Jump to content

oneoleguy

Honorary Members
 View Profile  See their activity

  • Posts

    45

  • Joined

  • Last visited

 Content Type 

Everything posted by oneoleguy

  1. oneoleguy
    Using Google Search for the term "Windows 7 User Account Disabled" I found enough instructions to the find and change 'User Credentials'. I can now access the Sony from the Compaq. Thanks for your assistance.
  2. oneoleguy
    AND?
  3. oneoleguy
    Update: I ran the Homegroup Troubleshooter on the Sony and told it that some PCs couldn't access it's files and then went to the Compaq which couldn't access it's files. Strange, now all the computers on the network are visible and accessible from the Compaq EXCEPT the Sony. Go figure that a change on the Sony produced unexpected changes on the Compaq. Bill
  4. oneoleguy
    Yes, both have passwords and sharing is still set. I had a rough afternoon yesterday, the network seems unstable. For some reason the PCs are accessible one minute and a few minutes later they aren't. This morning: The Sony can see and access all computers on the network. The Compaq can only see the Sony, but cannot access it. The Win2000 can see all other computers but cannot access either the Sony or the Compaq. I have another Win2000 active and didn't know it was on the network until yesterday. It can access all the other PCs on the network and it hasn't had the fixes I had found applied to it. The PCs had and changed their states several times yesterday and now I'm real confused. Any suggestions? Bill
  5. oneoleguy
    I went through that document and: Made sure all PCs were in the same WORKGROUP That all PCs were in the same homegroup Changed each PCs Name Checked the Network and Sharing Center to ensure that all PCs were on the HOME network Rebooted both PCs many times Ran the HomeGroup Troubleshooter many times AND then finally on the Sony (the one I had the infected files on) SAW the other PCs. When I answered that YES it had fixed the problem, it told me that there was something invalid in the NAME or something like that. I was so excited to see the Networking working again, I didn't write down what it said. There was another issue that I didn't bring up initially. I didn't want to confuse the issue. I had gotten instructions on a fix to connect the Win7 PCs to my Win2000 PC. It had worked for about 3 hours and then I couldn't connect to it again I made sure the settings (i.e. WORKGROUP, etc.) were the same as the 2 Win7 PCs. I'm still trouble trying to get the Win2000 PC to connect with the others. It sees them but complained that the account was cancelled or something. I'll continue working with it. Anyway, that was a great document and helped me return to a working network. Thank you, Bill PS After the infection removals and the return of my networking, it's like having new PCs. Wow!
  6. oneoleguy
    This is the last line of Maurices last email on the infections I had: "We are finished here. Best regards & Cheers !"
  7. oneoleguy
    Hello, I've been working with Maurice http://forums.malwar...howtopic=102751 on a security issue. During that work, I ask about my Home Network issues and he suggested that I post my issues here. I have 2 Win7 64-bit PCs in my network and they have trouble communicating with each other. The Compaq sees the Sony in the network explorer. When attempting to connect to the Sony I am being prompted for a password...When it was working correctly several months ago, this prompting didn't happen. The Sony does not list the Compaq at all in the network explorer window. Could you assist me in correcting this set of problems? Bill
  8. oneoleguy
    You've been very helpful Maurice. Thank you. Could you refer me to the networking people to see if they can help me with my network issue? Thanks again, Bill
  9. oneoleguy
    Maurice, Explained that way, I see the reason for updating Firefox. This was my original message....All these issues have been corrected.
  10. oneoleguy
    You won't believe this. I performed the 3 updates and then ran SecurityCheck again and got these results: Results of screen317's Security Check version 0.99.30 Windows 7 x64 (UAC is enabled) Internet Explorer 9 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! ESET Online Scanner v3 WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Adobe Flash Player 10.3.183.15 Flash Player out of Date! Adobe Reader X (10.1.2) Mozilla Firefox (3.6.27) Firefox out of Date! ```````````````````````````````` Process Check: objlist.exe by Laurent Windows Defender MSMpEng.exe Malwarebytes' Anti-Malware mbamservice.exe Microsoft Security Essentials msseces.exe Microsoft Security Client Antimalware MsMpEng.exe Microsoft Security Client Antimalware NisSrv.exe Bill Halliday Desktop Malware identify and fix SecurityCheck.exe ``````````End of Log```````````` What that flash player message may be about is the FlashPlayer 11 for 64-bit. 3.6.27 is the latest version of 3.6 of firefox. I don't really want to go higher, for now.
  11. oneoleguy
    Yes indeed, I did use the uninstall from the control panel. Before the run of RSIT yesterday. Those entries will be removed once I run a scan program that deletes unused entries in the registry, I hope! MBAM found no infections. The Windows Update went well with all updates Successful. Then the PC re-booted. The link you provided for McAfee was not a FREE download. I went to the Control Panel and uninstalled it. The uninstall wasn't a complete process as I'm unable to delete the fines in the McAfee subdirectory of Program Files(x86). Checkup Log ================================================================================================ Results of screen317's Security Check version 0.99.30 Windows 7 x64 (UAC is enabled) Internet Explorer 9 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! ESET Online Scanner v3 WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Java™ 6 Update 30 Adobe Flash Player 10.3.183.11 Flash Player out of Date! Adobe Reader 9 Adobe Reader out of date! Mozilla Firefox (3.6.9) Firefox out of Date! ```````````````````````````````` Process Check: objlist.exe by Laurent Windows Defender MSMpEng.exe Malwarebytes' Anti-Malware mbamservice.exe Microsoft Security Essentials msseces.exe Microsoft Security Client Antimalware MsMpEng.exe Microsoft Security Client Antimalware NisSrv.exe Bill Halliday Desktop Malware identify and fix SecurityCheck.exe ``````````End of Log````````````
  12. oneoleguy
    One last little tidbit. I checked the connection from this PC to my other PC and vise-versa. This PC could not see the other one at all The other PC was no longer prompting for a network password but connected to this PC instantly So, I still seem to have some problems!
  13. oneoleguy
    I was so excited, but then I realized you'd like to see a screen print of it.
  14. oneoleguy
    PS. I re-booted after deleting the Advanced System Care 4 and running the RSIT program. Both the Firewall and the Action Center are active!
  15. oneoleguy
    info.txt ================================================================================ info.txt logfile of random's system information tool 1.09 2012-02-18 12:41:40 ======Uninstall list====== Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438} Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {90120000-003B-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438} Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438} -->C:\ProgramData\{4E78170A-6049-4586-A083-3AECE1A687E4}\wsc_x1.exe -->C:\Windows\IsUninst.exe -fC:\Windows\system32\UninstIPP.isu 7-Zip 9.20-->C:\Program Files (x86)\7-Zip\Uninstall.exe ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07} Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723} Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10y_Plugin.exe -maintain plugin Adobe Flash Player 11 ActiveX 64-bit-->C:\Windows\system32\Macromed\Flash\FlashUtil64_11_0_1_ActiveX.exe -maintain activex Adobe Reader 9.5.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A95000000001} Apple Application Support-->MsiExec.exe /I{6A3F9D74-BB80-4451-8CA1-4B3A857F1359} Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE} ArcSoft WebCam Companion 2-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{9973498D-EA29-4A68-BE0B-C88D6E03E928}\Setup.exe" -l0x9 Ask Toolbar-->MsiExec.exe /I{86D4B82A-ABED-442A-BE86-96357B70F4FE} Auslogics Disk Defrag-->"C:\Program Files (x86)\Auslogics\Auslogics Disk Defrag\unins000.exe" Avery Wizard 3.1-->MsiExec.exe /I{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027} Avery Wizard 4.0-->MsiExec.exe /X{F97272B4-82C4-46B2-BCF1-C4D6E8CAB3E6} AVS Update Manager 1.0-->"C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\unins000.exe" AVS Video Converter 6-->"C:\Program Files (x86)\AVS4YOU\AVSVideoConverter6\unins000.exe" AVS4YOU Software Navigator 1.3-->"C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\unins000.exe" Belarc Advisor 8.2-->"C:\PROGRA~2\Belarc\Advisor\Uninstall.exe" "C:\PROGRA~2\Belarc\Advisor\INSTALL.LOG" Bing Bar-->C:\Program Files (x86)\Bing Bar Installer\InstallManager.exe /UNINSTALL Bulk Mailer-->"C:\ProgramData\{2408CEC0-B073-4626-BC31-20BADBC07887}\mailer_setup.exe" REMOVE=TRUE MODIFY=FALSE Bulk Mailer-->C:\ProgramData\{2408CEC0-B073-4626-BC31-20BADBC07887}\mailer_setup.exe CashSystemX-->C:\Program Files (x86)\CashSystemX\Uninstall.exe Conduit Engine-->C:\PROGRA~2\CONDUI~1\ConduitEngineUninstall.exe Dolby Control Center-->MsiExec.exe /I{D035FBF6-FDEF-487D-89CA-6F9DD07B783F} EditPlus 3-->C:\Program Files (x86)\EditPlus 3\remove.exe Email Extractor-->"C:\ProgramData\{A622CA4A-0A5A-43C3-AF4F-ABBE76154383}\email-extractor-setup.exe" REMOVE=TRUE MODIFY=FALSE Email Extractor-->C:\ProgramData\{A622CA4A-0A5A-43C3-AF4F-ABBE76154383}\email-extractor-setup.exe Email Verifier-->"C:\ProgramData\{36B7E4FF-9E7B-46F2-B3E9-D12C3B4B7F9B}\email_verifier_pro_setup.exe" REMOVE=TRUE MODIFY=FALSE Email Verifier-->C:\ProgramData\{36B7E4FF-9E7B-46F2-B3E9-D12C3B4B7F9B}\email_verifier_pro_setup.exe