05 256512]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-14 26168]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\19.1.1.3\ccSvcHst.exe [2011-08-10 138760]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2008-05-15 475520]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-10-31 105592]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - BSafeFilter
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 23:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-01 c:\windows\Tasks\Norton Security Scan for Cheryl.job
- c:\program files\Norton Security Scan\Engine\3.0.1.8\Nss.exe [2011-02-01 14:06]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.111.1 192.168.111.1 192.168.111.1
FF - ProfilePath - c:\users\Cheryl\AppData\Roaming\Mozilla\Firefox\Profiles\gniabx2b.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKLM-Run-AirCardEnabler - (no file)
MSConfigStartUp-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
MSConfigStartUp-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.5\facemoodssrv.exe
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel
AddRemove-Yahoo! Toolbar - c:\progra~1\Yahoo!\Common\UNYT_W~1.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-03 10:49
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.1.1.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.1.1.3\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3538991759-4008017233-308032027-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Locales\e*n**ïÇbG]
"LP_LastUpdateTime"="1318976040"
"LP_LastCheckTime"=dword:4e9dfa2d
"LP_ReloadIntervalInHours"=dword:000002a0
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5648)
c:\program files\Hewlett-Packard\IAM\Bin\ItClient.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\AEADISRV.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-11-03 10:55:53 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-03 16:55
.
Pre-Run: 21,427,884,032 bytes free
Post-Run: 18,203,881,472 bytes free
.
- - End Of File - - D2670B3CFB0CBE28B4452838A7D882BF


12:29:26.0425 3808 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
12:29:27.0095 3808 ============================================================
12:29:27.0095 3808 Current date / time: 2011/11/16 12:29:27.0095
12:29:27.0095 3808 SystemInfo:
12:29:27.0095 3808
12:29:27.0095 3808 OS Version: 6.0.6002 ServicePack: 2.0
12:29:27.0095 3808 Product type: Workstation
12:29:27.0095 3808 ComputerName: CHERYL-PC
12:29:27.0095 3808 UserName: Maureen
12:29:27.0095 3808 Windows directory: C:\Windows
12:29:27.0095 3808 System windows directory: C:\Windows
12:29:27.0095 3808 Processor architecture: Intel x86
12:29:27.0095 3808 Number of processors: 2
12:29:27.0095 3808 Page size: 0x1000
12:29:27.0095 3808 Boot type: Normal boot
12:29:27.0095 3808 ============================================================
12:29:28.0047 3808 Initialize success
12:29:31.0385 1160 ============================================================
12:29:31.0385 1160 Scan started
12:29:31.0385 1160 Mode: Manual;
12:29:31.0385 1160 ============================================================
12:29:31.0994 1160 Accelerometer (cc1f1d3d70dc13c2c281488d347d4415) C:\Windows\system32\DRIVERS\Accelerometer.sys
12:29:31.0994 1160 Accelerometer - ok
12:29:32.0197 1160 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
12:29:32.0197 1160 ACPI - ok
12:29:32.0384 1160 ADIHdAudAddService (364a903711e84eb1386fa04106681b7a) C:\Windows\system32\drivers\ADIHdAud.sys
12:29:32.0399 1160 ADIHdAudAddService - ok
12:29:32.0555 1160 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
12:29:32.0571 1160 adp94xx - ok
12:29:32.0758 1160 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
12:29:32.0758 1160 adpahci - ok
12:29:32.0805 1160 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
12:29:32.0805 1160 adpu160m - ok
12:29:32.0914 1160 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
12:29:32.0914 1160 adpu320 - ok
12:29:33.0101 1160 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\Windows\system32\drivers\Afc.sys
12:29:33.0101 1160 Afc - ok
12:29:33.0179 1160 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
12:29:33.0195 1160 AFD - ok
12:29:33.0351 1160 AgereSoftModem (3712986cc3abf0dc656b43525b9d1279) C:\Windows\system32\DRIVERS\AGRSM.sys
12:29:33.0382 1160 AgereSoftModem - ok
12:29:33.0507 1160 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
12:29:33.0507 1160 agp440 - ok
12:29:33.0538 1160 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
12:29:33.0538 1160 aic78xx - ok
12:29:33.0569 1160 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
12:29:33.0569 1160 aliide - ok
12:29:33.0679 1160 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
12:29:33.0694 1160 amdagp - ok
12:29:33.0710 1160 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
12:29:33.0725 1160 amdide - ok
12:29:33.0835 1160 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
12:29:33.0835 1160 AmdK7 - ok
12:29:33.0866 1160 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
12:29:33.0866 1160 AmdK8 - ok
12:29:34.0037 1160 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
12:29:34.0037 1160 arc - ok
12:29:34.0069 1160 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
12:29:34.0069 1160 arcsas - ok
12:29:34.0240 1160 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
12:29:34.0240 1160 AsyncMac - ok
12:29:34.0287 1160 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
12:29:34.0287 1160 atapi - ok
12:29:34.0427 1160 ATSwpWDF (a9f9d1d24441889beb1aa2b917457e23) C:\Windows\system32\Drivers\ATSwpWDF.sys
12:29:34.0443 1160 ATSwpWDF - ok
12:29:34.0583 1160 b57nd60x (db76881f34e600fbb29bc3d7c854d056) C:\Windows\system32\DRIVERS\b57nd60x.sys
12:29:34.0583 1160 b57nd60x - ok
12:29:34.0646 1160 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
12:29:34.0646 1160 Beep - ok
