Jump to content

olsoncol

Members
  • Posts

    14
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Everything has worked so far. Thank you so much for the help. Huge stress relief has been lifted.
  2. Uninstalled, re-installed. Currently does not show up in Chrome browser. This is the second time doing this. The first time, after re-installing, I logged into chrome with my gmail account that was originally linked to my chrome browser and it popped back up with the tab. I feel it might be infected in my email username and password. Any ideas? . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 Run by Collin at 18:12:10 on 2012-10-13 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3006.1673 [GMT -7:00] . AV: Norton Business Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Business Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Business Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\rundll32.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskeng.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Windows\System32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\dlbccoms.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Norton Business Suite\Engine\5.2.2.3\ccSvcHst.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe C:\Program Files\Norton Business Suite\Engine\5.2.2.3\ccSvcHst.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\System32\alg.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Synaptics\SynTP\SynTPHelper.exe c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Windows\system32\svchost.exe -k WindowsMobile C:\Windows\system32\DllHost.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe . ============== Pseudo HJT Report =============== . uSearch Bar = Preserve uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop uInternet Settings,ProxyOverride = <local>;192.168.*.*;*.local uInternet Settings,ProxyServer = http=127.0.0.1:51210 BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton business suite\engine\5.2.2.3\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton business suite\engine\5.2.2.3\ips\IPSBHO.DLL TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton business suite\engine\5.2.2.3\coIEPlg.dll uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} - hxxp://zone.msn.com/bingame/zpagames/zpa_dmno.cab55579.cab DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxp://lazboy3d.icovia.com/PLANNER/Core/Player/2020PlayerAX_WEB_Win32.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36 TCP: Interfaces\{8135E2CF-7040-4017-A442-4F0357762DA7} : DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36 mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502020.003\symds.sys [2012-7-16 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502020.003\symefa.sys [2012-7-16 744568] R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20120928.001\BHDrvx86.sys [2012-10-1 995488] R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20121009.001\IDSvix86.sys [2012-10-10 386720] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502020.003\ironx86.sys [2012-7-16 136312] R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0502020.003\symtdiv.sys [2012-7-16 331384] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960] R2 dlbc_device;dlbc_device;c:\windows\system32\dlbccoms.exe -service --> c:\windows\system32\dlbccoms.exe -service [?] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504] R2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-3 135664] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-4 399432] R2 N360;Norton Business Suite;c:\program files\norton business suite\engine\5.2.2.3\ccsvchst.exe [2012-7-16 130008] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-10 106656] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-11-3 22856] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-11-3 676936] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-10-5 250808] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-3 135664] S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2009-7-10 25856] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2011-4-4 20480] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-1-29 8320] S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2009-5-8 42752] S3 MusCAudio;MusCAudio;c:\windows\system32\drivers\MusCAudio.sys [2010-11-3 23608] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-10-09 19:28:42 6980552 ------w- c:\programdata\microsoft\windows defender\definition updates\{d268d7e3-1434-4ffa-9504-3432c98c24a9}\mpengine.dll 2012-10-09 19:22:56 985088 ----a-w- c:\windows\system32\crypt32.dll 2012-10-09 19:22:56 98304 ----a-w- c:\windows\system32\cryptnet.dll 2012-10-09 19:22:56 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2012-10-09 19:22:41 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-10-09 19:22:34 2048 ----a-w- c:\windows\system32\tzres.dll 2012-10-09 19:22:13 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-10-09 19:22:13 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-10-09 00:28:21 9575864 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2012-10-08 16:40:02 -------- d-----w- c:\program files\ESET 2012-10-05 16:15:47 -------- d-----w- C:\3656c5c6c724db7808abe7a117434b 2012-10-05 15:41:37 -------- d-----w- C:\_OTL 2012-10-05 14:56:28 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-05 14:56:28 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-04 14:23:50 -------- d-----w- c:\program files\trend micro 2012-10-03 00:02:30 6980552 ------w- c:\programdata\microsoft\windows defender\definition updates\updates\mpengine.dll 2012-10-02 02:34:47 -------- d-----w- C:\N360_BACKUP 2012-10-02 01:39:52 -------- d-----w- C:\$RECYCLE.BIN 2012-10-02 01:35:53 -------- d-----w- c:\users\collin\appdata\local\temp 2012-10-02 01:10:57 98816 ----a-w- c:\windows\sed.exe 2012-10-02 01:10:57 518144 ----a-w- c:\windows\SWREG.exe 2012-10-02 01:10:57 256000 ----a-w- c:\windows\PEV.exe 2012-10-02 01:10:57 208896 ----a-w- c:\windows\MBR.exe 2012-10-02 00:51:30 -------- d-----w- c:\users\collin\appdata\local\Avg2013 2012-09-27 19:57:48 -------- d-----w- c:\program files\common files\Bitdefender 2012-09-27 15:14:45 -------- d-----w- c:\users\collin\appdata\roaming\TuneUp Software 2012-09-27 15:01:35 -------- d--h--w- c:\programdata\Common Files 2012-09-27 15:01:35 -------- d-----w- c:\users\collin\appdata\local\MFAData 2012-09-27 15:01:35 -------- d-----w- c:\programdata\MFAData 2012-09-27 03:23:15 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-09-27 03:17:13 -------- d-----w- c:\program files\iPod 2012-09-27 03:16:58 -------- d-----w- c:\program files\iTunes 2012-09-26 16:30:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware(362) 2012-09-25 17:31:45 -------- d-----w- c:\program files\doubleTwist 2.0 2012-09-25 17:04:08 -------- d-----w- c:\users\collin\appdata\local\AirParrot 2012-09-23 00:38:25 -------- d-----w- c:\program files\MediaMall 2012-09-23 00:36:20 -------- d-----w- c:\programdata\MediaMall 2012-09-19 20:45:20 -------- d-----w- c:\program files\iPod(360) 2012-09-19 20:45:13 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1 2012-09-19 20:45:13 -------- d-----w- c:\program files\iTunes(361) . ==================== Find3M ==================== . 2012-09-08 00:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-21 20:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll . ============= FINISH: 18:13:13.57 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 3/19/2008 9:28:30 AM System Uptime: 10/13/2012 5:58:01 PM (1 hours ago) . Motherboard: Quanta | | 30CF Processor: AMD Turion 64 X2 Mobile Technology TL-60 | Socket S1 | 800/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 137 GiB total, 18.609 GiB free. D: is FIXED (NTFS) - 12 GiB total, 1.992 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: Description: Bluetooth Peripheral Device Device ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_VID&00010008_PID&B008\7&A6BEB30&0&40FC8929F9EC_C00000001 Manufacturer: Name: Bluetooth Peripheral Device PNP Device ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_VID&00010008_PID&B008\7&A6BEB30&0&40FC8929F9EC_C00000001 Service: . Class GUID: Description: Bluetooth Peripheral Device Device ID: BTHENUM\{453994D5-D58B-96F9-6616-B37F586BA2EC}_VID&00010008_PID&B008\7&A6BEB30&0&40FC8929F9EC_C00000000 Manufacturer: Name: Bluetooth Peripheral Device PNP Device ID: BTHENUM\{453994D5-D58B-96F9-6616-B37F586BA2EC}_VID&00010008_PID&B008\7&A6BEB30&0&40FC8929F9EC_C00000000 Service: . Class GUID: Description: Bluetooth Peripheral Device Device ID: BTHENUM\{936DA01F-9ABD-4D9D-80C7-02AF85C822A8}_VID&00010008_PID&B008\7&A6BEB30&0&40FC8929F9EC_C00000000 Manufacturer: Name: Bluetooth Peripheral Device PNP Device ID: BTHENUM\{936DA01F-9ABD-4D9D-80C7-02AF85C822A8}_VID&00010008_PID&B008\7&A6BEB30&0&40FC8929F9EC_C00000000 Service: . ==== System Restore Points =================== . . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 7-Zip 9.20 Activation Assistant for the 2007 Microsoft Office suites Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.4) Adobe Shockwave Player Adobe Shockwave Player 11.6 Amazon MP3 Downloader 1.0.17 AppInventor Setup Apple Application Support Apple Mobile Device Support Apple Software Update ArcSoft MediaConverter 2 Atheros Driver Installation Program Bonjour Canon MP Navigator EX 2.0 Canon MP240 series MP Drivers Canon MP240 series User Registration Canon Utilities Easy-PhotoPrint EX Canon Utilities My Printer Canon Utilities Solution Menu Cards_Calendar_OrderGift_DoMorePlugout CCleaner Cisco Connect Citrix Presentation Server Client Compatibility Pack for the 2007 Office system Conexant HD Audio CPC Lite Plugin DVD Suite ERUNT 1.1j ESET Online Scanner v3 Google Chrome Google Drive Google Update Helper Hauppauge MCE XP/Vista Software Encoder (2.0.25149) HDAUDIO Soft Data Fax Modem with SmartCP Hewlett-Packard Active Check Hewlett-Packard Asset Agent for Health Check Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678) HP Active Support Library HP Customer Experience Enhancements HP Doc Viewer HP Easy Setup - Frontend HP Games HP Help and Support HP Integrated Module with Bluetooth wireless technology 6.0.1.5500 HP Photosmart Essential 2.5 HP Quick Launch Buttons 6.30 E1 HP QuickPlay 3.6 HP QuickTouch 1.00 C4 HP Smart Web Printing HP Total Care Advisor HP Update HP User Guides 0087 HP Wireless Assistant HPNetworkAssistant HPPhotoSmartDiscLabel_PaperLabel HPPhotoSmartDiscLabel_PrintOnDisc HPPhotoSmartDiscLabel_Tattoo HPPhotoSmartDiscLabelContent1 hpphotosmartdisclabelplugin HPPhotoSmartPhotobookHolidayPack1 HPPhotoSmartPhotobookModernPack1 HPPhotoSmartPhotobookPlayfulPack1 HPPhotoSmartPhotobookScrapbookPack1 HPPhotoSmartPhotobookWebPack1 Inkjet Printer/Scanner Extended Survey Program iTunes K-Lite Codec Pack 8.4.0 (Basic) LabelPrint LightScribe System Software 1.10.13.1 LiveUpdate (Symantec Corporation) Malwarebytes Anti-Malware version 1.65.0.1400 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Professional 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Works MotoHelper 2.0.40 Driver 4.8.0 MotoHelper MergeModules Motorola Mobile Drivers Installation 5.4.0 MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Music Manager muvee autoProducer 6.1 Netflix Movie Viewer NetWaiting Norton Business Suite NVIDIA Drivers NVIDIA PhysX v8.10.29 OGA Notifier 2.0.0048.0 Power2Go PowerDirector PSSWCORE RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 RSDLite Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition Skifta swMSM Synaptics Pointing Device Driver Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2007 Help for Common Features (KB957244) Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB957246) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition Update for Microsoft Office Publisher 2007 Help (KB957249) VC80CRTRedist - 8.0.50727.6195 VideoToolkit01 WeatherBug Gadget Windows Media Player Firefox Plugin . ==== Event Viewer Messages From Past Week ======== . 10/8/2012 9:30:42 AM, Error: EventLog [6008] - The previous system shutdown at 9:29:01 AM on 10/8/2012 was unexpected. 10/8/2012 9:28:31 AM, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s). 10/8/2012 9:28:31 AM, Error: Service Control Manager [7031] - The Norton Business Suite service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 10/8/2012 8:56:42 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {73C9DFA0-750D-11E1-B0C4-0800200C9A66}. The error: "2" Happened while starting this command: C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_278_ActiveX.exe -Embedding 10/8/2012 5:23:33 PM, Error: EventLog [6008] - The previous system shutdown at 5:06:17 PM on 10/8/2012 was unexpected. 10/8/2012 3:01:03 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 10/8/2012 3:00:05 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 eeCtrl IDSVix86 spldr SRTSPX SymIRON SYMTDIv Wanarpv6 10/8/2012 3:00:05 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 10/8/2012 2:59:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 10/8/2012 2:59:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 10/8/2012 2:59:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 10/8/2012 2:59:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 10/7/2012 8:40:24 AM, Error: Microsoft-Windows-PrintSpooler [6161] - The document 1299.pdf, owned by Collin, failed to print on printer Canon MP240 series Printer. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 327680. Number of bytes printed: 146260. Total number of pages in the document: 2. Number of pages printed: 0. Client computer: \\COLIN. Win32 error code returned by the print processor: 1. Incorrect function. 10/7/2012 8:37:56 AM, Error: Microsoft-Windows-PrintSpooler [6161] - The document Microsoft Word - Olson Confirmation _1_.doc, owned by Collin, failed to print on printer Canon MP240 series Printer. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 66104. Number of bytes printed: 26152. Total number of pages in the document: 2. Number of pages printed: 0. Client computer: \\COLIN. Win32 error code returned by the print processor: 1. Incorrect function. 10/7/2012 7:32:09 AM, Error: EventLog [6008] - The previous system shutdown at 3:42:27 PM on 10/6/2012 was unexpected. 10/7/2012 6:01:50 PM, Error: EventLog [6008] - The previous system shutdown at 5:59:33 PM on 10/7/2012 was unexpected. 10/6/2012 1:07:23 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.137.1152.0). 10/13/2012 5:59:41 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 10/13/2012 5:57:04 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.137.1642.0). 10/10/2012 3:10:22 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. 10/10/2012 3:10:22 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 10/10/2012 3:03:40 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} . ==== End Of File ===========================