ERUNT 1.1j-->"C:\Program Files (x86)\ERUNT\unins000.exe" ESET Online Scanner v3-->C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe ExamDiff 1.8 (Build 1.8.0.3)-->"C:\Program Files (x86)\ExamDiff\unins000.exe" FaxRedist-->MsiExec.exe /I{2C8CC208-965C-48A1-90A8-DFB484358F1C} FileZilla Client 3.5.2-->C:\Program Files (x86)\FileZilla FTP Client\uninstall.exe forexfreedom-->C:\Program Files (x86)\forexfreedom\Uninstall.exe GIMP 2.6.11-->"C:\Program Files (x86)\GIMP-2.0\setup\unins000.exe" Gimp-->"C:\Windows\unins000.exe" Google Earth-->MsiExec.exe /X{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E} Google SketchUp 8-->MsiExec.exe /X{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} I Want This-->C:\Program Files (x86)\I Want This\Uninstall.exe ieSpell-->"C:\Program Files (x86)\ieSpell\uninst.exe" Interbank FX Trader 4.00-->"C:\Program Files (x86)\Interbank FX Trader 4\Uninstall.exe" "C:\Program Files (x86)\Interbank FX Trader 4\install.log" Java 6 Update 30-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216030FF} LG USB Modem driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9 LG Live Email Autoresponder-->"C:\ProgramData\{8921F4DB-47CF-4BD4-9F2F-01D3AF03EDC0}\autoresponder_setup.exe" REMOVE=TRUE MODIFY=FALSE Live Email Autoresponder-->C:\ProgramData\{8921F4DB-47CF-4BD4-9F2F-01D3AF03EDC0}\autoresponder_setup.exe Live TV-->"C:\Program Files (x86)\LIVE TV\unins000.exe" McAfee Security Scan Plus-->"C:\Program Files (x86)\McAfee Security Scan\uninstall.exe" Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} Microsoft .NET Framework 4 Extended-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /x64 /parameterfolder Extended Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{8E34682C-8118-31F1-BC4C-98CD9675E1C2} Microsoft Antimalware-->MsiExec.exe /X{05BFB060-4F22-4710-B0A2-2801A1B606C5} Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE} Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE} Microsoft Office Enterprise 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE} Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE} Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE} Microsoft Office Office 64-bit Components 2007-->MsiExec.exe /X{90120000-002A-0000-1000-0000000FF1CE} Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE} Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office Project MUI (English) 2007-->MsiExec.exe /X{90120000-00B4-0409-0000-0000000FF1CE} Microsoft Office Project Professional 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PRJPRO /dll OSETUP.DLL Microsoft Office Project Professional 2007-->MsiExec.exe /X{90120000-003B-0000-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE} Microsoft Office Shared 64-bit MUI (English) 2007-->MsiExec.exe /X{90120000-002A-0409-1000-0000000FF1CE} Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0116-0409-1000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Visio MUI (English) 2007-->MsiExec.exe /X{90120000-0054-0409-0000-0000000FF1CE} Microsoft Office Visio Professional 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISPROR /dll OSETUP.DLL Microsoft Office Visio Professional 2007-->MsiExec.exe /X{91120000-0051-0000-0000-0000000FF1CE} Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs-->MsiExec.exe /X{90120000-00B2-0409-0000-0000000FF1CE} Microsoft Security Client-->MsiExec.exe /I{42738DB0-FC3E-4672-A99B-9372F5696E30} Microsoft Security Essentials-->C:\Program Files\Microsoft Security Client\Setup.exe /x Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6} Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F} Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} Microsoft Visual J# 2.0 Redistributable Package-->C:\Windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe Mozilla Firefox (3.6.9)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe MySQL Connector C 6.0.2-->MsiExec.exe /I{5B6A2A7C-658E-4661-A254-3C36F5B63943} MySQL Connector C++ 1.1.0-->MsiExec.exe /I{3C481CDB-34E8-4CEF-B487-4C9C60530CFC} MySQL Connector J-->MsiExec.exe /I{090C73E1-BB48-403D-9DFF-A60FD71FF73A} MySQL Connector Net 6.4.4-->MsiExec.exe /I{2DDC7E93-29AB-4260-A9DB-697F7FA88157} MySQL Connector/ODBC 5.1-->MsiExec.exe /I{C44218B2-EC4D-4EB9-A3E3-F8F4A46927EC} MySQL Installer-->MsiExec.exe /I{B9A129AB-CA6B-4CD1-B55C-792722E2B947} MySQL Server 5.5-->MsiExec.exe /I{F71EAE49-EF2E-4DBB-9A36-62E7A7EE3A85} MySQL Workbench 5.2 CE-->MsiExec.exe /I{944322AF-5D21-43F7-87DE-06BB30A1C369} Net Extractor-->C:\PROGRA~2\SOFTWA~1\UNWISE.EXE C:\PROGRA~2\SOFTWA~1\INSTALL.LOG NetAssistant-->MsiExec.exe /X{1266764D-FC4F-4FA7-B63B-884D53B1680F} NetPicks Ultimate Swing Trader-->C:\Program Files (x86)\NetPicks Ultimate Swing Trader\UninstallOHForTradeStation.exe Office Suite X 3.3-->MsiExec.exe /I{1F56A6C9-81CA-4B5F-B471-8CCB13CF85DA} Oracle Trader 1.2.24-->"C:\Program Files (x86)\Oracle Trader\unins000.exe" PCLinq2 High-Speed USB Bridge Cable-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{95381165-5D16-4CD4-9162-57799A3F3AB5}\Setup.exe" -l0x9 Picasa 3-->"C:\Program Files (x86)\Google\Picasa3\Uninstall.exe" Presto! Forms 3.50.02-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{B79920F8-AB6E-45B2-B257-900BBA969FF7}\setup.exe" -l0x9 -anything Presto! PageManager 7.12.10-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{72CD4C5F-AB0B-4814-8780-9A4F26A2086B}\setup.exe" -l0x9 -anything QuickTime-->MsiExec.exe /I{C9E14402-3631-4182-B377-6B0DFB1C0339} RealNetworks - Microsoft Visual C++ 2008 Runtime-->MsiExec.exe /X{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA} RealPlayer-->c:\program files (x86)\real\realplayer\Update\r1puninst.exe RealNetworks|RealPlayer|15.0 Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly RealUpgrade 1.1-->MsiExec.exe /I{28C2DED6-325B-4CC7-983A-1777C8F7FBAB} Registry Life version 1.28-->"C:\Program Files (x86)\Registry Life\unins000.exe" Screen Sharing Plug-in-->MsiExec.exe /I{E141D65D-7E60-42AA-B58E-DCB107DE7A8B} Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85} Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85} Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85} Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85} Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-003B-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85} Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85} Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7} Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-003B-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7} Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7} Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Extended (KB2487367)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {9D621E6E-E010-3C80-A055-135891134750} /parameterfolder Extended Security Update for Microsoft .NET Framework 4 Extended (KB2656351)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Extended Security Update for Microsoft Office Project 2007 (KB949046)-->msiexec /package {90120000-003B-0000-0000-0000000FF1CE} /uninstall {B14B8A2C-6EB4-4FB6-B589-F6A5ABEC5B00} Skype Click to Call-->MsiExec.exe /I{B6CF2967-C81E-40C0-9815-C05774FEF120} Skype™ 5.5-->MsiExec.exe /X{AA59DDE4-B672-4621-A016-4C248204957A} Smart Defrag 2-->"C:\Program Files (x86)\IObit\Smart Defrag 2\unins001.exe" SnagIt 8-->MsiExec.exe /I{0AEA9ECE-2AD0-4DF0-932E-F0AC6B771749} Software Success Bundle - NX/GS/AP-->C:\PROGRA~2\SOFTWA~1\UNWISE.EXE C:\PROGRA~2\SOFTWA~1\INSTALL.LOG TeamViewer 6-->C:\Program Files (x86)\TeamViewer\Version6\uninstall.exe The Weather Channel Screensaver-->C:\PROGRA~2\THEWEA~1\SCREEN~1\UNWISE.EXE C:\PROGRA~2\THEWEA~1\SCREEN~1\INSTALL.LOG ThermaData Logger-->MsiExec.exe /I{C3E63F02-D0B3-4017-AB9B-F46FE8C6DFE0} TypeItIn Professional V2.8.1-->"C:\Program Files (x86)\TypeItIn\unins000.exe" Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-003B-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client Update for Microsoft .NET Framework 4 Extended (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Extended Update for Microsoft .NET Framework 4 Extended (KB2533523)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Extended Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42} Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42} Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42} Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {97FF6C46-CE3A-47F6-BA6B-3D743ACA4054} Update for Microsoft Office Infopath 2007 Help (KB963662)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {716B81B8-B13C-41DF-8EAC-7A2F656CAB63} Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245} Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F} Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C} Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C} Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C} Update for Microsoft Office Word 2007 (KB974631)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1D53FB73-9826-4541-B2E0-A239C6EBA718} Update for Microsoft Office Word 2007 (KB974631)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {34726474-50D6-49FC-B8AC-35411459D27A} VAIO Care-->"C:\Program Files (x86)\InstallShield Installation Information\{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}\setup.exe" -runfromtemp -l0x0009 -removeonly ViceVersa Pro 2.5 64-bit (Build 2500)-->"C:\Program Files\ViceVersa Pro 2\unins000.exe" VLC media player 0.9.8a-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe Voicent Gateway-->MsiExec.exe /I{11EFA17B-5422-45B2-88C6-B5400B91D4F8} Vuze Remote Toolbar-->C:\PROGRA~2\VUZE_R~1\UNINST~1.EXE Vuze-->C:\Program Files (x86)\Vuze\uninstall.exe WIDCOMM Bluetooth Software-->MsiExec.exe /X{9E9D49A4-1DF4-4138-B7DB-5D87A893088E} Windows Live ID Sign-in Assistant-->MsiExec.exe /X{9B48B0AC-C813-4174-9042-476A887592C7} Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe WinSysClean X2-->"C:\ProgramData\{4E78170A-6049-4586-A083-3AECE1A687E4}\wsc_x1.exe" REMOVE=TRUE MODIFY=FALSE ======System event log====== Computer Name: Owner-PC Event