12:29:34.0864 1160 BHDrvx86 (378a5e067c170dc6046226ba61ff205f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20110901.001\BHDrvx86.sys
12:29:34.0895 1160 BHDrvx86 - ok
12:29:35.0020 1160 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
12:29:35.0020 1160 blbdrive - ok
12:29:35.0161 1160 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
12:29:35.0161 1160 bowser - ok
12:29:35.0207 1160 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
12:29:35.0223 1160 BrFiltLo - ok
12:29:35.0317 1160 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
12:29:35.0317 1160 BrFiltUp - ok
12:29:35.0395 1160 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
12:29:35.0395 1160 Brserid - ok
12:29:35.0519 1160 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
12:29:35.0519 1160 BrSerWdm - ok
12:29:35.0566 1160 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
12:29:35.0566 1160 BrUsbMdm - ok
12:29:35.0597 1160 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
12:29:35.0613 1160 BrUsbSer - ok
12:29:35.0753 1160 BSafeFilter (3a5d367b6f2e3b1d0af93b4ad1b8073d) C:\Windows\system32\drivers\BSafFltr.sys
12:29:35.0753 1160 BSafeFilter - ok
12:29:35.0785 1160 bsinit_svc (e878c2f3f4ea0c7b2bd459f994eee9cb) C:\Windows\System32\Drivers\BSINIT.sys
12:29:35.0785 1160 bsinit_svc - ok
12:29:35.0909 1160 bsprotlh (0866ff32102348e1f1165a3c9b40dc34) C:\Windows\system32\DRIVERS\bsprotlh.sys
12:29:35.0909 1160 bsprotlh - ok
12:29:35.0972 1160 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
12:29:35.0972 1160 BthEnum - ok
12:29:36.0081 1160 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
12:29:36.0081 1160 BTHMODEM - ok
12:29:36.0143 1160 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
12:29:36.0143 1160 BthPan - ok
12:29:36.0268 1160 BTHPORT (73d53f8e90550ba81e2cf44a0873b410) C:\Windows\system32\Drivers\BTHport.sys
12:29:36.0268 1160 BTHPORT - ok
12:29:36.0299 1160 BTHUSB (32045a4bb143bbc5bab1298c4e9e309a) C:\Windows\system32\Drivers\BTHUSB.sys
12:29:36.0299 1160 BTHUSB - ok
12:29:36.0424 1160 btwaudio (99aeea7cefdfc6e4151a8f620d682088) C:\Windows\system32\drivers\btwaudio.sys
12:29:36.0424 1160 btwaudio - ok
12:29:36.0455 1160 btwavdt (195872e48a7fb01f8bc9b800f70f4054) C:\Windows\system32\drivers\btwavdt.sys
12:29:36.0471 1160 btwavdt - ok
12:29:36.0502 1160 btwrchid (0724e7d6c9b6a289eddda33fa8176e80) C:\Windows\system32\DRIVERS\btwrchid.sys
12:29:36.0502 1160 btwrchid - ok
12:29:36.0533 1160 catchme - ok
12:29:36.0658 1160 ccSet_NIS (2b2f9b4a08190334a9c36446b208bae9) C:\Windows\system32\drivers\NIS\1301010.003\ccSetx86.sys
12:29:36.0658 1160 ccSet_NIS - ok
12:29:36.0721 1160 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
12:29:36.0721 1160 cdfs - ok
12:29:36.0830 1160 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
12:29:36.0830 1160 cdrom - ok
12:29:36.0877 1160 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
12:29:36.0877 1160 circlass - ok
12:29:36.0986 1160 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
12:29:37.0001 1160 CLFS - ok
12:29:37.0142 1160 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
12:29:37.0142 1160 CmBatt - ok
12:29:37.0173 1160 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
12:29:37.0173 1160 cmdide - ok
12:29:37.0329 1160 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
12:29:37.0329 1160 Compbatt - ok
12:29:37.0360 1160 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
12:29:37.0360 1160 crcdisk - ok
12:29:37.0391 1160 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
12:29:37.0391 1160 Crusoe - ok
12:29:37.0532 1160 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
12:29:37.0547 1160 CSC - ok
12:29:37.0594 1160 DAMDrv (8c527985b06ebb114fee21391bf58ec3) C:\Windows\system32\DRIVERS\DAMDrv.sys
12:29:37.0594 1160 DAMDrv - ok
12:29:37.0719 1160 DCamUSBEMPIA (5118ea8a2f55fa4d4295516500b78229) C:\Windows\system32\DRIVERS\emDevice.sys
12:29:37.0735 1160 DCamUSBEMPIA - ok
12:29:37.0797 1160 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
12:29:37.0797 1160 DfsC - ok
12:29:37.0984 1160 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
12:29:37.0984 1160 disk - ok
12:29:38.0109 1160 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
12:29:38.0109 1160 Dot4 - ok
12:29:38.0234 1160 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
12:29:38.0234 1160 Dot4Print - ok
12:29:38.0327 1160 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
12:29:38.0327 1160 dot4usb - ok
12:29:38.0499 1160 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
12:29:38.0499 1160 drmkaud - ok
12:29:38.0624 1160 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
12:29:38.0639 1160 DXGKrnl - ok
12:29:38.0733 1160 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
12:29:38.0733 1160 E1G60 - ok
12:29:38.0858 1160 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
12:29:38.0858 1160 Ecache - ok
12:29:38.0983 1160 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
12:29:38.0998 1160 eeCtrl - ok
12:29:39.0123 1160 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
12:29:39.0139 1160 elxstor - ok
12:29:39.0279 1160 emAudio (200da4f1964c11b3c19a07f937394624) C:\Windows\system32\drivers\emAudio.sys
12:29:39.0279 1160 emAudio - ok
12:29:39.0388 1160 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:29:39.0388 1160 EraserUtilRebootDrv - ok
12:29:39.0497 1160 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
12:29:39.0497 1160 ErrDev - ok
12:29:39.0607 1160 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
12:29:39.0607 1160 exfat - ok
12:29:39.0731 1160 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
12:29:39.0731 1160 fastfat - ok
12:29:39.0794 1160 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
12:29:39.0794 1160 fdc - ok
12:29:39.0903 1160 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
12:29:39.0903 1160 FileInfo - ok
12:29:39.0965 1160 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