  3. OTL has locked up on me 5 times now. It says it is not responding. So I continued onto the next step and did the scan through IE. After its completion, Chrome still has the Snap.do search tab opened up. Here is the log.txt ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=ebf9de406708464c82d84476530e155b # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-10-08 09:12:58 # local_time=2012-10-08 02:12:58 (-0800, Pacific Daylight Time) # country="United States" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=3584 16777215 100 0 0 0 0 0 # compatibility_mode=5892 16776574 100 100 68266 186322340 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=230555 # found=2 # cleaned=2 # scan_time=15965 C:\Users\Collin\Downloads\cnet2_Setup_Dolphin3D_v1_52_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Collin\Downloads\ilividsetupv1.exe Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  4. The OTL program keeps not responding after initiating running the scan
  5. OTL logfile created on: 10/4/2012 12:53:29 PM - Run 1 OTL by OldTimer - Version 3.2.70.2 Folder = C:\Users\Collin\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.94 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 54.32% Memory free 6.08 Gb Paging File | 5.04 Gb Available in Paging File | 82.85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 137.28 Gb Total Space | 17.93 Gb Free Space | 13.06% Space Free | Partition Type: NTFS Drive D: | 11.77 Gb Total Space | 1.99 Gb Free Space | 16.93% Space Free | Partition Type: NTFS Computer Name: COLIN | User Name: Collin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/10/04 12:51:03 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Collin\Downloads\OTL.exe PRC - [2012/09/16 14:46:15 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Business Suite\Engine\5.2.2.3\ccsvchst.exe PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe PRC - [2008/01/22 10:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe PRC - [2007/03/01 16:52:04 | 000,538,096 | ---- | M] ( ) -- C:\Windows\System32\dlbccoms.exe ========== Modules (No Company Name) ========== MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2007/12/19 19:27:04 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll ========== Services (SafeList) ========== SRV - [2012/09/26 19:37:30 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Business Suite\Engine\5.2.2.3\ccSvcHst.exe -- (N360) SRV - [2009/02/19 13:10:54 | 000,238,968 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler) SRV - [2009/02/19 13:09:53 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate) SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SRV - [2008/01/22 10:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007/03/05 10:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb) SRV - [2007/03/01 16:52:04 | 000,538,096 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlbccoms.exe -- (dlbc_device) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme) DRV - [2012/09/26 16:24:50 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121004.002\NAVEX15.SYS -- (NAVEX15) DRV - [2012/09/26 16:24:49 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121004.002\NAVENG.SYS -- (NAVENG) DRV - [2012/09/25 15:37:04 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121003.001\IDSvix86.sys -- (IDSVix86) DRV - [2012/09/19 22:28:58 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120928.001\BHDrvx86.sys -- (BHDrvx86) DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012/08/09 07:12:16 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2012/08/09 07:12:16 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2011/10/19 10:49:15 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2011/04/20 18:37:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502020.003\symtdiv.sys -- (SYMTDIv) DRV - [2011/04/04 15:55:38 | 000,020,480 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp) DRV - [2011/03/30 20:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\N360\0502020.003\srtsp.sys -- (SRTSP) DRV - [2011/03/30 20:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502020.003\srtspx.sys -- (SRTSPX) DRV - [2011/03/14 19:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0502020.003\symefa.sys -- (SymEFA) DRV - [2011/01/26 23:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0502020.003\symds.sys -- (SymDS) DRV - [2010/11/15 18:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502020.003\ironx86.sys -- (SymIRON) DRV - [2010/09/11 08:04:34 | 000,023,608 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MusCAudio.sys -- (MusCAudio) DRV - [2009/07/10 14:01:06 | 000,025,856 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motoandroid.sys -- (motandroidusb) DRV - [2009/05/08 12:56:12 | 000,042,752 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motodrv.sys -- (MotDev) DRV - [2009/01/29 18:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl) DRV - [2008/12/04 03:42:00 | 007,606,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008/03/04 02:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2007/12/06 13:40:14 | 000,761,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2007/11/02 16:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService) DRV - [2007/10/18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007/09/09 15:12:28 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService) DRV - [2007/07/11 10:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid) DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2007/03/21 22:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007/03/06 19:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2007/02/24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007/02/16 14:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2007/01/23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {BE28C22E-F666-424d-B5FD-125C4AFEE34E} IE - HKLM\..\SearchScopes\{3925FC94-8FDF-4529-82E1-B1E9CBBB30D1}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392 IE - HKLM\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheritage.com?orig=ds&q={searchTerms} IE - HKLM\..\SearchScopes\{C36CE9A6-1529-404B-B2A2-1F95AEF0F71F}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;192.168.*.*;*.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:51210 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10516.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files\Common Files\doubleTwist\NPPodcast.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Collin\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Collin\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/10/01 07:55:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/09/26 17:09:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_12_1 [2012/10/04 12:30:33 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/10/01 07:55:52 | 000,000,000 | ---D | M] [2011/12/20 10:52:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010/02/08 10:49:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} [2007/08/24 19:52:00 | 000,300,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll [2007/11/09 16:10:22 | 000,079,440 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll [2007/11/09 16:10:24 | 000,075,344 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\confmgr.dll [2007/11/09 16:10:50 | 000,034,384 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\logging.dll [2008/01/07 17:45:16 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll [2011/01/18 18:23:39 | 001,286,144 | ---- | M] (Cartesian Products, Inc. For more information, visit http://www.cartesianinc.com) -- C:\Program Files\mozilla firefox\plugins\NPCPC32.dll [2007/11/09 16:11:08 | 000,333,392 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll [2007/11/09 16:11:38 | 000,030,288 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll [2011/09/29 16:58:28 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old ========== Chrome ========== CHR - homepage: http://www.yahoo.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}, CHR - homepage: http://www.yahoo.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Collin\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Collin\AppData\Local\Google\Chrome\Application\22.0.1229.79\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Collin\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Collin\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmnjbmphbleidpnikdjpjgpcfbabcndn\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Java Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Adblock Plus (Beta) = C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\ CHR - Extension: Google Search = C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Calendar = C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\ CHR - Extension: Isoball 3 = C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\iajlkcpgcnbhfhpdeooockfaincfkjjj\1.2.1_0\ CHR - Extension: Google Play Music = C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg\4.0_0\ CHR - Extension: Autodesk Homestyler = C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb\2.2_0\ CHR - Extension: Google Maps = C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\ CHR - Extension: Gmail = C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/10/01 18:39:13 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Business Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Business Suite\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Business Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - Reg Error: Value error. File not found O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll (CSEQueryObject Object) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Unable to open value key) O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} http://zone.msn.com/bingame/zpagames/zpa_dmno.cab55579.cab (ZPA_DMNO Object) O16 - DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} http://lazboy3d.icovia.com/PLANNER/Core/Player/2020PlayerAX_WEB_Win32.cab (20-20 3D Viewer for WEB) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Unable to open value key) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Unable to open value key) O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games - Installer) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Unable to open value key) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Unable to open value key) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Unable to open value key) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8135E2CF-7040-4017-A442-4F0357762DA7}: DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Collin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Collin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/03/10 11:27:08 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005/09/11 08:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/10/04 07:23:50 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2012/10/04 07:23:48 | 000,000,000 | ---D | C] -- C:\rsit [2012/10/01 19:34:47 | 000,000,000 | ---D | C] -- C:\N360_BACKUP [2012/10/01 18:50:57 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/10/01 18:39:52 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012/10/01 18:35:53 | 000,000,000 | ---D | C] -- C:\Users\Collin\AppData\Local\temp [2012/10/01 18:10:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/10/01 18:10:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/10/01 18:10:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/10/01 17:57:58 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/10/01 17:51:30 | 000,000,000 | ---D | C] -- C:\Users\Collin\AppData\Local\Avg2013 [2012/10/01 17:38:45 | 004,759,381 | R--- | C] (Swearware) -- C:\Users\Collin\Desktop\ComboFix.exe [2012/10/01 09:17:48 | 000,000,000 | ---D | C] -- C:\Users\Collin\Desktop\RK_Quarantine [2012/10/01 09:13:16 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012/10/01 09:12:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2012/10/01 09:12:20 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2012/09/27 12:57:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender [2012/09/27 08:14:45 | 000,000,000 | ---D | C] -- C:\Users\Collin\AppData\Roaming\TuneUp Software [2012/09/27 08:01:35 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012/09/27 08:01:35 | 000,000,000 | ---D | C] -- C:\Users\Collin\AppData\Local\MFAData [2012/09/27 08:01:35 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2012/09/27 07:55:22 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2012/09/27 03:02:34 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012/09/27 03:02:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012/09/27 03:02:30 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012/09/27 03:02:30 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012/09/27 03:02:29 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012/09/27 03:02:26 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012/09/27 03:02:26 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012/09/27 03:02:21 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012/09/26 20:23:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012/09/26 20:17:13 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012/09/26 20:16:58 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012/09/26 20:12:49 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2012/09/26 09:30:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware(362) [2012/09/25 10:31:45 | 000,000,000 | ---D | C] -- C:\Program Files\doubleTwist 2.0 [2012/09/25 10:04:08 | 000,000,000 | ---D | C] -- C:\Users\Collin\AppData\Local\AirParrot [2012/09/25 09:56:54 | 000,000,000 | ---D | C] -- C:\Users\Collin\AppData\Roaming\BitTorrent [2012/09/22 17:38:25 | 000,000,000 | ---D | C] -- C:\Program Files\MediaMall [2012/09/22 17:36:20 | 000,000,000 | ---D | C] -- C:\ProgramData\MediaMall [2012/09/19 13:45:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(360) [2012/09/19 13:45:13 