Code: 7023 Message: The Windows Modules Installer service terminated with the following error: The process cannot access the file because it is being used by another process. Record Number: 619 Source Name: Service Control Manager Time Written: 20100311205251.696052-000 Event Type: Error User: Computer Name: Owner-PC Event Code: 4321 Message: The name "OWNER-PC :0" could not be registered on the interface with IP address 192.168.1.105. The computer with the IP address 192.168.1.102 did not allow the name to be claimed by this computer. Record Number: 517 Source Name: NetBT Time Written: 20100311204403.676343-000 Event Type: Error User: Computer Name: Owner-PC Event Code: 4321 Message: The name "OWNER-PC :0" could not be registered on the interface with IP address 192.168.1.105. The computer with the IP address 192.168.1.102 did not allow the name to be claimed by this computer. Record Number: 490 Source Name: NetBT Time Written: 20100311204330.502658-000 Event Type: Error User: Computer Name: Owner-PC Event Code: 4321 Message: The name "OWNER-PC :20" could not be registered on the interface with IP address 192.168.1.105. The computer with the IP address 192.168.1.102 did not allow the name to be claimed by this computer. Record Number: 489 Source Name: NetBT Time Written: 20100311204330.502658-000 Event Type: Error User: Computer Name: Owner-PC Event Code: 2505 Message: The server could not bind to the transport \Device\NetBT_Tcpip_{36A90CA6-E63C-412C-8AD2-AE7BA8AFC026} because another computer on the network has the same name. The server could not start. Record Number: 485 Source Name: Server Time Written: 20100311204330.000000-000 Event Type: Error User: =====Application event log===== Computer Name: Vaio Event Code: 11 Message: Possible Memory Leak. Application (C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted) (PID: 780) has passed a non-NULL pointer to RPC for an [out] parameter marked [allocate(all_nodes)]. [allocate(all_nodes)] parameters are always reallocated; if the original pointer contained the address of valid memory, that memory will be leaked. The call originated on the interface with UUID ({3F31C91E-2545-4B7B-9311-9529E8BFFEF6}), Method number (20). User Action: Contact your application vendor for an updated version of the application. Record Number: 273 Source Name: Microsoft-Windows-RPC-Events Time Written: 20100311221010.495329-000 Event Type: Warning User: NT AUTHORITY\LOCAL SERVICE Computer Name: Owner-PC Event Code: 1530 Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-3016247236-2053164898-2875212204-1001: Process 424 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-3016247236-2053164898-2875212204-1001 Record Number: 233 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20100311205243.615238-000 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: Owner-PC Event Code: 1533 Message: Windows cannot delete the profile directory C:\Users\Administrator. This error may be caused by files in this directory being used by another program. DETAIL - The directory is not empty. Record Number: 210 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20100311204401.999113-000 Event Type: Error User: NT AUTHORITY\SYSTEM Computer Name: Owner-PC Event Code: 11 Message: Possible Memory Leak. Application (C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted) (PID: 976) has passed a non-NULL pointer to RPC for an [out] parameter marked [allocate(all_nodes)]. [allocate(all_nodes)] parameters are always reallocated; if the original pointer contained the address of valid memory, that memory will be leaked. The call originated on the interface with UUID ({3F31C91E-2545-4B7B-9311-9529E8BFFEF6}), Method number (20). User Action: Contact your application vendor for an updated version of the application. Record Number: 207 Source Name: Microsoft-Windows-RPC-Events Time Written: 20100311204357.880706-000 Event Type: Warning User: NT AUTHORITY\LOCAL SERVICE Computer Name: Owner-PC Event Code: 1008 Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}. Record Number: 119 Source Name: Microsoft-Windows-Search Time Written: 20100311223948.000000-000 Event Type: Warning User: =====Security event log===== Computer Name: 37L4247E29-32 Event Code: 4735 Message: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: 37L4247E29-32$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: - Record Number: 5 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100311223145.655686-000 Event Type: Audit Success User: Computer Name: 37L4247E29-32 Event Code: 4731 Message: A security-enabled local group was created. Subject: Security ID: S-1-5-18 Account Name: 37L4247E29-32$ Account Domain: WORKGROUP Logon ID: 0x3e7 New Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Attributes: SAM Account Name: Backup Operators SID History: - Additional Information: Privileges: - Record Number: 4 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100311223145.655686-000 Event Type: Audit Success User: Computer Name: 37L4247E29-32 Event Code: 4902 Message: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x32017 Record Number: 3 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100311223145.328085-000 Event Type: Audit Success User: Computer Name: 37L4247E29-32 Event Code: 4624 Message: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Record Number: 2 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100311223143.097281-000 Event Type: Audit Success User: Computer Name: 37L4247E29-32 Event Code: 4608 Message: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Record Number: 1 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100311223142.988081-000 Event Type: Audit Success User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;%CommonProgramFiles%\Microsoft Shared\Windows Live;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\QuickTime\QTSystem "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=AMD64 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ "NUMBER_OF_PROCESSORS"=2 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 15 Stepping 13, GenuineIntel "PROCESSOR_REVISION"=0f0d "CLASSPATH"=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip -----------------EOF-----------------
  16. oneoleguy
    I deleted Advanced System Care 4. Log.txt>>>>>>>>>>>>>>>>>>With info.txt the post was too long. I am adding it seperately. ====================================================================================================== Logfile of random's system information tool 1.09 (written by random/random) Run by Bill Halliday at 2012-02-18 12:41:30 Microsoft Windows 7 Professional Service Pack 1 System drive C: has 144 GB (63%) free of 228 GB Total RAM: 8031 MB (79% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:41:39 PM, on 2/18/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files (x86)\TypeItIn\TypeItIn.exe C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Program Files\Sony\VAIO Care\listener.exe C:\Program Files\trend micro\Bill Halliday.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: CrossriderApp0002258 - {11111111-1111-1111-1111-110011221158} - C:\Program Files (x86)\I Want This\I Want This.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Vuze Remote - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll O3 - Toolbar: Avery Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-18\..\Run: [Advanced SystemCare 4] "C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Advanced SystemCare 4] "C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe" (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE O4 - Startup: TypeItIn.lnk = C:\Program Files (x86)\TypeItIn\TypeItIn.exe O4 - Startup: Windows Task Manager.lnk = C:\Windows\System32\taskmgr.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: McAfee Security Scan Plus.lnk = ? O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Check &Spelling - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files (x86)\ieSpell\Merriam Webster.HTM O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files (x86)\ieSpell\wikipedia.HTM O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} (diskhealth Class) - http://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: lxdj_device - Unknown owner - C:\Windows\system32\lxdjcoms.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: MySQL55 - Unknown owner - C:\Program.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe O23 - Service: Intel® Sample Collector (SampleCollector) - Intel Corporation - C:\Program Files\Sony\VAIO Care\collsvc.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: Voicent Gateway (VoicentGateway) - Voicent Communications, Inc - C:\Program Files (x86)\Voicent\Gateway\bin\vgate.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11947 bytes ======Listing Processes====== \SystemRoot\System32\smss.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 wininit.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe winlogon.