12:29:39.0965 1160 Filetrace - ok
12:29:40.0028 1160 FiltUSBEMPIA (6f87e4706f59463b74bc4fad0f67338f) C:\Windows\system32\DRIVERS\emFilter.sys
12:29:40.0028 1160 FiltUSBEMPIA - ok
12:29:40.0121 1160 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
12:29:40.0121 1160 flpydisk - ok
12:29:40.0184 1160 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
12:29:40.0199 1160 FltMgr - ok
12:29:40.0324 1160 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\Windows\system32\DRIVERS\fssfltr.sys
12:29:40.0324 1160 fssfltr - ok
12:29:40.0418 1160 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
12:29:40.0418 1160 Fs_Rec - ok
12:29:40.0511 1160 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
12:29:40.0511 1160 gagp30kx - ok
12:29:40.0558 1160 GEARAspiWDM (df6e37b27a9a1a498c6d9f29995b7a03) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:29:40.0558 1160 GEARAspiWDM - ok
12:29:40.0636 1160 HBtnKey (93aee3434935fc2f805fefd8dc5ed1b4) C:\Windows\system32\DRIVERS\cpqbttn.sys
12:29:40.0636 1160 HBtnKey - ok
12:29:40.0777 1160 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
12:29:40.0777 1160 HdAudAddService - ok
12:29:40.0855 1160 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:29:40.0870 1160 HDAudBus - ok
12:29:40.0964 1160 HidBth (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys
12:29:40.0964 1160 HidBth - ok
12:29:41.0042 1160 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
12:29:41.0042 1160 HidIr - ok
12:29:41.0104 1160 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
12:29:41.0104 1160 HidUsb - ok
12:29:41.0198 1160 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
12:29:41.0198 1160 HpCISSs - ok
12:29:41.0260 1160 hpdskflt (4ef10b866c62abbeaf7511cdd05a19be) C:\Windows\system32\DRIVERS\hpdskflt.sys
12:29:41.0260 1160 hpdskflt - ok
12:29:41.0401 1160 HpqKbFiltr (1210960ff8928950d2a786895b0c424a) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
12:29:41.0401 1160 HpqKbFiltr - ok
12:29:41.0494 1160 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
12:29:41.0494 1160 HTTP - ok
12:29:41.0572 1160 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
12:29:41.0588 1160 i2omp - ok
12:29:41.0697 1160 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
12:29:41.0713 1160 i8042prt - ok
12:29:41.0791 1160 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
12:29:41.0791 1160 iaStor - ok
12:29:41.0900 1160 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
12:29:41.0900 1160 iaStorV - ok
12:29:42.0087 1160 IDSVix86 (9bc8840de4140e8e2a6fc3192e054a8c) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20110726.001\IDSVix86.sys
12:29:42.0103 1160 IDSVix86 - ok
12:29:42.0259 1160 igfx (91af302d7172502436c34d3678b74eee) C:\Windows\system32\DRIVERS\igdkmd32.sys
12:29:42.0321 1160 igfx - ok
12:29:42.0430 1160 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
12:29:42.0430 1160 iirsp - ok
12:29:42.0461 1160 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
12:29:42.0477 1160 intelide - ok
12:29:42.0571 1160 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
12:29:42.0571 1160 intelppm - ok
12:29:42.0617 1160 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:29:42.0617 1160 IpFilterDriver - ok
12:29:42.0649 1160 IpInIp - ok
12:29:42.0695 1160 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
12:29:42.0695 1160 IPMIDRV - ok
12:29:42.0789 1160 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
12:29:42.0805 1160 IPNAT - ok
12:29:42.0836 1160 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
12:29:42.0836 1160 IRENUM - ok
12:29:42.0945 1160 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
12:29:42.0945 1160 isapnp - ok
12:29:43.0007 1160 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
12:29:43.0007 1160 iScsiPrt - ok
12:29:43.0117 1160 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
12:29:43.0117 1160 iteatapi - ok
12:29:43.0148 1160 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
12:29:43.0148 1160 iteraid - ok
12:29:43.0163 1160 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
12:29:43.0163 1160 kbdclass - ok
12:29:43.0288 1160 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
12:29:43.0288 1160 kbdhid - ok
12:29:43.0366 1160 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
12:29:43.0366 1160 KSecDD - ok
12:29:43.0507 1160 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
12:29:43.0522 1160 lltdio - ok
12:29:43.0569 1160 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
12:29:43.0569 1160 LSI_FC - ok
12:29:43.0600 1160 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
12:29:43.0600 1160 LSI_SAS - ok
12:29:43.0709 1160 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
12:29:43.0725 1160 LSI_SCSI - ok
12:29:43.0756 1160 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
12:29:43.0756 1160 luafv - ok
12:29:43.0881 1160 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\Windows\system32\DRIVERS\MarvinBus.sys
12:29:43.0881 1160 MarvinBus - ok
12:29:43.0928 1160 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
12:29:43.0928 1160 megasas - ok
12:29:44.0053 1160 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
12:29:44.0068 1160 MegaSR - ok
12:29:44.0115 1160 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
12:29:44.0115 1160 Modem - ok
12:29:44.0209 1160 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
12:29:44.0209 1160 monitor - ok
12:29:44.0287 1160 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\Windows\system32\DRIVERS\motmodem.sys
12:29:44.0287 1160 motmodem - ok
12:29:44.0380 1160 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
12:29:44.0396 1160 mouclass - ok
12:29:44.0411 1160 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
12:29:44.0411 1160 mouhid - ok
12:29:44.0427 1160 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
12:29:44.0443 1160 MountMgr - ok
12:29:44.0552 1160 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