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes(361) [2012/09/19 13:45:13 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012/09/05 09:48:04 | 000,000,000 | --SD | C] -- C:\Users\Collin\Google Drive [2012/09/05 09:47:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive [2012/09/04 16:02:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack [2012/09/04 16:02:38 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack [2012/09/04 15:58:12 | 000,000,000 | ---D | C] -- C:\Upload [2012/09/04 15:53:21 | 000,000,000 | ---D | C] -- C:\AllShare Play ========== Files - Modified Within 30 Days ========== [2012/10/04 12:52:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/10/04 12:36:19 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/10/04 12:31:56 | 000,103,550 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012/10/04 12:30:26 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/10/04 12:30:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/10/04 12:30:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/10/04 12:29:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/10/04 12:28:40 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012/10/04 12:05:04 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3750453361-2573893903-1094557867-1000UA.job [2012/10/04 11:37:09 | 000,103,550 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012/10/04 11:15:09 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012/10/03 20:23:37 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3750453361-2573893903-1094557867-1000Core.job [2012/10/01 20:00:00 | 000,000,520 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Collin.job [2012/10/01 18:39:13 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012/10/01 17:39:01 | 004,759,381 | R--- | M] (Swearware) -- C:\Users\Collin\Desktop\ComboFix.exe [2012/09/27 08:21:21 | 000,002,009 | ---- | M] () -- C:\Users\Collin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2012/09/26 20:23:25 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/09/26 19:37:27 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012/09/26 19:37:26 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012/09/26 16:39:58 | 000,607,406 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/09/26 16:39:58 | 000,105,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/09/18 09:53:12 | 000,002,627 | ---- | M] () -- C:\Users\Collin\Desktop\Microsoft Office Word 2007.lnk [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/09/05 21:42:30 | 002,709,771 | ---- | M] () -- C:\Users\Collin\Desktop\ash canon 2012 part 2 163 (2).jpg [2012/09/04 13:18:17 | 000,107,520 | ---- | M] () -- C:\Users\Collin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== Files Created - No Company Name ========== [2049/12/31 16:00:00 | 000,064,385 | ---- | C] () -- C:\Users\Collin\Documents\image014.jpg [2012/10/01 18:10:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/10/01 18:10:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/10/01 18:10:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/10/01 18:10:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/10/01 18:10:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/09/26 20:23:24 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/09/26 20:12:51 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012/09/05 21:42:36 | 002,709,771 | ---- | C] () -- C:\Users\Collin\Desktop\ash canon 2012 part 2 163 (2).jpg [2012/09/04 16:02:44 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll [2012/06/26 16:02:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2012/06/26 16:02:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2012/06/26 16:02:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2012/06/26 16:02:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2012/03/23 17:56:17 | 000,000,011 | ---- | C] () -- C:\ProgramData\.tv7 [2011/12/01 10:49:29 | 000,000,000 | ---- | C] () -- C:\Users\Collin\AppData\Local\{3CD2CB79-F946-46D8-802D-750142418466} [2011/08/21 07:28:18 | 000,000,772 | ---- | C] () -- C:\Users\Collin\BitTorrent.lnk [2011/08/16 19:09:28 | 000,001,928 | ---- | C] () -- C:\Users\Collin\Launch iRemote.exe.lnk [2011/08/16 18:42:22 | 000,000,840 | ---- | C] () -- C:\Users\Collin\GmoteServer.lnk [2011/05/26 20:09:19 | 000,000,000 | ---- | C] () -- C:\Users\Collin\AppData\Local\{E4385BC2-843A-43B3-A587-D1234CCD2EC7} [2011/05/19 20:15:10 | 000,001,940 | ---- | C] () -- C:\Users\Collin\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2010/12/28 11:46:15 | 000,001,600 | ---- | C] () -- C:\Users\Collin\Tunatic.lnk [2010/04/02 09:44:50 | 000,024,206 | ---- | C] () -- C:\Users\Collin\AppData\Roaming\UserTile.png [2010/04/02 09:27:22 | 000,002,270 | ---- | C] () -- C:\Users\Collin\Norton Business Suite.lnk [2010/04/02 09:24:45 | 000,000,940 | ---- | C] () -- C:\Users\Collin\Norton Installation Files.lnk [2009/07/22 15:55:16 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat [2009/06/05 01:02:47 | 000,000,680 | ---- | C] () -- C:\Users\Collin\AppData\Local\d3d9caps.dat [2009/02/22 04:03:12 | 000,103,550 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009/02/22 04:03:12 | 000,103,550 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008/08/27 11:17:08 | 000,001,402 | ---- | C] () -- C:\Users\Collin\AppData\Roaming\wklnhst.dat [2008/06/07 14:51:50 | 000,000,935 | ---- | C] () -- C:\Users\Collin\DivX Player.lnk [2008/06/07 14:51:36 | 000,000,946 | ---- | C] () -- C:\Users\Collin\DivX Converter.lnk [2008/04/25 15:00:38 | 000,000,751 | ---- | C] () -- C:\Users\Collin\Windows Mobile Device Center.lnk [2008/04/25 14:36:58 | 000,002,335 | ---- | C] () -- C:\Users\Collin\Windows Mobile® Device Handbook.lnk [2008/04/18 13:04:34 | 000,027,430 | ---- | C] () -- C:\Users\Collin\AppData\Roaming\nvModes.001 [2008/04/17 22:02:09 | 000,107,520 | ---- | C] () -- C:\Users\Collin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/04/17 21:29:06 | 000,027,430 | ---- | C] () -- C:\Users\Collin\AppData\Roaming\nvModes.dat ========== ZeroAccess Check ========== [2006/11/02 05:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012/08/14 18:36:43 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\Amazon [2012/10/01 09:05:57 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\BitTorrent [2010/04/11 22:15:46 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\Canon [2011/06/02 19:31:01 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\com.amazon.music.uploader [2011/12/20 12:27:46 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\Dolphin3D Web Browser [2010/08/04 20:46:19 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\DriverCure [2011/12/14 12:51:25 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\Dropbox [2010/11/03 13:41:14 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\DVDVideoSoftIEHelpers [2011/12/26 10:50:15 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\Fiabee [2010/03/24 16:30:50 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\GARMIN [2012/06/01 07:55:38 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\Gmote [2011/01/18 18:24:37 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\ICAClient [2011/08/16 19:17:40 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\iRemote for iTunes [2010/03/28 15:27:35 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\MyPublisher [2012/09/25 10:31:32 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\OpenCandy [2011/12/20 10:38:33 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\Opera [2010/04/02 09:44:50 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\PeerNetworking [2012/08/05 11:39:04 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\Samsung [2008/08/27 11:17:10 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\Template [2010/04/20 17:27:42 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\Tific [2011/05/05 09:29:19 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\ToddCD [2012/09/27 08:14:45 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\TuneUp Software [2012/03/24 10:19:46 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\TwonkyMedia [2008/05/03 12:38:51 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\WildTangent ========== Purity Check ========== < End of report > OTL Extras logfile created on: 10/4/2012 12:53:29 PM - Run 1 OTL by OldTimer - Version 3.2.70.2 Folder = C:\Users\Collin\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.94 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 54.32% Memory free 6.08 Gb Paging File | 5.04 Gb Available in Paging File | 82.85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 137.28 Gb Total Space | 17.93 Gb Free Space | 13.06% Space Free | Partition Type: NTFS Drive D: | 11.77 Gb Total Space | 1.99 Gb Free Space | 16.93% Space Free | Partition Type: NTFS Computer Name: COLIN | User Name: Collin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- "C:\Program Files\Opera\Opera.exe" "%1" ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Unable to open value key hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Unable to open value key scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Unable to open value key Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.) "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02254587-0660-42E2-A37D-6375E23851DD}" = lport=9055 | protocol=6 | dir=in | name=beam tcp 9055 | "{0677E3C2-8191-4AC5-8077-B269C3CD637A}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{1048B93F-F25C-4B76-983F-E769023A3342}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{114877F6-5723-48D9-AB38-2F38CB63A45E}" = rport=137 | protocol=17 | dir=out | app=system | "{15EA62F3-F732-4556-9BCA-203D4F569A5B}" = lport=9000 | protocol=6 | dir=in | name=beam tcp 9000 | "{2096CDB6-5948-4AE4-ABFD-39AF87DE675E}" = lport=9085 | protocol=6 | dir=in | name=beam tcp 9085 | "{21E4D81C-91D0-46F4-8EF5-5660B485A679}" = lport=9443 | protocol=6 | dir=in | name=beam tcp https 9443 | "{3495FFB6-A8E7-48D8-BC93-24C00AA0CF2C}" = rport=139 | protocol=6 | dir=out | app=system | "{39AE9DA6-B915-4BFC-9167-B5FBFA358750}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{452E512B-33B0-4A18-989C-9811F3F1347A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{472C51F8-2848-408C-9D25-6D02BF8CDAD6}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{4E16EF43-111D-4785-9AA2-FA6B8DB678EF}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{508825AB-E107-42BD-ACE7-6068FBBA2548}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{52241BCC-6159-4AFD-9D87-4F9799C72F01}" = lport=1900 | protocol=17 | dir=in | name=beam udp 1900 | "{544286C3-1749-41DB-8A7F-DF436DD1E6E9}" = lport=138 | protocol=17 | dir=in | app=system | "{67E015C5-4EDF-42C8-8F59-3B4407AE65B0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{6823B451-165A-4FE7-9646-9CD46BFFB1D9}" = lport=9050 | protocol=6 | dir=in | name=beam tcp 9050 | "{68EBB60D-DA90-4C61-B7D6-220DA20D2D22}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{6E33BDC6-7E67-4B17-B7E0-DB88FA19AD92}" = lport=80 | protocol=6 | dir=in | name=www | "{73B7110B-7BC8-445F-B74B-0404D6370E0A}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{853A796D-36A5-4470-A26F-0A6C18FB2C8F}" = rport=2869 | protocol=6 | dir=out | app=system | "{8E524E5D-5690-4D91-8948-1D70197910E4}" = rport=445 | protocol=6 | dir=out | app=system | "{8EB750E5-EE4C-481E-A1CB-E80043ACD48E}" = lport=137 | protocol=17 | dir=in | app=system | "{9118B4D4-9F38-4A6A-9841-58766684F6CF}" = rport=138 | protocol=17 | dir=out | app=system | "{92466AFE-B69A-4856-B46C-5D2351313096}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{9722C6D7-825D-4675-9E88-E2E5A8124B36}" = lport=1030 | protocol=17 | dir=in | name=beam udp 1030 | "{9C481934-9713-49C5-B638-C9CEA536E1B9}" = lport=139 | protocol=6 | dir=in | app=system | "{A9037044-09A0-4E44-9BEA-87EA2D117328}" = lport=445 | protocol=6 | dir=in | app=system | "{B1C066B0-EE09-4400-8202-581818BE9DB3}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{B232CBA1-55D5-4BE3-8546-2ABDEDA55007}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B30ACFF0-4677-4F7B-89C7-40D8B010E787}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{B5712F92-9986-4F4E-96B7-7A6E15EBE9A0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{B5CB7914-BEAF-4506-A4A7-F30A35A61044}" = lport=2869 | protocol=6 | dir=in | app=system | "{B764F5F5-E089-4CA3-8508-139B574E7BAF}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{B944D51C-5A39-4322-A21A-82D5A8E5F5C4}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C35F8CA4-CFFC-4A03-8152-E02DD3FC57D3}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{C4F80C78-B281-486D-92ED-06E601A7C3B9}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{CA650904-E158-4816-A588-38593DF2BA8D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{E45E0C87-DA1A-4446-9A17-614F961CE32C}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{F463A639-6845-46B3-9C8E-E2FE4FF77D9A}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{020E0190-83A6-468E-B977-963D77083EA7}" = protocol=6 | dir=in | app=c:\program files\twonky\twonkyserver\twonkyserver.exe | "{0429329E-0464-4D91-A359-809821A0E16F}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{04445D45-6A4A-4069-887D-60F4CE32DD59}" = protocol=6 | dir=in | app=c:\users\collin\appdata\roaming\dropbox\bin\dropbox.exe | "{0444A7E2-A0E6-4AC9-9088-FFC8612BEC68}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | "{05D3FAA0-F2DC-432F-AA2B-6F565814D674}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{0DD5D4E9-8A6A-4948-AA6D-CF431C256FD9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{0DF5A112-97C8-40F0-B2FC-F41D6F056169}" = protocol=17 | dir=in | app=c:\users\collin\appdata\roaming\dropbox\bin\dropbox.exe | "{13C48498-D088-402E-B4F4-B5445DEBD5B5}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{16AA263D-9033-4D93-95CA-B8B3A1529993}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{22E0E9D6-8490-43C6-9CB0-F0014A2FE810}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{23CA9194-7DD8-4BFC-AEC4-0B6BA30A5D1C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{2B0B2066-EF4B-45A1-AF9D-519EF6AAB05E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{2E5387CF-ABEA-4D3C-A958-B1DDBF35A2FF}" = protocol=6 | dir=in | app=c:\windows\system32\dlbccoms.exe | "{2FFE2449-05F4-431E-B5AA-DAF630828DF1}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{37BFC098-018C-41B4-9AE7-DC0738B8C973}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{3AF4F8A4-CCDD-4A39-A1FC-977548871D41}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{3E98C6C4-15B9-4051-A23F-F6D0F715A23D}" = protocol=17 | dir=in | app=c:\program files\samsung\allshare framework dms\1.1.01\allshareframeworkdms.exe | "{3F48D01A-C436-4493-B7B1-82101C466DDC}" = dir=in | app=c:\program files\itunes\itunes.exe | "{40467612-7581-434E-9A45-61BF3D30B60C}" = protocol=17 | dir=in | app=c:\program files\twonky\twonkyserver\twonkystarter.exe | "{44564AEB-1026-4E6F-A166-B1C3AF12E200}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | "{467DC32E-D49C-41CC-A812-D199D77E1EFC}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{4703DB67-0E93-4BA5-A96F-6E06DA4F9816}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{4D06C5FC-6852-4A34-A088-73590BE088A1}" = protocol=17 | dir=in | app=c:\windows\system32\dlbccoms.exe | "{5872FA9E-0538-4BF0-B2AB-38465D1DC56F}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | "{5D64007D-FE46-4585-B943-284AEDFD7A28}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{5F0600D4-CEE0-4818-AD9F-833D0A478A5C}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | "{5F2FC6C5-C321-4CD5-9365-5673AEF1C565}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{6547955F-23D1-4537-BC83-21F8E30D11F1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{661FCB3F-89E7-43A9-A4A5-7B0B28CE0276}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{68E9D3A7-3244-465B-8205-1872074419B7}" = protocol=17 | dir=in | app=c:\program files\twonky\twonkyserver\twonkyserver.exe | "{6925F328-E549-4BBA-9613-3F37EB3D7FD4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{6D8B9C40-58D9-463E-9924-D609C410A883}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{719515F5-79A2-4D47-A8FF-86CAFE1FB1B8}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{77403D5F-6275-4BF9-850C-91F062BD4BCB}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{7A44CBBC-411E-4354-8062-AD28FD338EB7}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{7BBCB8AE-ADBE-4E95-A333-27A3C09D875A}" = protocol=6 | dir=in | app=c:\program files\samsung\allshare framework dms\1.1.01\allshareframeworkdms.exe | "{87F79AD1-BD21-476A-B516-B972E3FF6F28}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{8A22E4C1-35A0-4595-A65E-34ABCE509F9C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{93CFB6D0-CC6F-4C1D-BF8B-58F50A13D5BE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{959D99AA-99C5-41F6-BF3F-D06F51DCD66B}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "{98E8A84D-2886-4508-829B-F6850DD9EB4A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{9EF89A66-9698-4353-959C-C3313B2EC120}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{A128E15A-21E5-4116-B0EE-7525F3819603}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "{A19CC7D8-AD09-41B8-B3A5-E326AF960F2F}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | "{AAE8AB9F-8CB6-4F64-A12C-32FAC604B459}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{AD6604CC-C00B-4FA2-A352-506FA4E774FD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{B53F0FD3-E7F1-4D6F-8259-84C9CCC3E5CC}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{B576D741-6854-4188-9EEF-727EC31E27C1}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{B5875C76-9F0B-40BC-B49F-2D2F626C6AF6}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B9828DD8-6D70-4375-9636-CE373C14E3C5}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{BA5EEA2E-05C8-4EB9-8076-7EFE11E3E863}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{C35E272C-EAC3-41EE-AFD3-983BC5B19A4D}" = dir=in | app=c:\program files\samsung\allshare\allshareagent.exe | "{C3A17885-2006-44A0-BBCE-CB704CC63323}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C56342BC-3F8B-4EB8-A499-E400EFFC7DFD}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{C7B8B992-BB38-45D5-B85A-9451546231F2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{CC562A60-C696-45FE-83ED-D811A8664BC2}" = protocol=6 | dir=in | app=c:\program files\twonky\twonkyserver\twonkystarter.exe | "{CCA180A2-1BAC-4810-B999-030CEA296419}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{CD8F35A9-B415-4E0C-B6CD-69B3165FCDA9}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{CD9B3E7A-2547-44F3-B1E2-792F9CC36ADD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{D17547D8-3C6E-484B-A190-E230CFE1985C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{D3C2FAF9-630A-4C1F-B98B-2952DA65F1F3}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | "{D528AE86-7F2B-46C5-B833-EA86D2E7A3E8}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | "{D6D02677-CB86-48BF-8F3D-B93177DA81FD}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{D822A908-F09D-42F0-AAE0-F47B3B68FE5F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{DD2C67BA-446D-4A03-9B3D-6F283C62EBB2}" = dir=in | app=c:\program files\samsung\allshare\allsharedms\allsharedms.exe | "{DD2E5FD2-CA66-4C02-8206-F1F49287F605}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | "{DFD1016D-6848-43FA-8D4F-76CC5BA5B7F6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{E6737F36-9699-4C47-A1B9-2CC61606C6A7}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{E9DB6F85-A56B-4119-83A7-ED8E21FF31AD}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{EBD79006-D140-4DD3-8BA5-44078780CFEE}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{EBE328C8-B33D-4C0F-AEDF-8F1E03417DFE}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{F3E5414A-3770-4806-9746-BFA96A796EB3}" = dir=in | app=c:\program files\samsung\allshare\allshare.exe | "{F4E42785-A91D-44E7-BA6E-3B49D8976FAD}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{F55BC89E-745A-4208-88C6-B6558614481F}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{FC0B351C-91E1-4080-BEE5-BEB2DCDF064F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{FCE21A2C-A02C-4786-A723-919B1FD4DB2F}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "TCP Query User{00BFBE1D-A163-4B1F-AFE6-FA8E884C1074}C:\program files\skifta\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\skifta\jre\bin\javaw.exe | "TCP Query User{2CCF4357-54B8-4415-A930-C2F15E249CEF}C:\program files\twonky\twonkymanager\twonkymanager.exe" = protocol=6 | dir=in | app=c:\program files\twonky\twonkymanager\twonkymanager.exe | "TCP Query User{7C424AFD-F63D-439B-A0D2-EC7BD72CE333}C:\users\collin\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\collin\program files\dna\btdna.exe | "TCP Query User{FD3970CA-5268-46BB-8597-943E5F2109D0}C:\program files\twonky\twonkymanager\twonkyrenderer.exe" = protocol=6 | dir=in | app=c:\program files\twonky\twonkymanager\twonkyrenderer.exe | "UDP Query User{02443913-18D6-4D97-81E7-CF3C8294B754}C:\program files\skifta\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\skifta\jre\bin\javaw.exe | "UDP Query User{1E667E61-953A-4D9C-A20D-23343407BD5C}C:\program files\twonky\twonkymanager\twonkymanager.exe" = protocol=17 | dir=in | app=c:\program files\twonky\twonkymanager\twonkymanager.exe | "UDP Query User{1F50AA13-275F-42E6-9E1B-7A7A7253891C}C:\users\collin\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\collin\program files\dna\btdna.exe | "UDP Query User{B470C488-8F62-4AA8-BDCE-B360E4CB766A}C:\program files\twonky\twonkymanager\twonkyrenderer.exe" = protocol=17 | dir=in | app=c:\program files\twonky\twonkymanager\twonkyrenderer.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.5500 "{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1 "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer "{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series" = Canon MP240 series MP Drivers "{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library "{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1 "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1 "{1B15D991-5619-4BC1-B71E-3DE793B792FC}" = ArcSoft MediaConverter 2 "{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite "{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget "{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant "{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1 "{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program "{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support "{2DAFF979-5A46-44FA-B431-DAB8F0580683}" = RSDLite "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{42ACCB45-3363-47E0-94E9-F0074CC8BC56}" = Citrix Presentation Server Client "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6 "{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout "{4D49757C-367A-4333-BDB3-68966162B14E}" = HP User Guides 0087 "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6C12B6BF-3891-497B-B5CA-3D64DA093947}" = Motorola Mobile Drivers Installation 5.4.0 "{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007 "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91660892-8B9D-4C01-8ED8-6567447937EC}" = iRemote "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9DC9256-709F-4BEA-B39D-4F11D90585AA}" = HP Smart Web Printing "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3) "{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1 "{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR "{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc "{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5 "{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer "{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant "{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update "{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support "{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29 "{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor "{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1 "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01 "{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation) "{EACCC042-848D-4166-9D97-B13D1D108722}" = Google Drive "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "7-Zip" = 7-Zip 9.20 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17 "AppInventor Setup" = AppInventor Setup "Canon MP240 series User Registration" = Canon MP240 series User Registration "CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program "CanonMyPrinter" = Canon Utilities My Printer "CanonSolutionMenu" = Canon Utilities Solution Menu "CCleaner" = CCleaner "Cisco Connect" = Cisco Connect "CNXT_AUDIO_HDA" = Conexant HD Audio "CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP "CPC View Plugin" = CPC Lite Plugin "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX "ERUNT_is1" = ERUNT 1.1j "Google Updater" = Google Updater "Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149) "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Photosmart Essential" = HP Photosmart Essential 2.5 "HP Smart Web Printing" = HP Smart Web Printing "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "KLiteCodecPack_is1" = K-Lite Codec Pack 8.4.0 (Basic) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "MotoHelper" = MotoHelper 2.0.40 Driver 4.8.0 "MP Navigator EX 2.0" = Canon MP Navigator EX 2.0 "N360" = Norton Business Suite "NVIDIA Drivers" = NVIDIA Drivers "PROR" = Microsoft Office Professional 2007 "PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation) "Skifta" = Skifta "SynTPDeinstKey" = Synaptics Pointing Device Driver "WildTangent hp Master Uninstall" = HP Games ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "MusicManager" = Music Manager ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 7/31/2012 10:47:01 PM | Computer Name = Colin | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 16941 Error - 7/31/2012 10:47:02 PM | Computer Name = Colin | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 7/31/2012 10:47:02 PM | Computer Name = Colin | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 17955 Error - 7/31/2012 10:47:02 PM | Computer Name = Colin | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 17955 Error - 7/31/2012 10:47:03 PM | Computer Name = Colin | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 7/31/2012 10:47:03 PM | Computer Name = Colin | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 18969 Error - 7/31/2012 10:47:03 PM | Computer Name = Colin | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 18969 Error - 7/31/2012 10:47:04 PM | Computer Name = Colin | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 7/31/2012 10:47:04 PM | Computer Name = Colin | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 19968 Error - 7/31/2012 10:47:04 PM | Computer Name = Colin | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 19968 [ Media Center Events ] Error - 5/19/2008 7:08:32 PM | Computer Name = Colin | Source = MCUpdate | ID = 0 Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed due to an abandoned mutex.'. Error - 5/26/2008 11:19:56 AM | Computer Name = Colin | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight. Error - 6/1/2008 3:57:01 AM | Computer Name = Colin | Source = MCUpdate | ID = 0 Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed due to an abandoned mutex.'. Error - 6/9/2008 7:16:21 AM | Computer Name = Colin | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight. Error - 8/31/2008 6:01:29 AM | Computer Name = Colin | Source = MCUpdate | ID = 0 Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed due to an abandoned mutex.'. Error - 1/29/2009 11:20:35 AM | Computer Name = Colin | Source = MCUpdate | ID = 0 Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed due to an abandoned mutex.'. Error - 3/5/2009 1:36:14 PM | Computer Name = Colin | Source = MCUpdate | ID = 0 Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed due to an abandoned mutex.'. Error - 4/1/2009 9:19:54 AM | Computer Name = Colin | Source = MCUpdate | ID = 0 Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed due to an abandoned mutex.'. Error - 5/17/2009 1:37:27 AM | Computer Name = Colin | Source = MCUpdate | ID = 0 Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed due to an abandoned mutex.'. Error - 6/9/2009 2:44:25 PM | Computer Name = Colin | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. [ System Events ] Error - 10/1/2012 11:10:17 PM | Computer Name = Colin | Source = Service Control Manager | ID = 7001 Description = Error - 10/2/2012 8:11:28 PM | Computer Name = Colin | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Error - 10/4/2012 2:21:49 PM | Computer Name = Colin | Source = Service Control Manager | ID = 7000 Description = Error - 10/4/2012 2:22:59 PM | Computer Name = Colin | Source = Service Control Manager | ID = 7022 Description = Error - 10/4/2012 2:22:59 PM | Computer Name = Colin | Source = Service Control Manager | ID = 7001 Description = Error - 10/4/2012 2:33:40 PM | Computer Name = Colin | Source = Service Control Manager | ID = 7034 Description = Error - 10/4/2012 2:37:32 PM | Computer Name = Colin | Source = Service Control Manager | ID = 7000 Description = Error - 10/4/2012 3:31:44 PM | Computer Name = Colin | Source = Service Control Manager | ID = 7000 Description = Error - 10/4/2012 3:33:20 PM | Computer Name = Colin | Source = Service Control Manager | ID = 7009 Description = Error - 10/4/2012 3:33:20 PM | Computer Name = Colin | Source = Service Control Manager | ID = 7000 Description = < End of report >