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService "C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe" C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\svchost.exe -k netsvcs C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork "C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe" C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\lxdjcoms.exe -service "C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld" --defaults-file="C:\ProgramData\MySQL\MySQL Server 5.5\my.ini" MySQL55 C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\svchost.exe -k imgsvc "C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe" "C:\Program Files (x86)\Voicent\Gateway\bin\vgate.exe" -Dtype=service "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" "C:\Program Files (x86)\Voicent\Gateway\bin\vgate.exe" -Dtype=server "taskhost.exe" C:\Windows\system32\SearchIndexer.exe /Embedding -Dvx.home="C:\Program Files (x86)\Voicent\Gateway" -Dspport=8355 -Dvoice="Microsoft Anna - English (United States)" "C:\Windows\system32\Dwm.exe" C:\Windows\Explorer.EXE WLIDSvcM.exe 1872 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted "C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe" -Dvx.home="C:\Program Files (x86)\Voicent\Gateway" -Doutports="8455" -Dvxport=8255 -Dspport=8355 -Dappport=8155 -Dline=0 -Dphone=dummy C:\Windows\system32\svchost.exe -k bthsvcs "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" C:\Windows\SysWOW64\DllHost.exe /Processid:{3F6B5E16-092A-41ED-930B-0B4125D91D4E} -cp lib/HTTPClient.jar;lib/xalan.jar;lib/xercesImpl.jar;lib/xml-apis.jar;lib/mail.jar;lib/vx.jar -Xrs vx.server.VxInterpServer -Dvx.home="C:\Program Files (x86)\Voicent\Gateway" -Dappport=8155 -Dvxport=8255 -Dcachedir="C:\Program Files (x86)\Voicent\Gateway/work/vxcache" -DRV=Male "C:\Windows\System32\igfxtray.exe" "C:\Windows\System32\hkcmd.exe" "C:\Windows\System32\igfxpers.exe" "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun "C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe" "C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe" "C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE" /tsr "C:\Program Files (x86)\TypeItIn\TypeItIn.exe" "C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe" -Embedding "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot "C:\Program Files\Windows Media Player\wmpnetwk.exe" "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe" -Djava.security.policy="C:\Program Files (x86)\Voicent\Gateway\conf\catalina.policy" -cp "C:\Program Files (x86)\Voicent\Gateway\lib\ant-launcher.jar;C:\Program Files (x86)\Voicent\Gateway\lib\ant.jar;C:\Program Files (x86)\Voicent\Gateway\lib\bootstrap.jar;C:\Program Files (x86)\Voicent\Gateway\lib\catalina-ant.jar;C:\Program Files (x86)\Voicent\Gateway\lib\catalina.jar;C:\Program Files (x86)\Voicent\Gateway\lib\commons-beanutils.jar;C:\Program Files (x86)\Voicent\Gateway\lib\commons-collections-3.2.jar;C:\Program Files (x86)\Voicent\Gateway\lib\commons-digester-1.8.jar;C:\Program Files (x86)\Voicent\Gateway\lib\commons-fileupload-1.2.jar;C:\Program Files (x86)\Voicent\Gateway\lib\commons-io-1.3.jar;C:\Program Files (x86)\Voicent\Gateway\lib\commons-logging-1.1.1.jar;C:\Program Files (x86)\Voicent\Gateway\lib\commons-logging-api-1.1.1.jar;C:\Program Files (x86)\Voicent\Gateway\lib\commons-modeler-2.0.1.jar;C:\Program Files (x86)\Voicent\Gateway\lib\HTTPClient.jar;C:\Program Files (x86)\Voicent\Gateway\lib\jakarta-regexp-1.5.jar;C:\Program Files (x86)\Voicent\Gateway\lib\jasper-compiler.jar;C:\Program Files (x86)\Voicent\Gateway\lib\jasper-runtime.jar;C:\Program Files (x86)\Voicent\Gateway\lib\log4j-1.2.15.jar;C:\Program Files (x86)\Voicent\Gateway\lib\mail.jar;C:\Program Files (x86)\Voicent\Gateway\lib\mx4j.jar;C:\Program Files (x86)\Voicent\Gateway\lib\naming-common.jar;C:\Program Files (x86)\Voicent\Gateway\lib\naming-factory.jar;C:\Program Files (x86)\Voicent\Gateway\lib\naming-resources.jar;C:\Program Files (x86)\Voicent\Gateway\lib\serializer.jar;C:\Program Files (x86)\Voicent\Gateway\lib\servlet.jar;C:\Program Files (x86)\Voicent\Gateway\lib\servlets-common.jar;C:\Program Files (x86)\Voicent\Gateway\lib\servlets-default.jar;C:\Program Files (x86)\Voicent\Gateway\lib\servlets-invoker.jar;C:\Program Files (x86)\Voicent\Gateway\lib\servlets-manager.jar;C:\Program Files (x86)\Voicent\Gateway\lib\servlets-webdav.jar;C:\Program Files (x86)\Voicent\Gateway\lib\tomcat-coyote.jar;C:\Program Files (x86)\Voicent\Gateway\lib\tomcat-http11.jar;C:\Program Files (x86)\Voicent\Gateway\lib\tomcat-jk.jar;C:\Program Files (x86)\Voicent\Gateway\lib\tomcat-jk2.jar;C:\Program Files (x86)\Voicent\Gateway\lib\tomcat-util.jar;C:\Program Files (x86)\Voicent\Gateway\lib\tomcat4-coyote.jar;C:\Program Files (x86)\Voicent\Gateway\lib\vx.jar;C:\Program Files (x86)\Voicent\Gateway\lib\xalan.jar;C:\Program Files (x86)\Voicent\Gateway\lib\xercesImpl.jar;C:\Program Files (x86)\Voicent\Gateway\lib\xml-apis.jar;C:\Program Files (x86)\Voicent\Gateway/outcall\lib\vx-outcall.jar;" -Xrs vx.server.VxApp -Dvx.home="C:\Program Files (x86)\Voicent\Gateway" -Dappport=8155 -Dpdport=8165 -Doutport="10,2,0,0,0,0,-1,USD,8455" -Dpassword=1234 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c "C:\Program Files\Sony\VAIO Care\collsvc.exe" "/service" "/counter=\Processor(_Total)\% Processor Time:5" "/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5" "/counter=\Network Interface(*)\Bytes Total/sec:5" "/directory=inteldata" C:\Program Files\Sony\VAIO Care/listener.exe /silent /slot=0 "C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516 "C:\Users\Bill Halliday\Desktop\Malware identify and fix\RSITx64.exe" C:\Windows\system32\wbem\wmiprvse.exe ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskMachineCore1cce37848295051.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3016247236-2053164898-2875212204-1001Core1cce37991f79d5.job C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-3016247236-2053164898-2875212204-1001.job C:\Windows\tasks\Scheduled Update for Ask Toolbar.job C:\Windows\tasks\User_Feed_Synchronization-{2F89628F-55E1-4645-B601-EB8FD64B2EC8}.job C:\Windows\tasks\{1A582068-DB11-4D49-8801-1D81FAB645CA}.job C:\Windows\tasks\{5BB7C174-8A26-436F-98C5-BD72B39D7783}.job C:\Windows\tasks\{627B3416-F8F9-4CA0-8E2D-8C3065E79784}.job C:\Windows\tasks\{855A4FC4-43D0-4A2A-B869-B2C4968C65DA}.job C:\Windows\tasks\{9F928FF6-F7B3-4AE6-8C20-E7E1E649C7E9}.job C:\Windows\tasks\{FC2498CB-9732-464B-9ABF-9D829D33D832}.job =========Mozilla firefox========= ProfilePath - C:\Users\Bill Halliday\AppData\Roaming\Mozilla\Firefox\Profiles\ynulddlp.default prefs.js - "browser.search.useDBForOrder" - true prefs.js - "extensions.enabledItems" - "{ABDE892B-13A8-4d1b-88E6-365A6E755758}:15.0.1, {ba14329e-9550-4989-b3f2-9732e92d17cc}:3.7.0.6, {9D7B21FA-0991-472C-8F8E-2CD6CC1CB7BC}:2.01, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.12, {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442, {3112ca9c-de6d-4884-a869-9855de68056c}:7.1.20110512W, crossriderapp2258@crossrider.com:0.78.15, {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30, toolbar@shopathome.com:5.2.0.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.9" prefs.js - "keyword.URL" - "http://www.google.com/search?sourceid=navclient&hl=en&q=" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 10.1 Plugin "Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@cnw.com/cnwplugin] "Description"=CNW Plugin 1.0 "Path"=C:\Program Files (x86)\Screen Sharing Plug-in\npcnwplugin.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin] "Description"=Google Earth in your browser "Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0] "Description"=Picasa3 plugin "Path"=C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin] "Description"=Oracle® Next Generation Java™ Plug-In "Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE] "Description"= "Path"=disabled [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13] "Description"=RealPlayer LiveConnect-Enabled Plug-In "Path"=c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13] "Description"=RealJukebox Netscape Plugin "Path"=c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13] "Description"=RealNetworks RealPlayer Chrome Background Extension Plug-In "Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13] "Description"=RealPlayer HTML5VideoShim Plug-In "Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13] "Description"=15.0.1.13 "Path"=c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=] "Description"= "Path"= [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] "Description"=Google Update "Path"=C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] "Description"=Google Update "Path"=C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader] "Description"=Handles PDFs in-place in Firefox "Path"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE] "Description"= "Path"=disabled C:\Program Files (x86)\Mozilla Firefox\extensions\ {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} {972ce4c6-7e08-4474-a285-3208198ce6fd} {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} C:\Program Files (x86)\Mozilla Firefox\components\ browser.xpt browserdirprovider.dll brwsrcmp.dll components.list FeedConverter.js FeedProcessor.js FeedWriter.js fuelApplication.js GPSDGeolocationProvider.js jsconsole-clhandler.js NetworkGeolocationProvider.js nppl3260.xpt nsAddonRepository.js nsBadCertHandler.js nsBlocklistService.js nsBrowserContentHandler.js nsBrowserGlue.js nsContentDispatchChooser.js nsContentPrefService.js nsDefaultCLH.js nsDownloadManagerUI.js nsExtensionManager.js nsFormAutoComplete.js nsHandlerService.js nsHelperAppDlg.js nsINIProcessor.js nsIQTScriptablePlugin.xpt nsjsrealplayerplugin.xpt nsLivemarkService.js nsLoginInfo.js nsLoginManager.js nsLoginManagerPrompter.js nsMicrosummaryService.js nsPlacesAutoComplete.js nsPlacesDBFlush.js nsPlacesTransactionsService.js nsPrivateBrowsingService.js nsProxyAutoConfig.js nsSafebrowsingApplication.js nsSearchService.js nsSearchSuggestions.js nsSessionStartup.js nsSessionStore.js nsSetDefaultBrowser.js nsSidebar.js nsTaggingService.js nsTryToClose.js nsUpdateService.js nsUpdateServiceStub.js nsUpdateTimerManager.js nsUrlClassifierLib.js nsUrlClassifierListManager.js nsURLFormatter.js nsWebHandlerApp.js pluginGlue.js storage-Legacy.js storage-mozStorage.js txEXSLTRegExFunctions.js WebContentConverter.js C:\Program Files (x86)\Mozilla Firefox\plugins\ np-mswmp.dll npdeployJava1.dll nul32.dll NPOFF12.DLL nppdf32.dll nppl3260.dll npqtplugin.dll npqtplugin2.dll npqtplugin3.dll npqtplugin4.dll npqtplugin5.dll npqtplugin6.dll npqtplugin7.dll nprjplug.dll nprpjplug.dll QuickTimePlugin.class WMP Firefox Plugin License.rtf WMP Firefox Plugin RelNotes.txt C:\Program Files (x86)\Mozilla Firefox\searchplugins\ amazondotcom.xml answers.xml avg-secure-search.xml creativecommons.xml eBay.xml google.xml wikipedia.xml yahoo.xml C:\Users\Bill Halliday\AppData\Roaming\Mozilla\Firefox\Profiles\ynulddlp.default\extensions\ crossriderapp2258@crossrider.com