12:29:44.0552 1160 mpio - ok
12:29:44.0583 1160 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
12:29:44.0599 1160 mpsdrv - ok
12:29:44.0723 1160 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
12:29:44.0723 1160 Mraid35x - ok
12:29:44.0786 1160 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
12:29:44.0786 1160 MRxDAV - ok
12:29:44.0911 1160 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:29:44.0911 1160 mrxsmb - ok
12:29:44.0973 1160 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:29:44.0973 1160 mrxsmb10 - ok
12:29:45.0145 1160 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:29:45.0145 1160 mrxsmb20 - ok
12:29:45.0223 1160 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
12:29:45.0238 1160 msahci - ok
12:29:45.0301 1160 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
12:29:45.0301 1160 msdsm - ok
12:29:45.0379 1160 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
12:29:45.0379 1160 Msfs - ok
12:29:45.0472 1160 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
12:29:45.0472 1160 msisadrv - ok
12:29:45.0550 1160 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
12:29:45.0550 1160 MSKSSRV - ok
12:29:45.0628 1160 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
12:29:45.0628 1160 MSPCLOCK - ok
12:29:45.0659 1160 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
12:29:45.0659 1160 MSPQM - ok
12:29:45.0722 1160 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
12:29:45.0737 1160 MsRPC - ok
12:29:45.0815 1160 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
12:29:45.0831 1160 mssmbios - ok
12:29:45.0862 1160 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
12:29:45.0862 1160 MSTEE - ok
12:29:45.0909 1160 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
12:29:45.0925 1160 Mup - ok
12:29:46.0049 1160 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
12:29:46.0049 1160 NativeWifiP - ok
12:29:46.0190 1160 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111031.002\NAVENG.SYS
12:29:46.0205 1160 NAVENG - ok
12:29:46.0283 1160 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111031.002\NAVEX15.SYS
12:29:46.0315 1160 NAVEX15 - ok
12:29:46.0455 1160 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
12:29:46.0455 1160 NDIS - ok
12:29:46.0502 1160 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
12:29:46.0502 1160 NdisTapi - ok
12:29:46.0580 1160 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
12:29:46.0595 1160 Ndisuio - ok
12:29:46.0642 1160 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
12:29:46.0642 1160 NdisWan - ok
12:29:46.0689 1160 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
12:29:46.0689 1160 NDProxy - ok
12:29:46.0783 1160 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
12:29:46.0783 1160 NetBIOS - ok
12:29:46.0845 1160 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
12:29:46.0845 1160 netbt - ok
12:29:47.0141 1160 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys
12:29:47.0266 1160 NETw5v32 - ok
12:29:47.0375 1160 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
12:29:47.0375 1160 nfrd960 - ok
12:29:47.0438 1160 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
12:29:47.0438 1160 Npfs - ok
12:29:47.0563 1160 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
12:29:47.0563 1160 nsiproxy - ok
12:29:47.0641 1160 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
12:29:47.0672 1160 Ntfs - ok
12:29:47.0765 1160 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
12:29:47.0765 1160 ntrigdigi - ok
12:29:47.0921 1160 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
12:29:47.0921 1160 NuidFltr - ok
12:29:47.0953 1160 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
12:29:47.0968 1160 Null - ok
12:29:48.0093 1160 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
12:29:48.0093 1160 nvraid - ok
12:29:48.0124 1160 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
12:29:48.0124 1160 nvstor - ok
12:29:48.0155 1160 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
12:29:48.0171 1160 nv_agp - ok
12:29:48.0249 1160 NwlnkFlt - ok
12:29:48.0623 1160 NwlnkFwd - ok
12:29:48.0733 1160 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
12:29:48.0733 1160 ohci1394 - ok
12:29:48.0857 1160 PAC207 (4a410c7aea51123519c20d43a20bce96) C:\Windows\system32\DRIVERS\PFC027.SYS
12:29:48.0873 1160 PAC207 - ok
12:29:48.0951 1160 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
12:29:48.0951 1160 Parport - ok
12:29:49.0045 1160 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
12:29:49.0045 1160 partmgr - ok
12:29:49.0138 1160 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
12:29:49.0138 1160 Parvdm - ok
12:29:49.0232 1160 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
12:29:49.0232 1160 pci - ok
12:29:49.0310 1160 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
12:29:49.0310 1160 pciide - ok
12:29:49.0388 1160 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
12:29:49.0388 1160 pcmcia - ok
12:29:49.0544 1160 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
12:29:49.0575 1160 PEAUTH - ok
12:29:49.0778 1160 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
12:29:49.0778 1160 PptpMiniport - ok
12:29:49.0809 1160 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
12:29:49.0809 1160 Processor - ok
12:29:49.0856 1160 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
12:29:49.0871 1160 PSched - ok
12:29:49.0996 1160 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
12:29:49.0996 1160 PxHelp20 - ok
12:29:50.0090 1160 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
12:29:50.0105 1160 ql2300 - ok
12:29:50.0230 1160 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
12:29:50.0230 1160 ql40xx - ok
12:29:50.0277 1160 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
12:29:50.0277 1160 QWAVEdrv - ok