  6. Farbar Service Scanner Version: 19-09-2012 Ran by Collin (administrator) on 04-10-2012 at 12:49:34 Running from "C:\Users\Collin\Downloads" Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Other Services: ============== File Check: ======== C:\Windows\system32\nsisvc.dll => MD5 is legit C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit C:\Windows\system32\dhcpcsvc.dll => MD5 is legit C:\Windows\system32\Drivers\afd.sys => MD5 is legit C:\Windows\system32\Drivers\tdx.sys => MD5 is legit C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit C:\Windows\system32\dnsrslvr.dll => MD5 is legit C:\Windows\system32\mpssvc.dll => MD5 is legit C:\Windows\system32\bfe.dll => MD5 is legit C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit C:\Windows\system32\SDRSVC.dll => MD5 is legit C:\Windows\system32\vssvc.exe => MD5 is legit C:\Windows\system32\wscsvc.dll => MD5 is legit C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\system32\wuaueng.dll => MD5 is legit C:\Windows\system32\qmgr.dll => MD5 is legit C:\Windows\system32\es.dll => MD5 is legit C:\Windows\system32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit **** End of log ****
  7. Results of screen317's Security Check version 0.99.51 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! Norton Business Suite WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.0.1400 CCleaner Adobe Flash Player 11.4.402.278 Adobe Reader X 10.1.3 Adobe Reader out of Date! Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 8 % Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log``````````````````````
  8. Malwarebytes Anti-Malware (Trial) 1.65.0.1400 www.malwarebytes.org Database version: v2012.10.04.10 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Collin :: COLIN [administrator] Protection: Disabled 10/4/2012 11:46:14 AM mbam-log-2012-10-04 (11-46-14).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 208373 Time elapsed: 9 minute(s), 34 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\Collin\Downloads\FlvPlayerSetup.exe (Adware.Agent) -> Quarantined and deleted successfully. (end)
  9. Chrome still has the snap.do tab opening. IE does not anymore. info.txt logfile of random's system information tool 1.09 2012-10-04 07:24:18 ======Uninstall list====== Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438} Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438} -->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe" -->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U -->C:\Program Files\Conexant\SmartAudio\SETUP.EXE -U -ISmartAudio -SM=SMAUDIO.EXE,1801 -->MsiExec /X{D56B0E27-4A3E-46C9-B5C1-D93D580C099C} 7-Zip 9.20-->"C:\Program Files\7-Zip\Uninstall.exe" Acrobat.com-->MsiExec.exe /X{6D8D64BE-F500-55B6-705D-DFD08AFE0624} Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{AFF7E080-1974-45BF-9310-10DE1A1F5ED0} Adobe Flash Player 11 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_278_ActiveX.exe -maintain activex Adobe Flash Player 11 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_278_Plugin.exe -maintain plugin Adobe Reader X (10.1.3)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA1000000001} Adobe Shockwave Player 11.6-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe" Adobe Shockwave Player-->MsiExec.exe /X{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A} Amazon MP3 Downloader 1.0.17-->C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe AppInventor Setup-->C:\Program Files\AppInventor\commands-for-Appinventor\uninstall.exe Apple Application Support-->MsiExec.exe /I{63EC2120-1742-4625-AA47-C6A8AEC9C64C} Apple Mobile Device Support-->MsiExec.exe /I{D4DDFAA1-EC37-4529-AD5B-A433ADE68662} Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE} ArcSoft MediaConverter 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B15D991-5619-4BC1-B71E-3DE793B792FC}\setup.exe" -l0x9 Atheros Driver Installation Program-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe" -l0x9 -removeonly Bonjour-->MsiExec.exe /X{79155F2B-9895-49D7-8612-D92580E0DE5B} Canon MP Navigator EX 2.0-->"C:\Program Files\Canon\MP Navigator EX 2.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 2.0\uninst.ini Canon MP240 series MP Drivers-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series /L0x0009 Canon MP240 series User Registration-->C:\Program Files\Canon\IJEREG\MP240 series\UNINST.EXE Canon Utilities Easy-PhotoPrint EX-->C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini Canon Utilities My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini Canon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini CCleaner-->"C:\Program Files\CCleaner\uninst.exe" Cisco Connect-->"C:\Program Files\Cisco Systems\Cisco Connect\Cisco Connect.exe" -uninstall Citrix Presentation Server Client-->MsiExec.exe /I{42ACCB45-3363-47E0-94E9-F0074CC8BC56} Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE} Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe -U -IQh30CFza.INF CPC Lite Plugin-->C:\Windows\UnCpcVw.exe CPC View Plugin Desktop Doctor-->MsiExec.exe /I{D87149B3-7A1D-4548-9CBF-032B791E5908} DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe" Google Drive-->MsiExec.exe /X{EACCC042-848D-4166-9D97-B13D1D108722} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall Hauppauge MCE XP/Vista Software Encoder (2.0.25149)-->C:\PROGRA~1\WinTV\UNSftMCE.EXE C:\PROGRA~1\WinTV\softMCE.LOG HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_HERMOSA_HSF\UIU32m.exe -U -IHPQHERzm.inf Hewlett-Packard Active Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E} Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367} Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {99A120B0-F930-3427-A833-FAD753B85527} /parameterfolder Client HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD0E2B92-3814-46F0-893B-4612EA010C7E}\setup.exe" -l0x9 -removeonly HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F} HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}\setup.exe" -l0x9 -removeonly HP Games-->"C:\Program Files\HP Games\Uninstall.exe" HP Help and Support-->MsiExec.exe /I{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4} HP Integrated Module with Bluetooth wireless technology 6.0.1.5500-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D} HP Photosmart Essential 2.5-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat HP Quick Launch Buttons 6.30 E1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 uninst HP QuickPlay 3.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall HP QuickTouch 1.00 C4-->MsiExec.exe /I{7DC4A410-9986-4329-9E5D-687B2C42CA39} HP Smart Web Printing-->msiexec /i{A9DC9256-709F-4BEA-B39D-4F11D90585AA} HP Total Care Advisor-->MsiExec.exe /X{b02df929-29a7-4fd2-9a70-81a644b635f7} HP Update-->MsiExec.exe /X{D063F201-FAC4-4D5C-B10B-615058ADE5A7} HP User Guides 0087-->MsiExec.exe /I{4D49757C-367A-4333-BDB3-68966162B14E} HP Wireless Assistant-->MsiExec.exe /I{CBAE4F50-9FC9-4557-AB36-9826DF3C103C} HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4} Inkjet Printer/Scanner Extended Survey Program-->C:\Program Files\Canon\IJPLM\SETUP.EXE -R iRemote-->MsiExec.exe /I{91660892-8B9D-4C01-8ED8-6567447937EC} iTunes-->MsiExec.exe /I{0F6F6876-6334-4977-B5DD-CFC12E193420} K-Lite Codec Pack 8.4.0 (Basic)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" -uninstall LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\ProgramData\LuUninstall.LiveUpdate" LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206} Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {6E107EB7-8B55-48BF-ACCB-199F86A2CD93} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6E107EB7-8B55-48BF-ACCB-199F86A2CD93} Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE} Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE} Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE} Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE} Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE} Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE} Microsoft Office Professional 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL Microsoft Office Professional 2007-->MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {1FF96026-A04A-4C3E-B50A-BB7022654D0F} Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {1FF96026-A04A-4C3E-B50A-BB7022654D0F} Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {71F055E8-E2C6-4214-BB3D-BFE03561B89E} Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {71F055E8-E2C6-4214-BB3D-BFE03561B89E} Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {2314F9A1-126F-45CC-8A5E-DFAF866F3FBC} Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {2314F9A1-126F-45CC-8A5E-DFAF866F3FBC} Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909} Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{3C3D696B-0DB7-3C6D-A356-3DB8CE541918} Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8} MotoHelper 2.0.40 Driver 4.8.0-->C:\Program Files\Motorola\MotoHelper\uninstall.exe MotoHelper MergeModules-->MsiExec.exe /I{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9} Motorola Mobile Drivers Installation 5.4.0-->MsiExec.exe /X{6C12B6BF-3891-497B-B5CA-3D64DA093947} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} muvee autoProducer 6.1-->C:\Program Files\InstallShield Installation Information\{250E9609-E830-43EB-B379-DAB7546A2422}\muveesetup.exe -removeonly -runfromtemp Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2} NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly Norton Business Suite-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\704bfc66\5.2.2.3\InstStub.exe /X /ARP NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI NVIDIA PhysX v8.10.29-->MsiExec.exe /X{D56B0E27-4A3E-46C9-B5C1-D93D580C099C} OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18} Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything RSDLite-->MsiExec.exe /I{2DAFF979-5A46-44FA-B431-DAB8F0580683} Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {94EFE014-E577-310B-B2D5-6973A21D8A90} /qb+ REBOOTPROMPT="" Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {F6F5AC31-9833-3E77-AC8E-8E910CAB39AE} /qb+ REBOOTPROMPT="" Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DB31DEDD-BF95-31E7-A9B7-5480561CEFF3} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {67A5F99B-5EBA-3812-8D2E-BC251490DD3F} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8DDEFC7E-0C61-3D11-AFC6-5414F2DAFD01} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4952F442-5C1A-38EB-8C23-B18EFE77E20C} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {9EC88EA8-4ABE-393C-87BD-90EABB1C4C9B} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {86BB5A25-8CC3-33CE-A393-CF28901682B2} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {16EEC04A-B924-37E0-97CF-422DCEFC1B63} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {C4D978AA-2668-3404-96DE-96E2AFC62FD7} /parameterfolder Client Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition -->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {C6997D22-CC93-4ED9-AD8A-02C3F3D2F1F9} Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C6997D22-CC93-4ED9-AD8A-02C3F3D2F1F9} Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition -->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {5DD3FF90-B302-45B2-A188-C5EA7ACD5D46} Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5DD3FF90-B302-45B2-A188-C5EA7ACD5D46} Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition -->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {D33B9EF5-3801-496A-A2D6-B7F4BE972D75} Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {D33B9EF5-3801-496A-A2D6-B7F4BE972D75} Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition -->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {B145DBBB-7778-4A5D-9D2B-DA6569F02391} Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B145DBBB-7778-4A5D-9D2B-DA6569F02391} Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {A0D5F849-D9D5-48ED-99D0-C74D7BFA6A09} Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A0D5F849-D9D5-48ED-99D0-C74D7BFA6A09} Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {E34960DB-2A93-45DB-A208-02650F7AB09C} Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E34960DB-2A93-45DB-A208-02650F7AB09C} Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition -->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {2623A96B-78E5-42CC-AB55-6A3969B32E36} Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {2623A96B-78E5-42CC-AB55-6A3969B32E36} Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {293FB6BE-D3EB-4162-B522-F9108040B9FE} Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {293FB6BE-D3EB-4162-B522-F9108040B9FE} Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition -->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {31C0F635-15AD-4AA3-A3C6-B542B403D0EE} Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {31C0F635-15AD-4AA3-A3C6-B542B403D0EE} Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition -->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {3069CE04-082C-4669-9BA1-E6AA66330C1F} Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3069CE04-082C-4669-9BA1-E6AA66330C1F} Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {2B3C041A-A7F2-4A24-968D-4BEB6A123D15} Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {2B3C041A-A7F2-4A24-968D-4BEB6A123D15} Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition -->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {EF5B5C7F-20CB-4A3A-AC3D-F5DE2C2BFDC7} Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {EF5B5C7F-20CB-4A3A-AC3D-F5DE2C2BFDC7} Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition -->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {B4C12F08-B0EF-4CC4-AD5F-381DD62BF640} Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B4C12F08-B0EF-4CC4-AD5F-381DD62BF640} Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition -->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {7BCF7F6B-4AC0-4915-83B2-5CFF6BE9BF77} Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7BCF7F6B-4AC0-4915-83B2-5CFF6BE9BF77} Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {AEA16A27-0B97-4670-818F-A98D06EC0A6F} Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AEA16A27-0B97-4670-818F-A98D06EC0A6F} Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {0EF0D4FB-BB23-4515-AAEA-1240AC2DA525} Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0EF0D4FB-BB23-4515-AAEA-1240AC2DA525} Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {5A8732F0-C20F-4A9B-A2A9-66FE7A586C35} Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition -->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {075C2272-0881-46D3-B3A5-1D83D6940270} Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {075C2272-0881-46D3-B3A5-1D83D6940270} Skifta-->"C:\Program Files\Skifta\Uninstall Skifta.exe" swMSM-->MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726} Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Trojan Remover 6.8.5-->"C:\Program Files\Trojan Remover\unins000.exe" Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update for Microsoft Office 2007 Help for Common Features (KB957244)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {C8C72583-C907-4D20-8973-C3858D96BD9E} Update for Microsoft Office 2007 Help for Common Features (KB957244)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {C8C72583-C907-4D20-8973-C3858D96BD9E} Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {8F32B14E-F85E-482C-BF8C-C04E1A5ADE4F} Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {8B689F89-5E1C-4DA9-B2B1-7B3843275596} Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {6F0E4983-E419-4591-B7DD-EFB0073D3E47} Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {BBE715CA-02FD-4C5A-90BB-440A967DF05E} Update for Microsoft Office Publisher 2007 Help (KB957249)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4E140A5A-4A90-404A-B955-10C2D98CD3EE} VC80CRTRedist - 8.0.50727.6195-->MsiExec.exe /I{933B4015-4618-4716-A828-5289FC03165F} WeatherBug Gadget-->MsiExec.exe /I{209CDA54-D390-46A2-A97C-7BF61734418D} Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} ======Security center information====== AS: Windows Defender ======System event log====== Computer Name: Colin Event Code: 4376 Message: Servicing has required reboot to complete the operation of setting package KB2117917(Update) into Staged(Staged) state Record Number: 192088 Source Name: Microsoft-Windows-Servicing Time Written: 20111212235555.000000-000 Event Type: Warning User: COLIN\Collin Computer Name: Colin Event Code: 4376 Message: Servicing has required reboot to complete the operation of setting package KB2117917(Update) into Staged(Staged) state Record Number: 192087 Source Name: Microsoft-Windows-Servicing Time Written: 20111212235555.000000-000 Event Type: Warning User: COLIN\Collin Computer Name: Colin Event Code: 4376 Message: Servicing has required reboot to complete the operation of setting package KB2117917(Update) into Install Requested(Install Requested) state Record Number: 192041 Source Name: Microsoft-Windows-Servicing Time Written: 20111212235555.000000-000 Event Type: Warning User: COLIN\Collin Computer Name: Colin Event Code: 4376 Message: Servicing has required reboot to complete the operation of setting package KB2117917(Update) into Install Requested(Install Requested) state Record Number: 192039 Source Name: Microsoft-Windows-Servicing Time Written: 20111212235555.000000-000 Event Type: Warning User: COLIN\Collin Computer Name: Colin Event Code: 4376 Message: Servicing has required reboot to complete the operation of setting package KB2117917(Update) into Install Requested(Install Requested) state Record Number: 192035 Source Name: Microsoft-Windows-Servicing Time Written: 20111212235555.000000-000 Event Type: Warning User: COLIN\Collin =====Application event log===== Computer Name: Colin Event Code: 510 Message: Windows (2932) Windows: A request to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 105611264 (0x00000000064b8000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (10490 seconds) to be serviced by the OS. In addition, 2 other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted 11544 seconds ago. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Record Number: 39999 Source Name: ESENT Time Written: 20111116003840.000000-000 Event Type: Warning User: Computer Name: Colin Event Code: 508 Message: Windows (2932) Windows: A request to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log" at offset 69120 (0x0000000000010e00) for 33280 (0x00008200) bytes succeeded, but took an abnormally long time (5255 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Record Number: 39998 Source Name: ESENT Time Written: 20111115212616.000000-000 Event Type: Warning User: Computer Name: Colin Event Code: 507 Message: Windows (2932) Windows: A request to read from the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 62472192 (0x0000000003b94000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (5255 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Record Number: 39997 Source Name: ESENT Time Written: 20111115212615.000000-000 Event Type: Warning User: Computer Name: Colin Event Code: 10 Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Record Number: 39983 Source Name: Microsoft-Windows-WMI Time Written: 20111115183835.000000-000 Event Type: Error User: Computer Name: Colin Event Code: 10 Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Record Number: 39917 Source Name: Microsoft-Windows-WMI Time Written: 20111114005541.000000-000 Event Type: Error User: =====Security event log===== Computer Name: Colin Event Code: 4905 Message: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: COLIN$ Account Domain: FRANZ Logon ID: 0x3e7 Process: Process ID: 0x14dc Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x3df9fd8 Record Number: 13317 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100128212159.282100-000 Event Type: Audit Success User: Computer Name: Colin Event Code: 4904 Message: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: COLIN$ Account Domain: FRANZ Logon ID: 0x3e7 Process: Process ID: 0x14dc Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x3df9fd8 Record Number: 13316 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100128212159.282100-000 Event Type: Audit Success User: Computer Name: Colin Event Code: 4672 Message: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 13315 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100128212035.244900-000 Event Type: Audit Success User: Computer Name: Colin Event Code: 4624 Message: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: COLIN$ Account Domain: FRANZ Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Record Number: 13314 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100128212035.244900-000 Event Type: Audit Success User: Computer Name: Colin Event Code: 4648 Message: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: COLIN$ Account Domain: FRANZ Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: SYSTEM Account Domain: NT AUTHORITY Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2a0 Process Name: C:\Windows\System32\services.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Record Number: 13313 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100128212035.244900-000 Event Type: Audit Success User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\CyberLink\Power2Go; "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 104 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=6802 "NUMBER_OF_PROCESSORS"=2 "TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat "DFSTRACINGON"=FALSE "PLATFORM"=MCD "PCBRAND"=Pavilion "OnlineServices"=Online Services "USERPART"=E: "asl.log"=Destination=file;OnFirstLog=command,environment,parent -----------------EOF----------------- Logfile of random's system information tool 1.09 (written by random/random) Run by Collin at 2012-10-04 07:23:48 Microsoft® Windows Vista™ Home Premium Service Pack 2 System drive C: has 19 GB (14%) free of 141 GB Total RAM: 3006 MB (42% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 7:24:12 AM, on 10/4/2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16450) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\system32\taskeng.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Windows\System32\rundll32.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Norton Business Suite\Engine\5.2.2.3\ccSvcHst.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Users\Collin\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe C:\Users\Collin\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Collin\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Collin\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Collin\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Collin\Downloads\RSIT.exe C:\Program Files\trend micro\Collin.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:51210 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Business Suite\Engine\5.2.2.3\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Business Suite\Engine\5.2.2.3\IPS\IPSBHO.DLL O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Business Suite\Engine\5.2.2.3\coIEPlg.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - (no file) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames/zpa_dmno.cab55579.cab O16 - DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} (20-20 3D Viewer for WEB) - http://lazboy3d.icovia.com/PLANNER/Core/Player/2020PlayerAX_WEB_Win32.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: dlbc_device - - C:\Windows\system32\dlbccoms.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: Norton Business Suite (N360) - Symantec Corporation - C:\Program Files\Norton Business Suite\Engine\5.2.2.3\ccSvcHst.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 8816 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job C:\Windows\tasks\Google Software Updater.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3750453361-2573893903-1094557867-1000Core.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3750453361-2573893903-1094557867-1000UA.job C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Collin.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] Symantec NCO BHO - C:\Program Files\Norton Business Suite\Engine\5.2.2.3\coIEPlg.dll [2012-06-07 436192] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] Symantec Intrusion Prevention - C:\Program Files\Norton Business Suite\Engine\5.2.2.3\IPS\IPSBHO.DLL [2011-03-30 210872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Business Suite\Engine\5.2.2.3\coIEPlg.dll [2012-06-07 436192] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-01-18 1033512] "hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-09-13 480560] "WAWifiMessage"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-08 311296] "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-12-04 13556256] "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-12-04 92704] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712] "APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-08-27 59280] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2012-09-09 421776] "TrojanScanner"=C:\Program Files\Trojan Remover\Trjscan.exe [2012-09-14 1247504] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-10 1233920] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe [2008-04-24 202560] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [2007-09-04 554320] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-09-19 202032] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService] C:\Program Files\HP\QuickPlay\QPService.exe [2007-12-19 468264] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk] C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2007-09-05 727592] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Collin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] C:\PROGRA~1\MICROS~3\Office12\ONENOTEM.EXE [2009-02-26 97680] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"=0 "NoDrives"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink" "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVYU"=msyuv.dll "VIDC.IYUV"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "VIDC.YVU9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "vidc.cvid"=iccvid.dll "MSVideo8"=VfWWDM32.dll "msacm.l3codecp"=l3codecp.acm "wave2"=wdmaud.drv "midi2"=wdmaud.drv "mixer2"=wdmaud.drv "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 ======List of files/folders created in the last 1 month====== 2012-10-04 07:23:50 ----D---- C:\Program Files\trend micro 2012-10-04 07:23:48 ----D---- C:\rsit 2012-10-02 17:02:22 ----D---- C:\f23efcd6d6e508a4ea3fce 2012-10-01 19:34:47 ----D---- C:\N360_BACKUP 2012-10-01 18:50:57 ----D---- C:\Windows\temp 2012-10-01 18:50:53 ----A---- C:\ComboFix.txt 2012-10-01 18:39:52 ----D---- C:\$RECYCLE.BIN 2012-10-01 18:10:57 ----A---- C:\Windows\zip.exe 2012-10-01 18:10:57 ----A---- C:\Windows\SWSC.exe 2012-10-01 18:10:57 ----A---- C:\Windows\SWREG.exe 2012-10-01 18:10:57 ----A---- C:\Windows\sed.exe 2012-10-01 18:10:57 ----A---- C:\Windows\PEV.exe 2012-10-01 18:10:57 ----A---- C:\Windows\NIRCMD.exe 2012-10-01 18:10:57 ----A---- C:\Windows\MBR.exe 2012-10-01 18:10:57 ----A---- C:\Windows\grep.exe 2012-10-01 17:57:58 ----D---- C:\Qoobox 2012-10-01 09:24:33 ----A---- C:\AdwCleaner[R1].txt 2012-10-01 09:13:16 ----D---- C:\Windows\ERDNT 2012-10-01 09:12:20 ----D---- C:\Program Files\ERUNT 2012-09-27 12:57:48 ----D---- C:\Program Files\Common Files\Bitdefender 2012-09-27 08:14:45 ----D---- C:\Users\Collin\AppData\Roaming\TuneUp Software 2012-09-27 08:01:35 ----HD---- C:\ProgramData\Common Files 2012-09-27 08:01:35 ----D---- C:\ProgramData\MFAData 2012-09-27 07:55:22 ----D---- C:\ProgramData\TEMP 2012-09-27 07:49:18 ----D---- C:\Users\Collin\AppData\Roaming\Simply Super Software 2012-09-27 07:49:06 ----A---- C:\Windows\system32\ztvunrar39.dll 2012-09-27 07:49:06 ----A---- C:\Windows\system32\ztvunrar36.dll 2012-09-27 07:49:06 ----A---- C:\Windows\system32\ztvunace26.dll 2012-09-27 07:49:06 ----A---- C:\Windows\system32\ztv7z.dll 2012-09-27 07:49:05 ----A---- C:\Windows\system32\ztvcabinet.dll 2012-09-27 07:49:05 ----A---- C:\Windows\system32\UNRAR3.dll 