toolbar@shopathome.com {1018e4d6-728f-4b20-ad56-37578a4de76b} {3112ca9c-de6d-4884-a869-9855de68056c} {9D7B21FA-0991-472C-8F8E-2CD6CC1CB7BC} {ba14329e-9550-4989-b3f2-9732e92d17cc} C:\Users\Bill Halliday\AppData\Roaming\Mozilla\Firefox\Profiles\ynulddlp.default\searchplugins\ conduit.xml ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}] HelperObject Class - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll [2006-03-14 49152] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158}] I Want This - C:\Program Files (x86)\I Want This\I Want This.dll [2012-01-25 475480] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-01-09 425680] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] Conduit Engine - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-02-09 325408] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10 3834016] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}] Vuze Remote Toolbar - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll [2011-01-17 175912] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] Avery Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2010-01-20 1197448] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-02-09 42272] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar] {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll [2006-03-14 131072] {D4027C7F-154A-4066-A1AD-4243D8127440} - Avery Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2010-01-20 1197448] {ba14329e-9550-4989-b3f2-9732e92d17cc} - Vuze Remote Toolbar - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll [2011-01-17 175912] {30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-09-03 7938080] "Skytel"=C:\Program Files\Realtek\Audio\HDA\Skytel.exe [2009-09-03 1833504] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-02-11 162328] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-02-11 386584] "Persistence"=C:\Windows\system32\igfxpers.exe [2011-02-11 417304] "MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 1436736] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"=C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2012-01-09 296056] "Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-01-03 37296] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712] "GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016] "SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe McAfee Security Scan Plus.lnk - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Users\Bill Halliday\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE TypeItIn.lnk - C:\Program Files (x86)\TypeItIn\TypeItIn.exe Windows Task Manager.lnk - C:\Windows\System32\taskmgr.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2011-02-11 272896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2011-06-30 249344] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "PromptOnSecureDesktop"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVYU"=msyuv.dll "VIDC.IYUV"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "VIDC.YVU9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv "MSVideo8"=VfWWDM32.dll "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "wave2"=wdmaud.drv "midi2"=wdmaud.drv "mixer2"=wdmaud.drv "wave3"=wdmaud.drv "midi3"=wdmaud.drv "mixer3"=wdmaud.drv "aux2"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 ======List of files/folders created in the last 1 month====== 2012-02-18 12:41:31 ----D---- C:\Program Files\trend micro 2012-02-18 12:41:30 ----D---- C:\rsit 2012-02-18 10:16:53 ----SHD---- C:\$RECYCLE.BIN 2012-02-18 09:45:30 ----D---- C:\32534dd79a0e108d442cfb 2012-02-18 09:34:27 ----A---- C:\Windows\SYSWOW64\mshtmled.dll 2012-02-18 09:34:27 ----A---- C:\Windows\system32\mshtmled.dll 2012-02-18 09:34:26 ----A---- C:\Windows\SYSWOW64\iertutil.dll 2012-02-18 09:34:26 ----A---- C:\Windows\system32\jscript9.dll 2012-02-18 09:34:26 ----A---- C:\Windows\system32\iertutil.dll 2012-02-18 09:34:25 ----A---- C:\Windows\SYSWOW64\url.dll 2012-02-18 09:34:25 ----A---- C:\Windows\SYSWOW64\jscript9.dll 2012-02-18 09:34:25 ----A---- C:\Windows\SYSWOW64\jscript.dll 2012-02-18 09:34:25 ----A---- C:\Windows\SYSWOW64\ieui.dll 2012-02-18 09:34:25 ----A---- C:\Windows\system32\url.dll 2012-02-18 09:34:25 ----A---- C:\Windows\system32\jscript.dll 2012-02-18 09:34:25 ----A---- C:\Windows\system32\ieui.dll 2012-02-18 09:34:24 ----A---- C:\Windows\SYSWOW64\wininet.dll 2012-02-18 09:34:24 ----A---- C:\Windows\SYSWOW64\urlmon.dll 2012-02-18 09:34:24 ----A---- C:\Windows\system32\urlmon.dll 2012-02-18 09:34:24 ----A---- C:\Windows\system32\jsproxy.dll 2012-02-18 09:34:23 ----A---- C:\Windows\SYSWOW64\jsproxy.dll 2012-02-18 09:34:23 ----A---- C:\Windows\system32\wininet.dll 2012-02-18 09:34:22 ----A---- C:\Windows\SYSWOW64\mshtml.dll 2012-02-18 09:34:20 ----A---- C:\Windows\system32\mshtml.dll 2012-02-18 09:34:19 ----A---- C:\Windows\SYSWOW64\ieframe.dll 2012-02-18 09:34:18 ----A---- C:\Windows\system32\ieframe.dll 2012-02-17 19:41:55 ----A---- C:\ComboFix.txt 2012-02-17 18:44:23 ----A---- C:\Windows\zip.exe 2012-02-17 18:44:23 ----A---- C:\Windows\SWSC.exe 2012-02-17 18:44:23 ----A---- C:\Windows\SWREG.exe 2012-02-17 18:44:23 ----A---- C:\Windows\sed.exe 2012-02-17 18:44:23 ----A---- C:\Windows\PEV.exe 2012-02-17 18:44:23 ----A---- C:\Windows\NIRCMD.exe 2012-02-17 18:44:23 ----A---- C:\Windows\MBR.exe 2012-02-17 18:44:23 ----A---- C:\Windows\grep.exe 2012-02-17 18:44:17 ----D---- C:\ComboFix 2012-02-15 17:22:00 ----D---- C:\Program Files (x86)\Microsoft Security Client 2012-02-15 17:21:53 ----D---- C:\Program Files\Microsoft Security Client 2012-02-15 12:37:54 ----A---- C:\Windows\system32\shell32.dll 2012-02-15 12:37:52 ----A---- C:\Windows\SYSWOW64\shell32.dll 2012-02-15 12:37:52 ----A---- C:\Windows\SYSWOW64\ntshrui.dll 2012-02-15 12:37:52 ----A---- C:\Windows\system32\ntshrui.dll 2012-02-15 12:37:51 ----A---- C:\Windows\system32\drivers\afd.sys 2012-02-15 12:37:49 ----A---- C:\Windows\system32\win32k.sys 2012-02-15 12:37:48 ----A---- C:\Windows\SYSWOW64\msvcrt.dll 2012-02-15 12:37:48 ----A---- C:\Windows\system32\msvcrt.dll 2012-02-13 11:51:48 ----A---- C:\Windows\stinger.sys 2012-02-13 11:49:12 ----D---- C:\Program Files (x86)\stinger 2012-02-12 12:08:01 ----D---- C:\Program Files (x86)\ESET 2012-02-12 11:44:25 ----D---- C:\_OTL 2012-02-09 18:50:11 ----D---- C:\ProgramData\McAfee Security Scan 2012-02-09 18:01:20 ----A---- C:\Windows\SYSWOW64\javaws.exe 2012-02-09 18:01:20 ----A---- C:\Windows\SYSWOW64\javaw.exe 2012-02-09 18:01:20 ----A---- C:\Windows\SYSWOW64\java.exe 2012-02-09 17:56:06 ----D---- C:\Config.Msi 2012-02-09 17:46:42 ----A---- C:\Windows\SYSWOW64\deployJava1.dll 2012-02-08 16:03:07 ----A---- C:\TDSSKiller.2.7.10.0_08.02.2012_16.03.07_log.txt 2012-02-08 15:32:36 ----A---- C:\Windows\system32\rkill.com 2012-02-08 12:20:20 ----D---- C:\Program Files (x86)\ERUNT 2012-02-07 12:55:44 ----RA---- C:\Windows\system32\dds.com 2012-02-06 19:47:43 ----D---- C:\Users\Bill Halliday\AppData\Roaming\OfficeSuiteX 2012-02-06 19:46:03 ----D---- C:\Program Files (x86)\Office Suite X 3 2012-02-06 18:49:59 ----D---- C:\Program Files (x86)\I Want This 2012-02-06 13:37:30 ----A---- C:\Windows\system32\MRT.exe 2012-02-04 15:56:50 ----D---- C:\ProgramData\UAB 2012-02-04 15:56:32 ----D---- C:\ProgramData\Driver Manager 2012-02-04 15:55:53 ----D---- C:\Program Files (x86)\Driver Manager 2012-01-31 13:00:03 ----A---- C:\Windows\SYSWOW64\webio.dll 2012-01-31 13:00:03 ----A---- C:\Windows\SYSWOW64\schannel.dll 2012-01-31 13:00:03 ----A---- C:\Windows\system32\webio.dll 2012-01-31 13:00:03 ----A---- C:\Windows\system32\sspicli.dll 2012-01-31 13:00:03 ----A---- C:\Windows\system32\schannel.dll 2012-01-31 13:00:03 ----A---- C:\Windows\system32\lsass.exe 2012-01-31 13:00:03 ----A---- C:\Windows\system32\lsasrv.dll 2012-01-31 13:00:03 ----A---- C:\Windows\system32\drivers\ksecpkg.sys 2012-01-31 13:00:03 ----A---- C:\Windows\system32\drivers\ksecdd.sys 2012-01-31 13:00:03 ----A---- C:\Windows\system32\drivers\cng.sys 2012-01-31 13:00:02 ----A---- C:\Windows\SYSWOW64\sspicli.dll 2012-01-31 13:00:02 ----A---- C:\Windows\SYSWOW64\secur32.dll 2012-01-31 13:00:02 ----A---- C:\Windows\system32\sspisrv.dll 2012-01-31 13:00:02 ----A---- C:\Windows\system32\secur32.dll 2012-01-21 13:26:16 ----D---- C:\ProgramData\Uniblue 2012-01-21 13:25:32 ----D---- C:\Program Files (x86)\Uniblue ======List of files/folders modified in the last 1 month====== 2012-02-18 12:41:31 ----RD---- C:\Program Files 2012-02-18 12:36:55 ----D---- C:\Windows\Temp 2012-02-18 12:29:06 ----D---- C:\Program Files (x86)\IObit 2012-02-18 12:22:27 ----D---- C:\Windows\Microsoft.NET 2012-02-18 10:21:57 ----D---- C:\Windows\Prefetch 2012-02-18 10:20:56 ----D---- C:\Windows\winsxs 2012-02-18 10:20:30 ----D---- C:\Windows\system32\config 2012-02-18 10:20:27 ----SHD---- C:\Windows\Installer 2012-02-18 10:20:07 ----SHD---- C:\System Volume Information 2012-02-18 10:16:19 ----RSD---- C:\Windows\assembly 2012-02-18 09:47:56 ----D---- C:\Windows\SYSWOW64\migration 2012-02-18 09:47:56 ----D---- C:\Windows\SysWOW64 2012-02-18 09:47:56 ----D---- C:\Windows\system32\migration 2012-02-18 09:47:56 ----D---- C:\Windows\system32\drivers 2012-02-18 09:47:56 ----D---- C:\Windows\System32 2012-02-18 09:47:56 ----D---- C:\Program Files\Internet Explorer 2012-02-18 09:47:56 ----D---- C:\Program Files (x86)\Internet Explorer 2012-02-18 09:47:54 ----D---- C:\ProgramData\Microsoft Help 2012-02-18 09:42:30 ----D---- C:\Windows\inf 2012-02-18 09:42:30 ----A---- C:\Windows\system32\PerfStringBackup.INI 2012-02-18 09:34:53 ----D---- C:\Windows\system32\catroot2 2012-02-18 09:34:53 ----D---- C:\Windows\system32\catroot 2012-02-17 19:42:08 ----D---- C:\Qoobox 2012-02-17 19:36:55 ----D---- C:\Windows\ERDNT 2012-02-17 19:28:25 ----D---- C:\Windows 2012-02-17 19:28:25 ----A---- C:\Windows\system.ini 2012-02-17 19:28:10 ----D---- C:\Windows\system32\drivers\etc 2012-02-17 18:55:22 ----RD---- C:\Program Files (x86) 2012-02-17 18:49:24 ----D---- C:\Windows\SYSWOW64\drivers 2012-02-17 18:49:24 ----D---- C:\Windows\AppPatch 