12:29:50.0308 1160 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
12:29:50.0308 1160 RasAcd - ok
12:29:50.0433 1160 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:29:50.0433 1160 Rasl2tp - ok
12:29:50.0495 1160 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
12:29:50.0495 1160 RasPppoe - ok
12:29:50.0589 1160 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
12:29:50.0589 1160 RasSstp - ok
12:29:50.0620 1160 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
12:29:50.0620 1160 rdbss - ok
12:29:50.0667 1160 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:29:50.0667 1160 RDPCDD - ok
12:29:50.0792 1160 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
12:29:50.0807 1160 rdpdr - ok
12:29:50.0839 1160 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
12:29:50.0839 1160 RDPENCDD - ok
12:29:50.0963 1160 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
12:29:50.0963 1160 RDPWD - ok
12:29:51.0041 1160 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
12:29:51.0057 1160 RFCOMM - ok
12:29:51.0166 1160 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
12:29:51.0182 1160 RimUsb - ok
12:29:51.0244 1160 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
12:29:51.0244 1160 rspndr - ok
12:29:51.0338 1160 RsvLock (c0ef0f85c03e57686973932b6e46b172) C:\Windows\system32\drivers\RsvLock.sys
12:29:51.0338 1160 RsvLock - ok
12:29:51.0369 1160 SafeBoot (b48c00f75e7afcd122abb2ad87dfd270) C:\Windows\system32\drivers\SafeBoot.sys
12:29:51.0369 1160 Suspicious file (NoAccess): C:\Windows\system32\drivers\SafeBoot.sys. md5: b48c00f75e7afcd122abb2ad87dfd270
12:29:51.0369 1160 SafeBoot ( LockedFile.Multi.Generic ) - warning
12:29:51.0369 1160 SafeBoot - detected LockedFile.Multi.Generic (1)
12:29:51.0400 1160 SbAlg (5f1a459d5dd0feafb430328123be2836) C:\Windows\system32\drivers\SbAlg.sys
12:29:51.0400 1160 SbAlg - ok
12:29:51.0431 1160 SbFsLock (10cc92eab610dfe1e5bd68a38c76256b) C:\Windows\system32\drivers\SbFsLock.sys
12:29:51.0431 1160 SbFsLock - ok
12:29:51.0478 1160 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
12:29:51.0478 1160 sbp2port - ok
12:29:51.0603 1160 ScanUSBEMPIA (f5a633609777c212ec5ff19927fc5955) C:\Windows\system32\DRIVERS\emScan.sys
12:29:51.0619 1160 ScanUSBEMPIA - ok
12:29:51.0697 1160 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
12:29:51.0697 1160 secdrv - ok
12:29:51.0806 1160 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
12:29:51.0806 1160 Serenum - ok
12:29:51.0868 1160 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
12:29:51.0868 1160 Serial - ok
12:29:51.0962 1160 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
12:29:51.0962 1160 sermouse - ok
12:29:52.0024 1160 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
12:29:52.0024 1160 sffdisk - ok
12:29:52.0055 1160 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
12:29:52.0055 1160 sffp_mmc - ok
12:29:52.0071 1160 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
12:29:52.0087 1160 sffp_sd - ok
12:29:52.0180 1160 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
12:29:52.0180 1160 sfloppy - ok
12:29:52.0227 1160 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
12:29:52.0227 1160 sisagp - ok
12:29:52.0258 1160 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
12:29:52.0258 1160 SiSRaid2 - ok
12:29:52.0383 1160 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
12:29:52.0383 1160 SiSRaid4 - ok
12:29:52.0477 1160 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
12:29:52.0477 1160 Smb - ok
12:29:52.0601 1160 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
12:29:52.0601 1160 spldr - ok
12:29:52.0679 1160 SRTSP (2c5fbf6a00a4a3dcf643e46e8acb20c2) C:\Windows\system32\drivers\NIS\1301010.003\SRTSP.SYS
12:29:52.0695 1160 SRTSP - ok
12:29:52.0820 1160 SRTSPX (9034ea58552b55f370e5293a7175c5ac) C:\Windows\system32\drivers\NIS\1301010.003\SRTSPX.SYS
12:29:52.0820 1160 SRTSPX - ok
12:29:52.0882 1160 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
12:29:52.0898 1160 srv - ok
12:29:53.0007 1160 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
12:29:53.0007 1160 srv2 - ok
12:29:53.0038 1160 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
12:29:53.0054 1160 srvnet - ok
12:29:53.0116 1160 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
12:29:53.0132 1160 StillCam - ok
12:29:53.0303 1160 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
12:29:53.0303 1160 swenum - ok
12:29:53.0350 1160 swmsflt (eda7336cd2e334b4db321bc60b7da11e) C:\Windows\System32\drivers\swmsflt.sys
12:29:53.0366 1160 swmsflt - ok
12:29:53.0413 1160 SWMX00 (2bcdcf7e2a3a707e74ad4cdcb420225a) C:\Windows\system32\DRIVERS\swmx00.sys
12:29:53.0428 1160 SWMX00 - ok
12:29:53.0522 1160 SWNC5E00 (47edcd5fdd249e5273cb90e56be97a5d) C:\Windows\system32\DRIVERS\SWNC5E00.sys
12:29:53.0522 1160 SWNC5E00 - ok
12:29:53.0569 1160 SWUMX20 - ok
12:29:53.0693 1160 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
12:29:53.0693 1160 Symc8xx - ok
12:29:53.0787 1160 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\Windows\system32\drivers\NIS\1301010.003\SYMDS.SYS
12:29:53.0787 1160 SymDS - ok
12:29:53.0943 1160 SymEFA (a0c7005387bb6f055bb50bd8e779368b) C:\Windows\system32\drivers\NIS\1301010.003\SYMEFA.SYS
12:29:53.0959 1160 SymEFA - ok
12:29:54.0083 1160 SymEvent (98d28d08e68145fb550ee7670b43baf2) C:\Windows\system32\Drivers\SYMEVENT.SYS
12:29:54.0083 1160 SymEvent - ok
12:29:54.0161 1160 SymIRON (39c35ddbb570e9f334f239248e4de34d) C:\Windows\system32\drivers\NIS\1301010.003\Ironx86.SYS
12:29:54.0161 1160 SymIRON - ok
12:29:54.0286 1160 SYMTDIv (671753e39b8f12cf9b6bcefcb19f89b0) C:\Windows\system32\drivers\NIS\1301010.003\SYMTDIV.SYS
12:29:54.0286 1160 SYMTDIv - ok
12:29:54.0333 1160 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
12:29:54.0333 1160 Sym_hi - ok
12:29:54.0427 1160 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
12:29:54.0427 1160 Sym_u3 - ok