2012-09-27 07:49:05 ----A---- C:\Windows\system32\unacev2.dll 2012-09-27 07:49:02 ----D---- C:\ProgramData\Simply Super Software 2012-09-27 07:49:02 ----D---- C:\Program Files\Trojan Remover 2012-09-27 03:02:33 ----A---- C:\Windows\system32\vbscript.dll 2012-09-27 03:02:33 ----A---- C:\Windows\system32\mshtmled.dll 2012-09-27 03:02:31 ----A---- C:\Windows\system32\ieui.dll 2012-09-27 03:02:30 ----A---- C:\Windows\system32\jsproxy.dll 2012-09-27 03:02:30 ----A---- C:\Windows\system32\ieUnatt.exe 2012-09-27 03:02:29 ----A---- C:\Windows\system32\msfeeds.dll 2012-09-27 03:02:28 ----A---- C:\Windows\system32\wininet.dll 2012-09-27 03:02:27 ----A---- C:\Windows\system32\jscript.dll 2012-09-27 03:02:26 ----A---- C:\Windows\system32\url.dll 2012-09-27 03:02:26 ----A---- C:\Windows\system32\jscript9.dll 2012-09-27 03:02:24 ----A---- C:\Windows\system32\iertutil.dll 2012-09-27 03:02:22 ----A---- C:\Windows\system32\urlmon.dll 2012-09-27 03:02:18 ----A---- C:\Windows\system32\ieframe.dll 2012-09-27 03:02:17 ----A---- C:\Windows\system32\mshtml.dll 2012-09-26 20:23:15 ----A---- C:\Windows\system32\drivers\GEARAspiWDM.sys 2012-09-26 20:17:13 ----D---- C:\Program Files\iPod 2012-09-26 20:16:58 ----D---- C:\Program Files\iTunes 2012-09-26 20:12:49 ----D---- C:\Program Files\Apple Software Update 2012-09-26 09:30:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware(362) 2012-09-25 10:31:45 ----D---- C:\Program Files\doubleTwist 2.0 2012-09-25 09:56:54 ----D---- C:\Users\Collin\AppData\Roaming\BitTorrent 2012-09-22 17:38:25 ----D---- C:\Program Files\MediaMall 2012-09-22 17:36:20 ----D---- C:\ProgramData\MediaMall 2012-09-19 13:45:20 ----D---- C:\Program Files\iPod(360) 2012-09-19 13:45:13 ----D---- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2012-09-19 13:45:13 ----D---- C:\Program Files\iTunes(361) ======List of files/folders modified in the last 1 month====== 2012-10-04 07:24:10 ----D---- C:\Windows\Prefetch 2012-10-04 07:23:50 ----RD---- C:\Program Files 2012-10-04 07:21:02 ----SHD---- C:\Windows\Installer 2012-10-04 07:19:21 ----SHD---- C:\System Volume Information 2012-10-01 18:51:05 ----D---- C:\Windows\system32\drivers 2012-10-01 18:50:57 ----D---- C:\Windows 2012-10-01 18:40:21 ----A---- C:\Windows\system.ini 2012-10-01 18:39:13 ----D---- C:\Windows\system32\drivers\etc 2012-10-01 18:37:36 ----D---- C:\ProgramData 2012-10-01 18:34:33 ----D---- C:\Windows\System32 2012-10-01 18:34:30 ----SD---- C:\Windows\Downloaded Program Files 2012-10-01 18:26:55 ----D---- C:\Windows\AppPatch 2012-10-01 18:26:51 ----D---- C:\Program Files\Common Files 2012-10-01 17:48:11 ----D---- C:\Windows\inf 2012-10-01 17:33:10 ----D---- C:\ProgramData\CanonIJPLM 2012-09-27 19:37:00 ----D---- C:\Program Files\Java 2012-09-27 08:47:47 ----D---- C:\Windows\system32\catroot 2012-09-27 03:27:01 ----D---- C:\Program Files\Microsoft Silverlight 2012-09-27 03:22:47 ----D---- C:\Windows\system32\migration 2012-09-27 03:22:21 ----D---- C:\Program Files\Internet Explorer 2012-09-27 03:05:01 ----D---- C:\Windows\winsxs 2012-09-27 03:04:07 ----D---- C:\Windows\system32\catroot2 2012-09-26 20:23:15 ----DC---- C:\Windows\system32\DRVSTORE 2012-09-26 20:17:03 ----D---- C:\Program Files\Common Files\Apple 2012-09-26 20:13:03 ----D---- C:\Windows\system32\Tasks 2012-09-26 19:57:07 ----D---- C:\Users\Collin\AppData\Roaming\Apple Computer 2012-09-26 19:37:27 ----A---- C:\Windows\system32\FlashPlayerApp.exe 2012-09-26 17:09:48 ----D---- C:\Windows\system32\config 2012-09-26 17:09:09 ----RSD---- C:\Windows\Media 2012-09-26 17:09:09 ----D---- C:\Windows\Tasks 2012-09-26 17:09:09 ----D---- C:\Windows\system32\wbem 2012-09-26 17:09:09 ----D---- C:\Windows\system32\spool 2012-09-26 17:09:09 ----D---- C:\Windows\system32\Msdtc 2012-09-26 17:09:09 ----D---- C:\Windows\system32\CodeIntegrity 2012-09-26 17:09:02 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2012-09-26 17:08:55 ----D---- C:\Program Files\7-Zip 2012-09-26 17:08:49 ----D---- C:\Windows\registration 2012-09-26 16:39:58 ----A---- C:\Windows\system32\PerfStringBackup.INI 2012-09-26 09:21:54 ----D---- C:\Windows\Debug 2012-09-25 11:41:48 ----SD---- C:\Users\Collin\AppData\Roaming\Microsoft 2012-09-25 11:30:13 ----D---- C:\Program Files\Common Files\Adobe 2012-09-25 11:03:41 ----RSD---- C:\Windows\assembly 2012-09-25 10:31:32 ----D---- C:\Users\Collin\AppData\Roaming\OpenCandy 2012-09-22 17:34:03 ----D---- C:\Windows\Downloaded Installations 2012-09-12 03:11:47 ----D---- C:\ProgramData\Microsoft Help 2012-09-12 03:02:41 ----A---- C:\Windows\system32\mrt.exe 2012-09-10 11:48:35 ----D---- C:\ProgramData\Samsung 2012-09-10 11:40:42 ----D---- C:\Program Files\Samsung 2012-09-10 07:30:00 ----D---- C:\AllShare Play 2012-09-05 09:47:02 ----D---- C:\Program Files\Google ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\N360\0502020.003\SYMDS.SYS [2011-01-26 340088] R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\N360\0502020.003\SYMEFA.SYS [2011-03-14 744568] R1 BHDrvx86;BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120928.001\BHDrvx86.sys [2012-09-19 995488] R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2012-08-09 376480] R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121003.001\IDSvix86.sys [2012-09-25 386720] R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\system32\drivers\N360\0502020.003\SRTSPX.SYS [2011-03-30 50168] R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\N360\0502020.003\Ironx86.SYS [2010-11-15 136312] R1 SYMTDIv;Symantec Vista Network Dispatch Driver; C:\Windows\System32\Drivers\N360\0502020.003\SYMTDIV.SYS [2011-04-20 331384] R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672] R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936] R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496] R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376] R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704] R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-12-06 761856] R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-10 22528] R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-20 92160] R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-06-17 30208] R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2007-09-18 80424] R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2007-09-18 80936] R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-09-18 16168] R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-03-04 188416] R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 106656] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 26840] R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768] R3 HpqRemHid;HP Remote Control HID Device; C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168] R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-11-01 985600] R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-11-01 208896] R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121003.032\NAVENG.SYS [2012-09-26 92704] R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121003.032\NAVEX15.SYS [2012-09-26 1601184] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-03-06 1059112] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-12-04 7606688] R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-16 12032] R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-10 148992] R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-10 89088] R3 SRTSP;Symantec Real Time Storage Protection; C:\Windows\System32\Drivers\N360\0502020.003\SRTSP.SYS [2011-03-30 516216] R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2011-10-19 126584] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-01-18 196784] R3 UMPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys [2008-01-20 7680] R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-11-01 661504] S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384] S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2011-04-21 508416] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632] S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2007-09-09 176640] S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-20 200704] S3 motandroidusb;Mot ADB Interface Driver; C:\Windows\System32\Drivers\motoandroid.sys [2009-07-10 25856] S3 motccgp;Motorola USB Composite Device Driver; C:\Windows\system32\DRIVERS\motccgp.sys [2011-04-04 20480] S3 motccgpfl;MotCcgpFlService; C:\Windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 8320] S3 MotDev;Motorola Inc. USB Device; C:\Windows\system32\DRIVERS\motodrv.sys [2009-05-08 42752] S3 MotoSwitchService;MotoSwitch Service; C:\Windows\system32\DRIVERS\motswch.sys [2007-11-02 6400] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192] S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888] S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016] S3 MusCAudio;MusCAudio; C:\Windows\system32\drivers\MusCAudio.sys [2010-09-11 23608] S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys [] S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-04-10 15872] S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2012-07-09 44032] S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 35328] S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-20 134016] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-20 39936] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-08-11 55184] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 390504] R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-20 21504] R2 dlbc_device;dlbc_device; C:\Windows\system32\dlbccoms.exe [2007-03-01 538096] R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-20 21504] R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-19 65536] R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168] R2 IJPLMSVC;Inkjet Printer/Scanner Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2008-01-22 103808] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-08-23 79136] R2 N360;Norton Business Suite; C:\Program Files\Norton Business Suite\Engine\5.2.2.3\ccSvcHst.exe [2011-04-16 130008] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-12-04 203296] R2 QPCapSvc;QuickPlay Background Capture Service (QBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2007-12-19 271760] R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-20 21504] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024] R2 sprtsvc_ddoctorv2;SupportSoft Sprocket Service (ddoctorv2); C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe [2008-04-24 202560] R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-20 21504] R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560] R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-09-09 821648] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-03 135664] S2 QPSched;QuickPlay Task Scheduler (QTS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2007-12-19 112016] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-26 250288] S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-03-05 110592] S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2010-04-16 246520] S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-03 135664] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2009-02-19 3220856] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S4 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2009-02-19 238968] -----------------EOF----------------- Thanks for your help so far.
  10. Still have snap.do on both browsers. ComboFix 12-09-30.03 - Collin 10/01/2012 18:17:06.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3006.1739 [GMT -7:00] Running from: c:\users\Collin\Desktop\ComboFix.exe Command switches used :: c:\users\Collin\Desktop\CFScript.txt AV: Norton Business Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Business Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Business Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\system32\conduitEngine.tmp" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf c:\windows\system32\conduitEngine.tmp c:\windows\system32\drivers\etc\hosts.ics c:\windows\system32\FlashPlayerInstaller.exe c:\windows\system32\KBL.LOG c:\windows\system32\muzapp.exe . . ((((((((((((((((((((((((( Files Created from 2012-09-02 to 2012-10-02 ))))))))))))))))))))))))))))))) . . 2012-10-02 01:35 . 2012-10-02 01:41 -------- d-----w- c:\users\Collin\AppData\Local\temp 2012-10-02 01:35 . 2012-10-02 01:35 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-10-02 00:51 . 2012-10-02 00:51 -------- d-----w- c:\users\Collin\AppData\Local\Avg2013 2012-10-01 16:12 . 2012-10-01 16:12 -------- d-----w- c:\program files\ERUNT 2012-09-27 19:57 . 2012-09-27 19:57 -------- d-----w- c:\program files\Common Files\Bitdefender 2012-09-27 15:14 . 2012-09-27 15:14 -------- d-----w- c:\users\Collin\AppData\Roaming\TuneUp Software 2012-09-27 15:01 . 2012-10-02 00:53 -------- d-----w- c:\programdata\MFAData 2012-09-27 15:01 . 2012-09-27 15:01 -------- d--h--w- c:\programdata\Common Files 2012-09-27 15:01 . 2012-09-27 15:01 -------- d-----w- c:\users\Collin\AppData\Local\MFAData 2012-09-27 14:49 . 2012-09-27 14:49 -------- d-----w- c:\users\Collin\AppData\Roaming\Simply Super Software 2012-09-27 14:49 . 2003-02-03 03:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll 2012-09-27 14:49 . 2002-03-06 08:00 75264 ----a-w- c:\windows\system32\unacev2.dll 2012-09-27 14:49 . 2012-09-27 14:49 -------- d-----w- c:\program files\Trojan Remover 2012-09-27 14:49 . 2012-09-27 14:49 -------- d-----w- c:\programdata\Simply Super Software 2012-09-27 03:23 . 2012-08-21 20:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-09-27 03:17 . 2012-09-27 03:17 -------- d-----w- c:\program files\iPod 2012-09-27 03:16 . 2012-09-27 03:23 -------- d-----w- c:\program files\iTunes 2012-09-27 03:12 . 2012-09-27 03:12 -------- d-----w- c:\program files\Apple Software Update 2012-09-26 16:30 . 2012-09-26 16:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware(362) 2012-09-25 17:31 . 2012-09-25 17:32 -------- d-----w- c:\program files\doubleTwist 2.0 2012-09-25 17:04 . 2012-09-25 17:04 -------- d-----w- c:\users\Collin\AppData\Local\AirParrot 2012-09-25 16:56 . 2012-10-01 16:05 -------- d-----w- c:\users\Collin\AppData\Roaming\BitTorrent 2012-09-23 00:38 . 2012-09-26 20:45 -------- d-----w- c:\program files\MediaMall 2012-09-23 00:36 . 2012-09-26 20:45 -------- d-----w- c:\programdata\MediaMall 2012-09-19 20:45 . 2012-09-27 03:23 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1 2012-09-18 18:52 . 