2012-02-17 18:49:22 ----D---- C:\Program Files\Common Files 2012-02-17 18:49:22 ----D---- C:\Program Files (x86)\Common Files 2012-02-15 17:22:03 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI 2012-02-15 17:22:00 ----SD---- C:\ProgramData\Microsoft 2012-02-15 15:26:13 ----D---- C:\Users\Bill Halliday\AppData\Roaming\EditPlus 3 2012-02-13 11:25:05 ----D---- C:\ProgramData 2012-02-12 12:08:03 ----D---- C:\Windows\Downloaded Program Files 2012-02-11 13:20:53 ----D---- C:\Users\Bill Halliday\AppData\Roaming\Skype 2012-02-11 12:49:17 ----D---- C:\Program Files (x86)\McAfee Security Scan 2012-02-09 13:42:11 ----D---- C:\Windows\rescache 2012-02-09 11:50:44 ----D---- C:\Windows\pss 2012-02-08 15:20:00 ----D---- C:\Users\Bill Halliday\AppData\Roaming\IObit 2012-02-06 19:46:09 ----RSD---- C:\Windows\Fonts 2012-02-04 14:10:27 ----D---- C:\Windows\Tasks 2012-02-01 13:09:00 ----D---- C:\Program Files (x86)\Mozilla Firefox 2012-01-31 06:44:20 ----N---- C:\Windows\system32\MpSigStub.exe 2012-01-27 13:57:05 ----D---- C:\Program Files (x86)\Commission Streamer 2012-01-26 16:33:48 ----D---- C:\Users\Bill Halliday\AppData\Roaming\FileZilla 2012-01-25 17:30:42 ----D---- C:\Windows\system32\NDF 2012-01-21 13:41:27 ----D---- C:\Users\Bill Halliday\AppData\Roaming\Uniblue 2012-01-21 13:08:08 ----D---- C:\Windows\debug ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888] R0 SmartDefragDriver;SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 18232] R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552] R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560] R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2011-04-18 189440] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-13 59904] R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-13 41984] R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-13 118784] R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-27 80384] R3 btusbflt;Bluetooth USB Filter; C:\Windows\system32\drivers\btusbflt.sys [2010-04-14 54824] R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2009-09-01 98344] R3 btwavdt;Bluetooth AVDT; C:\Windows\system32\DRIVERS\btwavdt.sys [2009-09-01 132648] R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-09-01 35104] R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2009-09-01 21160] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-02-11 10628640] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-09-03 1822112] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960] R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-13 158720] R3 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimssn64.sys [2009-07-22 85504] R3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 109056] R3 SFEP;Sony Firmware Extension Parser; C:\Windows\system32\DRIVERS\SFEP.sys [2007-08-03 11392] R3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-13 17920] S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-13 95232] S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2011-04-27 552960] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368] S3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864] S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-13 12352] S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888] S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656] S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688] S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] S3 usbbus;LGE CDMA Composite USB Device; C:\Windows\system32\DRIVERS\lgx64bus.sys [2008-11-11 17920] S3 UsbDiag;LGE CDMA USB Serial Port; C:\Windows\system32\DRIVERS\lgx64diag.sys [2008-11-11 27136] S3 USBModem;LGE CDMA USB Modem; C:\Windows\system32\DRIVERS\lgx64modem.sys [2008-11-11 33792] S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-13 41984] S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-07-01 864032] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 lxdj_device;lxdj_device; C:\Windows\system32\lxdjcoms.exe [2007-06-11 567216] R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 12784] R2 MySQL55;MySQL55; C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld --defaults-file=C:\ProgramData\MySQL\MySQL Server 5.5\my.ini MySQL55 [] R2 RtkAudioService;Realtek Audio Service; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-09-03 189984] R2 SampleCollector;Intel® Sample Collector; C:\Program Files\Sony\VAIO Care\collsvc.exe [2009-09-16 167424] R2 TeamViewer6;TeamViewer 6; C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656] R2 VoicentGateway;Voicent Gateway; C:\Program Files (x86)\Voicent\Gateway\bin\vgate.exe [2011-09-05 1327168] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-01 136176] S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376] S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-01 136176] S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-12-03 182768] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824] S3 NisSrv;@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-13 27136] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-13 27136] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-03-11 1255736] S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-13 27136] S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-13 27136] S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-13 27136] -----------------EOF-----------------
  17. oneoleguy
    What was the purpose of putting the "-" in Combofix.exe? I ran it without doing so, sorry. Here are the results of ComboFix without the "-": ComboFix 12-02-17.02 - Bill Halliday 02/17/2012 18:46:44.1.2 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8031.5946 [GMT -6:00] Running from: c:\users\Bill Halliday\Desktop\Malware identify and fix\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\SelectRebates c:\program files (x86)\SelectRebates\FFToolbar\chrome.manifest c:\program files (x86)\SelectRebates\FFToolbar\chrome\sahtoolbar.jar c:\program files (x86)\SelectRebates\FFToolbar\defaults\preferences\sahtoolbar.js c:\program files (x86)\SelectRebates\FFToolbar\install.rdf c:\program files (x86)\SelectRebates\SahImages\alert.png c:\program files (x86)\SelectRebates\SahImages\check.png c:\program files (x86)\SelectRebates\SahImages\close.png c:\program files (x86)\SelectRebates\SelectAlerts.dat c:\program files (x86)\SelectRebates\SelectRebates.exe c:\program files (x86)\SelectRebates\SelectRebates.ini c:\program files (x86)\SelectRebates\SelectRebatesA.dat c:\program files (x86)\SelectRebates\SelectRebatesApi.exe c:\program files (x86)\SelectRebates\SelectRebatesB.dat c:\program files (x86)\SelectRebates\SelectRebatesBT.dat c:\program files (x86)\SelectRebates\SelectRebatesDownload.exe c:\program files (x86)\SelectRebates\SelectRebatesH.dat c:\program files (x86)\SelectRebates\SelectRebatesUninstall.exe c:\program files (x86)\SelectRebates\SRebates.dll c:\program files (x86)\SelectRebates\SRFF3.dll c:\program files (x86)\SelectRebates\Toolbar\AddtoList.bmp c:\program files (x86)\SelectRebates\Toolbar\basis.xml c:\program files (x86)\SelectRebates\Toolbar\Basis.xml.dym c:\program files (x86)\SelectRebates\Toolbar\Blank.bmp c:\program files (x86)\SelectRebates\Toolbar\CashBack.bmp c:\program files (x86)\SelectRebates\Toolbar\Coupons.bmp c:\program files (x86)\SelectRebates\Toolbar\GroceryCoupon.bmp c:\program files (x86)\SelectRebates\Toolbar\i_magnifying.bmp c:\program files (x86)\SelectRebates\Toolbar\icons.bmp c:\program files (x86)\SelectRebates\Toolbar\ImageCache\alert-red.bmp c:\program files (x86)\SelectRebates\Toolbar\logo.bmp c:\program files (x86)\SelectRebates\Toolbar\logo_24.bmp c:\program files (x86)\SelectRebates\Toolbar\logo_HotSpots.bmp c:\program files (x86)\SelectRebates\Toolbar\ReviewSite.bmp c:\program files (x86)\SelectRebates\Toolbar\RightControls.dym c:\program files (x86)\SelectRebates\Toolbar\sahtb-alert.bmp c:\program files (x86)\SelectRebates\Toolbar\sahtb-go.bmp c:\program files (x86)\SelectRebates\Toolbar\sahtb-grocerycoupons.bmp c:\program files (x86)\SelectRebates\Toolbar\sahtb-icons.bmp c:\program files (x86)\SelectRebates\Toolbar\sahtb-restaurant.bmp c:\program files (x86)\SelectRebates\Toolbar\sahtb-wishlist.bmp c:\program files (x86)\SelectRebates\Toolbar\Scissors.bmp c:\program files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\taskmgr.exe c:\users\Bill Halliday\AppData\Roaming\Mozilla\Firefox\Profiles\ynulddlp.default\searchplugins\bing-zugo.xml c:\users\Bill Halliday\g2mdlhlpx.exe c:\windows\assembly\tmp\U . . ((((((((((((((((((((((((( Files Created from 2012-01-18 to 2012-02-18 ))))))))))))))))))))))))))))))) . . 2012-02-18 00:58 . 2012-02-18 00:58 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-02-18 00:27 . 2012-01-06 03:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-02-18 00:27 . 2012-01-06 03:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{21EB5E2C-3426-490B-B878-928D92ABF7CC}\mpengine.dll 2012-02-15 23:24 . 2012-02-15 23:24 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F6059CBD-C2B8-4361-8985-E4A0459F49DD}\gapaengine.dll 2012-02-15 23:22 . 2012-02-15 23:22 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2012-02-15 23:21 . 2012-02-15 23:22 -------- d-----w- c:\program files\Microsoft Security Client 2012-02-13 17:51 . 2012-02-13 17:51 16200 ----a-w- c:\windows\stinger.sys 2012-02-13 17:49 . 2012-02-13 18:04 -------- d-----w- c:\program files (x86)\stinger 2012-02-12 18:08 . 2012-02-12 18:08 -------- d-----w- c:\program files (x86)\ESET 2012-02-12 17:44 . 2012-02-12 17:44 -------- d-----w- C:\_OTL 2012-02-10 00:50 . 2012-02-10 00:50 -------- d-----w- c:\programdata\McAfee Security Scan 2012-02-10 00:01 . 2012-02-10 00:01 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-02-09 23:46 . 2012-02-10 00:01 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll 2012-02-09 23:46 . 2012-02-10 00:01 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-02-08 21:32 . 2012-02-08 21:31 1008141 ----a-w- c:\windows\system32\rkill.com 2012-02-08 18:20 . 2012-02-08 18:20 -------- d-----w- c:\program files (x86)\ERUNT 2012-02-07 18:55 . 2012-02-07 02:04 607260 ----a-r- c:\windows\system32\dds.com 2012-02-07 01:47 . 2012-02-07 01:47 -------- d-----w- c:\users\Bill Halliday\AppData\Roaming\OfficeSuiteX 2012-02-07 01:46 . 2012-02-07 01:46 -------- d-----w- c:\program files (x86)\Office Suite X 3 2012-02-07 00:50 . 2012-02-07 00:50 -------- d-----w- c:\users\Bill Halliday\AppData\Local\I Want This 2012-02-07 00:49 . 2012-02-07 00:50 -------- d-----w- c:\program files (x86)\I Want This 2012-02-04 21:56 . 2012-02-04 21:56 -------- d-----w- c:\programdata\UAB 2012-02-04 21:56 . 2012-02-04 21:56 -------- d-----w- c:\users\Bill Halliday\AppData\Local\PC_Drivers_Headquarters 2012-02-04 21:56 . 2012-02-04 21:56 -------- d-----w- c:\programdata\Driver Manager 2012-02-04 21:55 . 2012-02-04 21:55 -------- d-----w- c:\program files (x86)\Driver Manager 2012-01-21 19:26 . 2012-01-21 19:26 -------- d-----w- c:\programdata\Uniblue 2012-01-21 19:25 . 2012-01-21 19:25 -------- d-----w- c:\program files (x86)\Uniblue . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-10 00:50 . 2011-07-10 16:18 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-01-31 12:44 . 2010-03-11 20:49 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-01-14 17:33 . 2010-03-11 20:50 54008112 ----a-w- c:\windows\system32\Omega.exe 2012-01-12 23:19 . 2012-01-12 23:20 5276432 ----a-w- c:\windows\uninst.exe 2012-01-09 15:07 . 2012-01-09 15:07 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll 2012-01-09 15:07 . 2012-01-09 15:07 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2011-11-24 04:52 . 2012-01-09 14:55 3145216 ----a-w- c:\windows\system32\win32k.sys 2011-11-21 11:40 . 2011-12-02 15:41 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7B14D3A5-2E40-4183-9B90-FC9E16F06664}\mpengine.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110011221158}] 2012-01-25 16:17 475480 ----a-w- c:\program files (x86)\I Want This\I Want This.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2011-01-17 21:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}] 2011-01-17 21:54 175912 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-01-20 15:34 1197448 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-01-20 1197448] "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-01-09 296056] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Advanced SystemCare 4"="c:\program files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-08-09 417112] . c:\users\Bill Halliday\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] TypeItIn.lnk - c:\program files (x86)\TypeItIn\TypeItIn.exe [2010-3-12 991744] Windows Task Manager.lnk - c:\windows\System32\taskmgr.exe [2011-3-10 257024] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584] McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-08-09 328536] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-01 136176] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-01 136176] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 MySQL55;MySQL55;c:\program files\MySQL\MySQL Server 5.5\bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.5\my.ini MySQL55 [x] S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-09-03 189984] S2 SampleCollector;Intel® Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe [2009-09-17 167424] S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656] S2 VoicentGateway;Voicent Gateway;c:\program files (x86)\Voicent\Gateway\bin\vgate.exe [2011-09-06 1327168] S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x] S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cce37848295051.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-01 18:30] . 2012-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3016247236-2053164898-2875212204-1001Core1cce37991f79d5.job - c:\users\Bill Halliday\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-12 21:33] . 2012-01-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3016247236-2053164898-2875212204-1001.job - c:\program files (x86)\Real\RealUpgrade\realupgrade.exe [2011-11-29 22:02] . 2011-08-02 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files (x86)\Ask.com\UpdateTask.exe [2010-01-20 15:34] . 2011-06-30 c:\windows\Tasks\User_Feed_Synchronization-{2F89628F-55E1-4645-B601-EB8FD64B2EC8}.job - c:\windows\system32\msfeedssync.exe [2011-06-30 18:15] . 2011-02-12 c:\windows\Tasks\{1A582068-DB11-4D49-8801-1D81FAB645CA}.job - c:\program files (x86)\Internet Explorer\iexplore.exe [2011-06-30 18:15] . 2012-01-10 c:\windows\Tasks\{5BB7C174-8A26-436F-98C5-BD72B39D7783}.job - c:\program files (x86)\Skype\Phone\Skype.exe [2011-10-13 15:27] . 2011-07-29 c:\windows\Tasks\{627B3416-F8F9-4CA0-8E2D-8C3065E79784}.job - c:\program files (x86)\Skype\Phone\Skype.exe [2011-10-13 15:27] . 2011-03-10 c:\windows\Tasks\{855A4FC4-43D0-4A2A-B869-B2C4968C65DA}.job - c:\program files (x86)\Skype\Phone\Skype.exe [2011-10-13 15:27] . 2011-06-12 c:\windows\Tasks\{9F928FF6-F7B3-4AE6-8C20-E7E1E649C7E9}.job - c:\program files (x86)\Internet Explorer\iexplore.exe [2011-06-30 18:15] . 2011-03-11 c:\windows\Tasks\{FC2498CB-9732-464B-9ABF-9D829D33D832}.job - c:\program files (x86)\Internet Explorer\iexplore.exe [2011-06-30 18:15] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-03 7938080] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-09-03 1833504] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uStart Page = hxxp://my.yahoo.com/ uLocal Page = c:\windows\system32\blank.htm uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &ieSpell Options - c:\program files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Check &Spelling - c:\program files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Lookup on Merriam Webster - file://c:\program files (x86)\ieSpell\Merriam Webster.HTM IE: Lookup on Wikipedia - file://c:\program files (x86)\ieSpell\wikipedia.HTM IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 10.0.0.1 DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll FF - ProfilePath - c:\users\Bill Halliday\AppData\Roaming\Mozilla\Firefox\Profiles\ynulddlp.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q= FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 53495 FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} FF - Ext: LibertyGuard: {9D7B21FA-0991-472C-8F8E-2CD6CC1CB7BC} - %profile%\extensions\{9D7B21FA-0991-472C-8F8E-2CD6CC1CB7BC} FF - Ext: Vuze Remote Community Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: I Want This: crossriderapp2258@crossrider.com - %profile%\extensions\crossriderapp2258@crossrider.com FF - Ext: ShopAtHome.com Intelligent Shopping Toolbar: toolbar@shopathome.com - %profile%\extensions\toolbar@shopathome.com FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-SelectRebates - c:\program files (x86)\SelectRebates\SelectRebates.exe Wow6432Node-HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\SysWow64\Macromed\Flash\FlashUtil10e.exe WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file) AddRemove-Belarc Advisor - c:\progra~2\Belarc\Advisor\Uninstall.exe AddRemove-FileZilla Client - c:\program files (x86)\FileZilla FTP Client\uninstall.exe AddRemove-Intel® Integrated Performance Primitives 1.1 - c:\windows\system32\UninstIPP.isu AddRemove-McAfee Security Scan - c:\program files (x86)\McAfee Security Scan\uninstall.exe AddRemove-RealPlayer 15.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe AddRemove-Adobe Acrobat Connect Add-in - c:\users\Bill Halliday\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin\connectaddin.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SampleCollector] "ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\"" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\MySQL55] "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.5\my.ini\" MySQL55" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cf,03,12,6e,41,c7,a3,4c,96,df,c6,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cf,03,12,6e,41,c7,a3,4c,96,df,c6,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11a_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11a_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*] "value"="?\0a\01\11\15;(?" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Voicent\Gateway\bin\spengine.exe c:\program files (x86)\Voicent\Gateway\bin\vxengine.exe c:\windows\SysWOW64\DllHost.exe c:\program files (x86)\Java\jre6\bin\javaw.exe c:\program files (x86)\Java\jre6\bin\javaw.exe c:\program files\Sony\VAIO Care\listener.exe c:\program files (x86)\TeamViewer\Version6\TeamViewer.exe . ************************************************************************** . Completion time: 2012-02-17 19:41:49 - machine was rebooted ComboFix-quarantined-files.txt 2012-02-18 01:41 . Pre-Run: 153,301,127,168 bytes free Post-Run: 153,412,329,472 bytes free . - - End Of File - - 13F8692A9DB47C435C267C7602A532BD
  18. oneoleguy
    The Firewall still doesn't turn on. The error d messages are attached: I turned off Security Essentials and have attached it's resulting screen print:
  19. oneoleguy
    I thought you'd be asking for this, so here it is:
  20. oneoleguy
    Maurice, I think I had PC Cleaner installed (it must have been the last one I tested because it is still showing in the Security Action Center), I had removed it from my system. I downloaded the MS Security Essentials. During setup, It told me that it couldn't start the Firewall and that I'd have to do it manually. I'll wait to see what you say to do. I ran a scan (I think the default was a Quick Scan). It didn't fine any infections (but so that is the only response I have gotten from all the programs I've tested). Here is a screen print: I've been forgetting to tell you that I tried to connect to this PC from the other one in Home Network. It had done so successfully until recently. It started asking for a password. My logon password didn't work. I couldn't access this PC from the other PC. Additionally the other PC just doesn't show up on the Network from this PC. What?
  21. oneoleguy
    This looks much better! What do I do next?
  22. oneoleguy
    OTL >=============================< All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\ not found. File 4965-11D4-9B18-009027A5CD4F} not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\ not found. File ABDE-46EB-B09E-D2AAB95CABE3} not found. ========== FILES ========== recycler not found in C:\ C:\Users\Bill Halliday\AppData\Local\8c86sn2o82c367 moved successfully. C:\ProgramData\8c86sn2o82c367 moved successfully. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HideSCAHealth not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13443de7-ec37-11df-a4f8-00214f566bea}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{13443de7-ec37-11df-a4f8-00214f566bea}\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: Bill Halliday ->Temp folder emptied: 271812418 bytes ->Temporary Internet Files folder emptied: 101601297 bytes ->Java cache emptied: 182135 bytes ->FireFox cache emptied: 99788799 bytes ->Google Chrome cache emptied: 125578982 bytes ->Flash cache emptied: 28589 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33488 bytes ->Flash cache emptied: 41620 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 95141089 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes RecycleBin emptied: 410167060 bytes Total Files Cleaned = 1,053.00 mb Restore point Set: OTL Restore Point [EMPTYFLASH] User: Administrator User: All Users User: Bill Halliday ->Flash cache emptied: 0 bytes User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.31.0 log created on 02132012_112504 Files\Folders moved on Reboot... C:\Users\Bill Halliday\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\Bill Halliday\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YS2B47ZZ\32[1].png moved successfully. C:\Users\Bill Halliday\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QZ0N8JD5\14[1].png moved successfully. C:\Users\Bill Halliday\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QZ0N8JD5\14[2].png moved successfully. File\Folder C:\Windows\temp\hsperfdata_OWNER-PC$\2784 not found! File\Folder C:\Windows\temp\hsperfdata_OWNER-PC$\2840 not found! Registry entries deleted on Reboot... Stinger >=============================< McAfee® Labs Stinger™ Version 10.2.0.507 built on Feb 13 2012 Copyright © 2011 McAfee, Inc. All Rights Reserved. Virus data file v1000.0000 created on Feb 13 2012. Ready to scan for 4050 viruses, trojans and variants. Scan initiated on Mon Feb 13 11:51:43 2012 Rootkit scan result : Not Scanned Master Boot Record(s):....1 Possibly Infected:.............0 Boot Sector(s):.................1 Possibly Infected: ............0 Number of clean files: 44911
  23. oneoleguy
    Here are the results of the OTL and ESET runs today. I don't know why the log file from OTL was so short, but here are the two logs: There were 18 infections found by ESET. All were deleted/quaranteed by ESET. OTL Log >==============================================< All processes killed ========== PROCESSES ========== No active process named :OTL was found! No active process named WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} was found! No active process named WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} was found! No active process named :files was found! No active process named recycler /alldrives was found! No active process named 8c86sn2o82c367 was found! No active process named 8c86sn2o82c367 was found! No active process named :reg was found! No active process named Explorer] was found! No active process named "HideSCAHealth"=- was found! No active process named "NoActiveDesktop"=- was found! No active process named {13443de7-ec37-11df-a4f8-00214f566bea}] was found! No active process named :Commands was found! No active process named [emptytemp] was found! No active process named [CREATERESTOREPOINT] was found! No active process named [EMPTYFLASH] was found! No active process named [Reboot] was found! OTL by OldTimer - Version 3.2.31.0 log created on 02122012_114425 Files\Folders moved on Reboot... Registry entries deleted on Reboot... ESET Online Scan Log >==============================================< ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=91f2ba9817af3144a3f873b3d78db48c # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-02-12 08:45:01 # local_time=2012-02-12 02:45:01 (-0600, Central Standard Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776574 66 94 2036116 80614684 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # compatibility_mode=9217 16777214 0 4 3789126 3789126 0 0 # scanned=209391 # found=18 # cleaned=18 # scan_time=8267 C:\Users\Bill Halliday\AppData\Local\Mozilla\Firefox\Profiles\ynulddlp.default\Cache\CFB24FA2d01 a variant of Win32/Adware.Topckit application (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Bill Halliday\AppData\Local\Temp\ICReinstall\cnet2_w32-462_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Bill Halliday\Downloads\DownloadManager_Setup.exe a variant of Win32/Adware.iBryte.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Bill Halliday\Downloads\Computer\Computer Maintenance\IOBit\imf-setup.exe a variant of Win32/Toolbar.Widgi application (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Bill Halliday\Downloads\Computer\Computer Maintenance\IOBit\is360setupv1.6.1.exe a variant of Win32/Toolbar.Widgi application (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Bill Halliday\Downloads\Computer\Computer Maintenance\IOBit\Malware Fighter setupv1.1.1.2.exe a variant of Win32/Toolbar.Widgi application (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Bill Halliday\Downloads\Computer\Computer Maintenance\IOBit\Advanced System Care\asc-setup-v4.1 Free.exe a variant of Win32/Toolbar.Widgi application (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Bill Halliday\Downloads\Computer\email clients\Pegasus\cnet2_w32-462_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Bill Halliday\Downloads\Computer\File Utilities\Defrag\defragsetupv2.0.1.exe a variant of Win32/Toolbar.Widgi application (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Bill Halliday\Downloads\Computer\Graphics\GIMP\gimp-setup_us.exe Win32/Toolbar.Zugo application (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Bill Halliday\Downloads\Computer\Test My Hardware\test my hardware repair.exe Win32/Adware.ErrorRepairPro application (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Bill Halliday\Downloads\Computer\Test My Hardware\Test My Hardware.exe Win32/Adware.ErrorRepairPro application (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Bill Halliday\Downloads\Computer\Video\installer-for-quicktime.exe probably a variant of MSIL/Agent.NGQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Bill Halliday\Downloads\Computer\Video\vdownloader_setup.exe a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Bill Halliday\Downloads\Computer\Video\YouTube FastDownloader setup.exe Win32/Adware.Bundlore application (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Bill Halliday\Downloads\Entertainment\Kazulah Horoscope.exe a variant of Win32/AdInstaller application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Bill Halliday\Downloads\Internet and Other Programs\Premium TV\PremiumSoftwarePackage\setup_PremiumDownloadsForPC.msi Win32/Tool.EvID4226 application (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Bill Halliday\Downloads\Television\Premium TV\PremiumSoftwarePackage\setup_PremiumDownloadsForPC.msi Win32/Tool.EvID4226 application (deleted - quarantined) 00000000000000000000000000000000 C
  24. oneoleguy
    Maurice, I encountered an Antivirus Software Detected message when trying to start EST: Windows Defender. I checked on Windows Defender and got these messages: Should I ignore the message and continue on or should I try doing something about the hung up Windows Defender?
  25. oneoleguy
    That copy is the one I just downloaded!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.