12:29:54.0536 1160 SynTP (0e8676fb3bb95aa40fdf7a4a31018c8b) C:\Windows\system32\DRIVERS\SynTP.sys
12:29:54.0583 1160 SynTP - ok
12:29:54.0754 1160 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
12:29:54.0770 1160 Tcpip - ok
12:29:54.0910 1160 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
12:29:54.0926 1160 Tcpip6 - ok
12:29:55.0051 1160 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
12:29:55.0051 1160 tcpipreg - ok
12:29:55.0097 1160 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
12:29:55.0097 1160 TDPIPE - ok
12:29:55.0191 1160 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
12:29:55.0191 1160 TDTCP - ok
12:29:55.0238 1160 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
12:29:55.0238 1160 tdx - ok
12:29:55.0363 1160 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
12:29:55.0378 1160 TermDD - ok
12:29:55.0487 1160 TPM (cb258c2f726f1be73c507022be33ebb3) C:\Windows\system32\drivers\tpm.sys
12:29:55.0487 1160 TPM - ok
12:29:55.0628 1160 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:29:55.0628 1160 tssecsrv - ok
12:29:55.0659 1160 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
12:29:55.0659 1160 tunmp - ok
12:29:55.0706 1160 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
12:29:55.0706 1160 tunnel - ok
12:29:55.0815 1160 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
12:29:55.0815 1160 uagp35 - ok
12:29:55.0877 1160 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
12:29:55.0877 1160 udfs - ok
12:29:55.0987 1160 UIUSys - ok
12:29:56.0033 1160 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
12:29:56.0033 1160 uliagpkx - ok
12:29:56.0065 1160 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
12:29:56.0080 1160 uliahci - ok
12:29:56.0111 1160 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
12:29:56.0111 1160 UlSata - ok
12:29:56.0221 1160 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
12:29:56.0236 1160 ulsata2 - ok
12:29:56.0267 1160 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
12:29:56.0267 1160 umbus - ok
12:29:56.0423 1160 USBAAPL (026f7f224f088ee11e383bca448fff81) C:\Windows\system32\Drivers\usbaapl.sys
12:29:56.0423 1160 USBAAPL - ok
12:29:56.0533 1160 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
12:29:56.0533 1160 usbccgp - ok
12:29:56.0642 1160 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
12:29:56.0642 1160 usbcir - ok
12:29:56.0689 1160 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
12:29:56.0689 1160 usbehci - ok
12:29:56.0813 1160 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
12:29:56.0813 1160 usbhub - ok
12:29:56.0860 1160 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
12:29:56.0860 1160 usbohci - ok
12:29:56.0969 1160 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
12:29:56.0969 1160 usbprint - ok
12:29:57.0001 1160 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
12:29:57.0001 1160 usbscan - ok
12:29:57.0063 1160 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:29:57.0063 1160 USBSTOR - ok
12:29:57.0157 1160 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
12:29:57.0157 1160 usbuhci - ok
12:29:57.0203 1160 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
12:29:57.0203 1160 vga - ok
12:29:57.0235 1160 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
12:29:57.0235 1160 VgaSave - ok
12:29:57.0359 1160 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
12:29:57.0359 1160 viaagp - ok
12:29:57.0391 1160 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
12:29:57.0391 1160 ViaC7 - ok
12:29:57.0469 1160 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
12:29:57.0469 1160 viaide - ok
12:29:57.0578 1160 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
12:29:57.0578 1160 volmgr - ok
12:29:57.0625 1160 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
12:29:57.0640 1160 volmgrx - ok
12:29:57.0749 1160 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
12:29:57.0765 1160 volsnap - ok
12:29:57.0827 1160 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
12:29:57.0827 1160 vsmraid - ok
12:29:57.0921 1160 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
12:29:57.0937 1160 WacomPen - ok
12:29:57.0952 1160 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
12:29:57.0968 1160 Wanarp - ok
12:29:57.0999 1160 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
12:29:57.0999 1160 Wanarpv6 - ok
12:29:58.0046 1160 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
12:29:58.0046 1160 Wd - ok
12:29:58.0124 1160 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
12:29:58.0124 1160 Wdf01000 - ok
12:29:58.0327 1160 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
12:29:58.0327 1160 WmiAcpi - ok
12:29:58.0483 1160 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
12:29:58.0483 1160 WpdUsb - ok
12:29:58.0561 1160 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
12:29:58.0561 1160 ws2ifsl - ok
12:29:58.0623 1160 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:29:58.0623 1160 WUDFRd - ok
12:29:58.0763 1160 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
12:29:58.0795 1160 \Device\Harddisk0\DR0 - ok
12:29:58.0795 1160 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk1\DR2
12:29:59.0185 1160 \Device\Harddisk1\DR2 - ok
12:29:59.0200 1160 Boot (0x1200) (d8b2061f9fbd1c97fd8c68831a0eacd7) \Device\Harddisk0\DR0\Partition0
12:29:59.0200 1160 \Device\Harddisk0\DR0\Partition0 - ok
12:29:59.0231 1160 Boot (0x1200) (11921d18c084f3673bba3ac78d5c389d) \Device\Harddisk0\DR0\Partition1
12:29:59.0231 1160 \Device\Harddisk0\DR0\Partition1 - ok
12:29:59.0247 1160 Boot (0x1200) (81ad8038f7c76cfd9091d3cc517730ff) \Device\Harddisk1\DR2\Partition0
12:29:59.0247 1160 \Device\Harddisk1\DR2\Partition0 - ok
12:29:59.0247 1160 ============================================================
12:29:59.0247 1160 Scan finished
12:29:59.0247 1160 ============================================================