2012-09-18 18:52 -------- d-----w- c:\users\Default\AppData\Local\Google 2012-09-05 16:48 . 2012-09-05 16:49 -------- d-s---w- c:\users\Collin\Google Drive 2012-09-04 23:02 . 2011-03-02 11:43 175616 ----a-w- c:\windows\system32\unrar.dll 2012-09-04 23:02 . 2012-09-04 23:03 -------- d-----w- c:\program files\K-Lite Codec Pack 2012-09-04 22:58 . 2012-09-04 22:58 -------- d-----w- C:\Upload 2012-09-04 22:53 . 2012-09-10 14:30 -------- d-----w- C:\AllShare Play . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-27 02:37 . 2012-04-03 14:53 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-09-27 02:37 . 2011-11-16 21:19 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-24 06:51 . 2012-09-27 10:02 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 06:47 . 2012-09-27 10:02 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-08-21 20:01 . 2010-11-02 22:38 106928 ----a-w- c:\windows\system32\GEARAspi.dll 2012-07-09 20:42 . 2012-07-09 20:42 4547984 ----a-w- c:\windows\system32\usbaaplrc.dll 2012-07-09 20:42 . 2012-07-09 20:42 44032 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2012-07-06 05:06 . 2012-08-16 14:57 772544 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-07-06 05:06 . 2011-12-26 17:58 687544 ----a-w- c:\windows\system32\deployJava1.dll 2012-07-04 14:02 . 2012-08-16 10:20 2047488 ----a-w- c:\windows\system32\win32k.sys 2007-11-09 23:10 . 2007-11-09 23:10 30288 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll 2007-11-09 23:10 . 2007-11-09 23:10 79440 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll 2007-11-09 23:10 . 2007-11-09 23:10 75344 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll 2007-11-09 23:10 . 2007-11-09 23:10 140880 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll 2007-11-09 23:10 . 2007-11-09 23:10 42576 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll 2007-11-09 23:10 . 2007-11-09 23:10 50768 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll 2007-11-09 23:10 . 2007-11-09 23:10 34384 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll 2007-11-09 23:11 . 2007-11-09 23:11 685648 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll 2007-11-09 23:11 . 2007-11-09 23:11 30288 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll 2007-08-25 02:52 . 2008-04-18 03:18 300400 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2012-09-06 22:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2012-09-06 22:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2012-09-06 22:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2012-09-06 22:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560] "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776] "TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2012-09-14 1247504] "bdinstaller"="c:\program files\Common Files\Bitdefender\SetupInformation\downloader\setuplauncher.exe" [2012-07-25 676128] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk backup=c:\windows\pss\Bluetooth.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^Collin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=c:\users\Collin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2] 2008-04-24 20:25 202560 ----a-w- c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-05-08 23:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon] 2007-08-22 23:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay] 2007-09-04 20:54 554320 ----a-w- c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl] 2007-09-19 21:31 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService] 2007-12-20 02:27 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-08-24 00:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2012-10-02 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 02:37] . 2012-10-01 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-09 00:42] . 2012-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 06:30] . 2012-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 06:30] . 2012-10-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3750453361-2573893903-1094557867-1000Core.job - c:\users\Collin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-29 01:15] . 2012-10-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3750453361-2573893903-1094557867-1000UA.job - c:\users\Collin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-29 01:15] . 2012-09-18 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Collin.job - c:\program files\Norton Business Suite\Engine\5.2.2.3\navw32.exe [2012-07-16 00:01] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = <local>;192.168.*.*;*.local uInternet Settings,ProxyServer = http=127.0.0.1:51210 TCP: DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36 DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxp://lazboy3d.icovia.com/PLANNER/Core/Player/2020PlayerAX_WEB_Win32.cab . - - - - ORPHANS REMOVED - - - - . WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file) WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file) WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) HKLM-Run-ROC_ROC_NT - c:\program files\AVG Secure Search\ROC_ROC_NT.exe MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe MSConfigStartUp-BitTorrent DNA - c:\users\Collin\Program Files\DNA\btdna.exe MSConfigStartUp-Desktop Software - c:\program files\Common Files\SupportSoft\bin\bcont.exe MSConfigStartUp-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe AddRemove-Navizon - c:\windows\system32\javaws.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-10-01 18:41 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360] "ImagePath"="\"c:\program files\Norton Business Suite\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Business Suite\Engine\5.2.2.3\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(4496) c:\windows\System32\netshell.dll c:\windows\system32\btncopy.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvvsvc.exe c:\windows\system32\rundll32.exe c:\program files\Google\Update\1.3.21.123\GoogleCrashHandler.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\dlbccoms.exe c:\program files\Canon\IJPLM\IJPLMSVC.EXE c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Norton Business Suite\Engine\5.2.2.3\ccSvcHst.exe c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe c:\program files\Norton Business Suite\Engine\5.2.2.3\ccSvcHst.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe c:\windows\system32\DRIVERS\xaudio.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe c:\windows\system32\DllHost.exe c:\windows\System32\rundll32.exe c:\program files\Hewlett-Packard\Shared\HpqToaster.exe c:\windows\ehome\ehmsas.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Completion time: 2012-10-01 18:50:52 - machine was rebooted ComboFix-quarantined-files.txt 2012-10-02 01:50 . Pre-Run: 19,373,211,648 bytes free Post-Run: 24,390,918,144 bytes free . - - End Of File - - 7BF099995E28628099E50B65F74E90CA
  11. That should be everything. I hope it works.
  12. # AdwCleaner v2.003 - Logfile created 10/01/2012 at 09:24:33 # Updated 23/09/2012 by Xplode # Operating system : Windows Vista Home Premium Service Pack 2 (32 bits) # User : Collin - COLIN # Boot Mode : Normal # Running from : C:\Users\Collin\Downloads\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** File Found : C:\Windows\system32\conduitEngine.tmp Folder Found : C:\Program Files\AVG Secure Search Folder Found : C:\Program Files\Common Files\AVG Secure Search Folder Found : C:\ProgramData\AVG Secure Search Folder Found : C:\ProgramData\Tarma Installer Folder Found : C:\Users\Collin\AppData\Local\AVG Secure Search Folder Found : C:\Users\Collin\AppData\Local\Conduit Folder Found : C:\Users\Collin\AppData\LocalLow\AVG Secure Search Folder Found : C:\Users\Collin\AppData\LocalLow\Conduit Folder Found : C:\Users\Collin\AppData\LocalLow\PriceGong Folder Found : C:\Users\Collin\AppData\Roaming\OpenCandy ***** [Registry] ***** Key Found : HKCU\Software\AppDataLow\Software\PriceGong Key Found : HKCU\Software\AVG Secure Search Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\QueryExplorer Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Found : HKCU\Software\Zugo Key Found : HKLM\Software\AVG Secure Search Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1 Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1 Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1 Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1 Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F} Key Found : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17} Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC} Key Found : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F} Key Found : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A} Key Found : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82} Key Found : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119} Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778} Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC} Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol Key Found : HKLM\SOFTWARE\Classes\S Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2790392 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E} Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Key Found : HKLM\Software\Conduit Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Key Found : HKLM\Software\Tarma Installer Key Found : HKLM\Software\Viewpoint Key Found : HKU\S-1-5-21-3750453361-2573893903-1094557867-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKU\S-1-5-21-3750453361-2573893903-1094557867-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Google Chrome v22.0.1229.79 File : C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Preferences Found [l.20] : urls_to_restore_on_startup = [ "hxxp://www.yahoo.com/", "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=US&userid=1d81189f-0100-4239-8926-ef6b0d69bd12&searchtype=hp" ] Found [l.1960] : urls_to_restore_on_startup = [ "hxxp://www.yahoo.com/", "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=US&userid=1d81189f-0100-4239-8926-ef6b0d69bd12&searchtype=hp" ] ************************* AdwCleaner[R1].txt - [7598 octets] - [01/10/2012 09:24:33] ########## EOF - C:\AdwCleaner[R1].txt - [7658 octets] ##########
  13. In the process of doing things. Here is the first report. More to follow. RogueKiller V8.1.0 [09/28/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Normal mode User : Collin [Admin rights] Mode : Scan -- Date : 10/01/2012 09:21:28 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 7 ¤¤¤ [TASK][sUSP PATH] Norton Internet Security - Run Full System Scan - Collin : c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe /TASK:"C:\ProgramData\Symantec\Norton AntiVirus\Tasks\mycomp.sca" -> FOUND [TASK][sUSP PATH] {1A280D28-4BEC-464B-9E93-A92EE80FF733} : C:\Windows\System32\pcalua.exe -a C:\Users\Collin\Desktop\ICT\Adam\SETUP.EXE -d C:\Users\Collin\Desktop\ICT\Adam -> FOUND [TASK][sUSP PATH] {9564FA9F-3211-4AC9-9248-123F8B5375D6} : C:\Windows\System32\pcalua.exe -a C:\Users\Collin\Desktop\yahoo_firefox_setup-3.0.exe -d C:\Users\Collin\Desktop -> FOUND [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:51210) -> FOUND [HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ SSDT[13] : NtAlertResumeThread @ 0x822D65C3 -> HOOKED (Unknown @ 0x8782D078) SSDT[14] : NtAlertThread @ 0x8224F255 -> HOOKED (Unknown @ 0x8782D158) SSDT[18] : NtAllocateVirtualMemory @ 0x8228B4FB -> HOOKED (Unknown @ 0x8801DCA0) SSDT[21] : NtAlpcConnectPort @ 0x8222D887 -> HOOKED (Unknown @ 0x87E221A8) SSDT[42] : NtAssignProcessToJobObject @ 0x82200B43 -> HOOKED (Unknown @ 0x885AED60) SSDT[67] : NtCreateMutant @ 0x82263812 -> HOOKED (Unknown @ 0x87EF5D78) SSDT[77] : NtCreateSymbolicLinkObject @ 0x8220335A -> HOOKED (Unknown @ 0x885AEA80) SSDT[78] : NtCreateThread @ 0x822D4BE0 -> HOOKED (Unknown @ 0x88588EF0) SSDT[116] : NtDebugActiveProcess @ 0x822A7D22 -> HOOKED (Unknown @ 0x885AEE40) SSDT[129] : NtDuplicateObject @ 0x8223B551 -> HOOKED (Unknown @ 0x8801DE70) SSDT[147] : NtFreeVirtualMemory @ 0x820C7F1D -> HOOKED (Unknown @ 0x88612E70) SSDT[156] : NtImpersonateAnonymousToken @ 0x821FDF12 -> HOOKED (Unknown @ 0x87EF5E68) SSDT[158] : NtImpersonateThread @ 0x8221354F -> HOOKED (Unknown @ 0x87EF5F48) SSDT[165] : NtLoadDriver @ 0x821AEDEE -> HOOKED (Unknown @ 0x87E22130) SSDT[177] : NtMapViewOfSection @ 0x8225389A -> HOOKED (Unknown @ 0x88612D70) SSDT[184] : NtOpenEvent @ 0x8223CDCF -> HOOKED (Unknown @ 0x87EF5C98) SSDT[195] : NtOpenProcessToken @ 0x82244A2E -> HOOKED (Unknown @ 0x8801DD90) SSDT[197] : NtOpenSection @ 0x8225466D -> HOOKED (Unknown @ 0x87EF5AD8) SSDT[201] : NtOpenThread @ 0x8225F4FF -> HOOKED (Unknown @ 0x8801DF60) SSDT[210] : NtProtectVirtualMemory @ 0x8225D2E2 -> HOOKED (Unknown @ 0x885AEC70) SSDT[282] : NtResumeThread @ 0x8225EB4A -> HOOKED (Unknown @ 0x8782D238) SSDT[289] : NtSetContextThread @ 0x822D606F -> HOOKED (Unknown @ 0x8782D4D8) SSDT[305] : NtSetInformationProcess @ 0x822578C8 -> HOOKED (Unknown @ 0x88612BA0) SSDT[317] : NtSetSystemInformation @ 0x82229EEB -> HOOKED (Unknown @ 0x87EF5990) SSDT[348] : NtUnmapViewOfSection @ 0x82253B5D -> HOOKED (Unknown @ 0x88612C90) SSDT[382] : NtCreateThreadEx @ 0x8225EFE9 -> HOOKED (Unknown @ 0x885AEB70) S_SSDT[317] : Unknown -> HOOKED (Unknown @ 0x88720470) S_SSDT[442] : Unknown -> HOOKED (Unknown @ 0x88724630) S_SSDT[479] : Unknown -> HOOKED (Unknown @ 0x8873A448) S_SSDT[497] : Unknown -> HOOKED (Unknown @ 0x8879CDB0) S_SSDT[498] : Unknown -> HOOKED (Unknown @ 0x8879CCE0) S_SSDT[576] : Unknown -> HOOKED (Unknown @ 0x887D1E50) ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST9160821AS ATA Device +++++ --- User --- [MBR] 2891c0ca6a498f154dcd482626aaddf1 [bSP] a31f3e460ba6638c43a7da304906475e : HP tatooed MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 140576 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 287900865 | Size: 12048 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
  14. Hey, I have recently been infected with this Snap.do search on my browsers (Chrome and IE). I have researched and decided to uninstall. I then "removed" from Chrome search options. But unfortunately it still exists on both browsers. I then came across your forum. I have downloaded the free software and done a scan. It still exists. I then downloaded as asked the dds.com file and ran it without internet. So here I am. Please help. Colin DDS.txt Attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.