12:29:59.0278 4696 Detected object count: 1
12:29:59.0278 4696 Actual detected object count: 1
12:31:26.0591 4696 C:\Windows\system32\drivers\SafeBoot.sys - copied to quarantine
12:31:26.0591 4696 SafeBoot ( LockedFile.Multi.Generic ) - User select action: Quarantine
12:31:34.0594 5284 Deinitialize success
  • 0

#6
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

Please delete the current copy of ComboFix from your desktop, and download a new copy from the link below.

Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

  • 0

#7
Dave Swanson

Dave Swanson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
ComboFix 11-11-22.02 - Maureen 11/22/2011 17:38:52.2.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.1976.1065 [GMT -7:00]
Running from: c:\users\Maureen\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-10-23 to 2011-11-23 )))))))))))))))))))))))))))))))
.
.
2011-11-23 00:49 . 2011-11-23 00:49 -------- d-----w- c:\users\Mom & Dad\AppData\Local\temp
2011-11-23 00:49 . 2011-11-23 00:49 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-11-23 00:49 . 2011-11-23 00:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-23 00:49 . 2011-11-23 00:49 -------- d-----w- c:\users\Cheryl\AppData\Local\temp
2011-11-16 19:31 . 2011-11-16 19:31 -------- d-----w- C:\TDSSKiller_Quarantine
2011-11-16 03:01 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-10 21:49 . 2011-11-16 03:02 -------- d-----w- c:\users\Maureen
2011-11-10 17:33 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-10 17:33 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-04 23:52 . 2011-11-08 18:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-11-04 23:52 . 2011-11-07 22:10 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-11-02 00:21 . 2011-11-02 00:21 -------- d-----w- c:\users\Cheryl\AppData\Local\Mozilla
2011-11-01 00:35 . 2011-11-17 23:28 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-10-28 20:11 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{75F0A922-3DD7-41E0-8DF6-00EB2329C8D6}\mpengine.dll
2011-10-25 22:25 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-10-25 22:25 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-10-25 21:40 . 2011-10-25 21:40 -------- d-----w- c:\users\Default\AppData\Roaming\hpqLog
2011-10-25 21:39 . 2011-10-25 21:40 -------- d-----w- c:\windows\QLB
2011-10-25 21:22 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2011-10-25 21:22 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-10-25 21:22 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-10-25 21:22 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-10-25 21:21 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-10-24 20:44 . 2011-10-24 20:44 -------- d-----w- c:\program files\Trend Micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-06 13:30 . 2011-10-18 21:33 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 02:35 . 2011-10-18 23:30 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28 . 2011-10-18 23:30 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22 . 2011-10-18 23:30 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-31 23:00 . 2010-09-12 22:23 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-25 16:15 . 2011-10-15 00:41 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:14 . 2011-10-15 00:41 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-25 16:14 . 2011-10-15 00:41 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-08-25 13:31 . 2011-10-15 00:41 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-29 06:53 . 2011-11-02 00:20 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2008-04-21 17:48 69632 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DVD Check.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DVD Check.lnk
backup=c:\windows\pss\DVD Check.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\accrdsub]
2007-05-15 22:08 293168 ----a-w- c:\program files\ActivIdentity\ActivClient\accrdsub.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2006-12-22 13:29 67752 ----a-w- c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2011-02-26 04:57 4772720 ----a-w- c:\program files\BitTorrent\BitTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CognizanceTS]
2008-06-02 17:06 24848 ----a-w- c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-06-04 17:26 170520 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-04-15 19:42 70912 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 22:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2008-04-15 20:51 488752 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-04-18 13:53 178712 ----a-r- c:\program files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-06-04 17:27 150040 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InetCntrl]
2008-03-25 22:31 730416 ----a-w- c:\windows\System32\InetCntrl\InetCntrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-03-13 02:56 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-03-17 23:59 2289664 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 22:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC207_Monitor]
2007-12-10 21:55 323584 ----a-w- c:\windows\PixArt\PAC207\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
2008-04-14 12:39 318488 ----a-w- c:\program files\PDF Complete\pdfsty.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-06-04 17:26 141848 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR]
2008-06-10 17:21 238896 ----a-w- c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 22:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2008-03-19 19:52 3842048 ----a-w- c:\program files\Analog Devices\SoundMAX\SoundMAX.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2008-04-04 15:10 1314816 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-10 17:55 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-03-14 03:36 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2010-06-04 08:17 1791272 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TRUUpdater]
2009-03-09 20:07 554264 ----a-w- c:\program files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB2Check]
2006-11-06 19:31 81920 ----a-w- c:\windows\System32\PCLECoInst.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2007-02-20 18:07 199752 ----a-w- c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
2008-05-23 23:23 197904 ----a-w- c:\program files\InterVideo\DVD Check\DVDCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatcherHelper]
2009-04-20 15:48 53248 ----a-w- c:\program files\Sierra Wireless Inc\Watcher\WaHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3538991759-4008017233-308032027-1000]
"EnableNotificationsRef"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [2008-04-09 32256]
R3 PAC207;PC [email protected];c:\windows\system32\DRIVERS\PFC027.SYS [2008-02-13 618112]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [2007-05-15 182576]
R4 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2008-05-15 1176824]
R4 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
R4 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2008-04-21 349432]
R4 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2008-06-10 18944]
R4 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2008-06-05 256512]
R4 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-14 26168]
R4 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2008-04-14 576536]
R4 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-08 1112560]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 bsprotlh;D-Link SecureSpot thin client;c:\windows\system32\DRIVERS\bsprotlh.sys [2007-09-19 61680]
S1 RsvLock;RsvLock; [x]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 bsinit_svc;bsinit_svc;c:\windows\System32\Drivers\BSINIT.sys [2007-02-26 7400]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2008-05-15 475520]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-11-30 181760]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - BSafeFilter
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 23:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.111.1 192.168.111.1 192.168.111.1
FF - ProfilePath - c:\users\Maureen\AppData\Roaming\Mozilla\Firefox\Profiles\eqifd22q.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-22 17:51
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(852)
c:\windows\System32\APSHook.dll
.
- - - - - - - > 'lsass.exe'(764)
c:\windows\System32\APSHook.dll
.
- - - - - - - > 'Explorer.exe'(2600)
c:\program files\Hewlett-Packard\IAM\Bin\ItClient.dll
.
Completion time: 2011-11-22 17:56:03
ComboFix-quarantined-files.txt 2011-11-23 00:56
ComboFix2.txt 2011-11-03 16:55
.
Pre-Run: 21,084,176,384 bytes free
Post-Run: 20,933,644,288 bytes free
.
- - End Of File - - 6F8C5E7766A9296304F6C9E0C5B7F072
  • 0

#8
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

Lets see what these scans find, and see where we stand then.

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

  • 0

#9
Dave Swanson

Dave Swanson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Ok, Malwarebytes found no problems, ESET would not download or run, and here is the log from securitycheck

Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 2 x86 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
Java™ 6 Update 11
Java™ 6 Update 6
HP JavaCard for HP ProtectTools
Out of date Java installed!
Adobe Flash Player ( 10.0.12.36) Flash Player Out of Date!
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Maureen Desktop esetsmartinstaller_enu.exe
``````````End of Log````````````
  • 0

#10
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Can you try using a different internet browser to download and attempt to run ESET?
  • 0

Advertisements


#11
Dave Swanson

Dave Swanson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Forgot that things worked in safe mode, will try there with ESET. Internet Explorer wouldn't run it, or I got a blank screen, then through Firefox I could manually download the installation file, but it couldn't download updates, so would not run. Again, I'll see what happens in safe mode. Thanks.
  • 0

#12
Dave Swanson

Dave Swanson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
C:\Qoobox\Quarantine\C\Program Files\Fast Browser Search\BHO.dll.vir a variant of Win32/BHO.OCS trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Fast Browser Search\ie3sh.exe.vir probably a variant of Win32/BHO.OCS trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Fast Browser Search\MTWB3SH.dll.vir a variant of Win32/BHO.OCS trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Fast Browser Search\IE\FBStoolbar.exe.vir a variant of Win32/BHO.OCS trojan deleted - quarantined

C:\Users\Cheryl\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.0.8.windows.exe Win32/OpenCandy application


Still no search engines, or virus sites
  • 0

#13
Dave Swanson

Dave Swanson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I think at least part of the problem has to do with the D-Link Securespot Thin Client which is installed on this computer. I would uninstall it but I do not know the password, does anyone know how to manually remove it?
  • 0

#14
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts

I think at least part of the problem has to do with the D-Link Securespot Thin Client which is installed on this computer. I would uninstall it but I do not know the password, does anyone know how to manually remove it?

Would you be able to contact the person who set the password on it, and see if you can find it out that way?
  • 0

#15
Dave Swanson

Dave Swanson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
No, unfortunately we can't remember the password.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP