Jump to content

dollysdad

Members
  • Posts

    20
  • Joined

  • Last visited

Everything posted by dollysdad

  1. Ran Delfix. Will do a defrag today. All seems to be running well. Thanks for the links--I'm hoping the defrag will help programs open quicker. A donation is on the way too. Thanks for your help.
  2. Adam, I will keep this page bookmarked in case I need to go back to MBAM Clean again. Updated the Adobe programs. Surprised that Java was out-of-date. I thought I had it on auto-update, and will monitor more closely from here on. Firefox auto-updated and was on latest version. Windows Updates were up-to-date. Java is now disabled in browser. The PC started up without any trouble today--and no error msg on MBAM. Both MBAM and Norton 360 were operating from the bootup. Only thing unusual is that it sometimes takes a pretty long time for programs to open once double-clicked. Otherwise ok. Results of screen317's Security Check version 0.99.89 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! Norton 360 WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Java 8 Update 25 Java version out of Date! Adobe Flash Player 15.0.0.189 Adobe Reader 10.1.12 Adobe Reader out of Date! Mozilla Firefox (33.0.3) Mozilla Thunderbird (31.2.0) Google Chrome 38.0.2125.104 Google Chrome 38.0.2125.111 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 3 % Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log``````````````````````
  3. I will run through the above early Friday am and post the results. This evening I returned to the PC to find a Windows error message that "a problem caused MBAM to stop working correctly", but a right-click on the MBAM icon in the task-tray opened MBAM up only to find it running a scan. I can't tell the order of occurence--if the scan started before I right-clicked or if the error message popped up before or after the scan started.
  4. Adam, All ran well...The shutdown process after running AdwCleaner got hung up, and I had to do a hard shutdown. MBAM found nothing (log copied in below) No threats found by ESET Online Scan, so no log to include here. All else looks OK. # AdwCleaner v3.311 - Report created 06/11/2014 at 14:12:27 # Updated 30/09/2014 by Xplode # Operating System : Windows Vista Home Premium Service Pack 2 (32 bits) # Username : Donna and Larry - DONNAANDLARR-PC # Running from : C:\Users\Donna and Larry\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\Ask ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13086CD4-88B6-45E3-9182-3BC2664199F7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1FCD7139-C2A3-49AD-8B9E-E82E48AE5DF6} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{319FCB76-1568-4EFA-863B-B03A2B16EB5C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4796719D-2B92-47BC-920B-77BCDBDBCB6A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64A66B25-A70F-4373-95EF-3A1DB6040B3A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FC5F7E0-D65A-465C-B8EE-A5F8E008D6DF} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{731D436C-464C-4F29-BFB2-DE9C458535AE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7C89C8A6-991C-4626-9E26-B12EB4D89C04} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEF00686-CAB8-4885-9CCB-78FF483041AA} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDA55C78-736E-4E8A-996C-4A80FC0396FB} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0} ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16584 -\\ Mozilla Firefox v33.0.2 (x86 en-US) [ File : C:\Users\Donna and Larry\AppData\Roaming\Mozilla\Firefox\Profiles\6nuwpdbv.default\prefs.js ] -\\ Google Chrome v38.0.2125.111 [ File : C:\Users\Donna and Larry\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms} Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms} ************************* AdwCleaner[R0].txt - [2119 octets] - [06/11/2014 14:08:21] AdwCleaner[s0].txt - [2214 octets] - [06/11/2014 14:12:27] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2274 octets] ########## Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11/6/2014 Scan Time: 4:10:58 PM Logfile: Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.11.06.09 Rootkit Database: v2014.11.01.02 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows Vista Service Pack 2 CPU: x86 File System: NTFS User: Donna and Larry Scan Type: Threat Scan Result: Completed Objects Scanned: 342371 Time Elapsed: 14 min, 50 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
  5. TDSSKiller.txt is attached. It's too long to post... TDSSKiller.3.0.0.41_06.11.2014_08.37.33_log.txt
  6. Adam--Thanks for your quick reply. Good to hear that it's likely not an infection. My name is Larry. I have followed all your directions and will post the logs here...Needed two posts to do so. After following steps 1 through 4--all looks good. MBAM is back and enabled and it's in the task tray after startup. Only one minor hiccup in the MBAM Clean process...when running mbam-clean.exe, I got a popup about a file missing--qtaccessiblewidgets4.dll. I clicked "yes" to the question "do you want to create it". Otherwise, it appeared to run without any problems. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 04-11-2014 Ran by Donna and Larry at 2014-11-06 08:28:02 Run:1 Running from C:\Users\Donna and Larry\Desktop Loaded Profile: Donna and Larry (Available profiles: Donna and Larry & UpdatusUser) Boot Mode: Normal ============================================== Content of fixlist: ***************** start HKU\S-1-5-21-4136010648-1277825472-1809701594-1000\...\MountPoints2: {93fe0c44-324c-11e1-bf87-806e6f6e6963} - D:\Launch.exe SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://websearch.ask...31-169C132842E5 FF SearchEngineOrder.1: Ask.com FF Homepage: www.yahoo.com FF SearchPlugin: C:\Users\Donna and Larry\AppData\Roaming\Mozilla\Firefox\Profiles\6nuwpdbv.default\searchplugins\askcom.xml FF SearchPlugin: C:\Users\Donna and Larry\AppData\Roaming\Mozilla\Firefox\Profiles\6nuwpdbv.default\searchplugins\safesearch.xml CustomCLSID: HKU\S-1-5-21-4136010648-1277825472-1809701594-1000_Classes\CLSID\{1AC77AE9-9EC6-405A-9F9B-C06AB3C10B71}\InprocServer32 -> C:\Program Files\Microsoft Research\Image Composite Editor\ShellExtension.dll No File CMD: ipconfig /flushdns CMD: netsh winsock reset all CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset EmptyTemp: end ***************** "HKU\S-1-5-21-4136010648-1277825472-1809701594-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93fe0c44-324c-11e1-bf87-806e6f6e6963}" => Key deleted successfully. "HKCR\CLSID\{93fe0c44-324c-11e1-bf87-806e6f6e6963}" => Key not found. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}" => Key deleted successfully. "HKCR\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}" => Key not found. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BE1C6795-018A-473F-90E7-345F7315B9B3}" => Key deleted successfully. "HKCR\CLSID\{BE1C6795-018A-473F-90E7-345F7315B9B3}" => Key not found. Firefox SearchEngineOrder.1 deleted successfully. Firefox homepage deleted successfully. C:\Users\Donna and Larry\AppData\Roaming\Mozilla\Firefox\Profiles\6nuwpdbv.default\searchplugins\askcom.xml => Moved successfully. C:\Users\Donna and Larry\AppData\Roaming\Mozilla\Firefox\Profiles\6nuwpdbv.default\searchplugins\safesearch.xml => Moved successfully. "HKU\S-1-5-21-4136010648-1277825472-1809701594-1000_Classes\CLSID\{1AC77AE9-9EC6-405A-9F9B-C06AB3C10B71}" => Key deleted successfully. ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= netsh winsock reset all ========= Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: ========= ========= netsh int ipv4 reset ========= Reseting Echo Request, OK! Reseting Global, OK! Reseting Interface, OK! A reboot is required to complete this action. ========= End of CMD: ========= ========= netsh int ipv6 reset ========= Reseting Echo Request, OK! A reboot is required to complete this action. ========= End of CMD: ========= EmptyTemp: => Removed 429 MB temporary data. The system needed a reboot. ==== End of Fixlog ====
  7. Running MBAM Premium (2.0.3.125) on Windows Vista. For at least the last 2 days on first bootup, I've gotten an error message that the MBAM rootkit scanner was not able to load. I've rebooted and MBAM runs (finding no risks), but the screen is then blank (dark) and I have to reboot again. I had to disable Norton 360 AV to download and run FRST. I'd like to confirm if there is or is not any infection. Thanks. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-11-2014 Ran by Donna and Larry (administrator) on DONNAANDLARR-PC on 05-11-2014 11:17:06 Running from C:\Users\Donna and Larry\Desktop Loaded Profiles: Donna and Larry & (Available profiles: Donna and Larry & UpdatusUser) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States) Internet Explorer Version 9 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Seagate LLC) C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Seagate Technology LLC) C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Symantec Corporation) C:\Program Files\Norton 360\Engine\21.6.0.32\n360.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Symantec Corporation) C:\Program Files\Norton 360\Engine\21.6.0.32\n360.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation) HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [221184 2006-11-05] (Sonic Solutions) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.) HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4907008 2008-01-17] (Realtek Semiconductor) HKLM\...\Run: [MaxMenuMgr] => C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [185640 2009-09-25] (Seagate LLC) HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-4136010648-1277825472-1809701594-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries) HKU\S-1-5-21-4136010648-1277825472-1809701594-1000\...\MountPoints2: {93fe0c44-324c-11e1-bf87-806e6f6e6963} - D:\Launch.exe HKU\S-1-5-21-4136010648-1277825472-1809701594-1001\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AtHomeConnect.lnk ShortcutTarget: AtHomeConnect.lnk -> C:\Program Files\AtHomeConnect\AtHomeConnect.exe (No File) Startup: C:\Users\Donna and Larry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP ENVY 4500 series.lnk ShortcutTarget: Monitor Ink Alerts - HP ENVY 4500 series.lnk -> C:\Program Files\HP\HP ENVY 4500 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton 360\Engine\21.6.0.32\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton 360\Engine\21.6.0.32\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton 360\Engine\21.6.0.32\buShell.dll (Symantec Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3DECD8E4D413CF01 SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=US&ver=5 SearchScopes: HKCU - {BE1C6795-018A-473F-90E7-345F7315B9B3} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=245FE547-0B22-4CD2-A20B-9D500F1D7B55&apn_sauid=E587A144-3C8C-4C01-BE31-169C132842E5 BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation) BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12 FireFox: ======== FF ProfilePath: C:\Users\Donna and Larry\AppData\Roaming\Mozilla\Firefox\Profiles\6nuwpdbv.default FF SearchEngineOrder.1: Ask.com FF SelectedSearchEngine: Google FF Homepage: www.yahoo.com FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Donna and Larry\AppData\Roaming\Mozilla\Firefox\Profiles\6nuwpdbv.default\searchplugins\askcom.xml FF SearchPlugin: C:\Users\Donna and Larry\AppData\Roaming\Mozilla\Firefox\Profiles\6nuwpdbv.default\searchplugins\safesearch.xml FF Extension: Garmin Communicator - C:\Users\Donna and Larry\AppData\Roaming\Mozilla\Firefox\Profiles\6nuwpdbv.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-06-10] FF Extension: NoScript - C:\Users\Donna and Larry\AppData\Roaming\Mozilla\Firefox\Profiles\6nuwpdbv.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-12-30] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-10-31] FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-11-05] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-12-29] Chrome: ======= CHR Profile: C:\Users\Donna and Larry\AppData\Local\Google\Chrome\User Data\Default CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-04] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation) R2 FreeAgentGoNext Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [189736 2009-09-25] (Seagate Technology LLC) R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries) S3 IDriverT; C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) R2 N360; C:\Program Files\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation) S3 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2006-11-05] (Sonic Solutions) [File not signed] S2 RoxWatch9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744 2006-11-05] (Sonic Solutions) [File not signed] S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 BHDrvx86; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20141030.001\BHDrvx86.sys [1138392 2014-10-03] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360\1506000.020\ccSetx86.sys [127064 2013-09-25] (Symantec Corporation) R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-09-26] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-09-09] (Symantec Corporation) R1 IDSVix86; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20141104.001\IDSvix86.sys [476888 2014-09-01] (Symantec Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-05] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation) R3 NAVENG; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20141104.035\NAVENG.SYS [95704 2014-10-23] (Symantec Corporation) R3 NAVEX15; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20141104.035\NAVEX15.SYS [1636696 2014-10-23] (Symantec Corporation) R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed] R1 SMR430; C:\Windows\System32\drivers\SMR430.SYS [104120 2014-11-05] (Symantec Corporation) R3 SRTSP; C:\Windows\System32\Drivers\N360\1506000.020\SRTSP.SYS [664792 2014-08-25] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360\1506000.020\SRTSPX.SYS [32984 2014-08-25] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\N360\1506000.020\SYMDS.SYS [367704 2013-09-09] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\N360\1506000.020\SYMEFA.SYS [936152 2014-03-03] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2013-11-17] (Symantec Corporation) R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [63576 2013-09-09] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360\1506000.020\Ironx86.SYS [209624 2014-08-06] (Symantec Corporation) R1 SYMTDIv; C:\Windows\System32\Drivers\N360\1506000.020\SYMTDIV.SYS [384728 2014-02-17] (Symantec Corporation) S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed] S3 USB_RNDIS; C:\Windows\System32\DRIVERS\usb8023.sys [15872 2013-02-11] (Microsoft Corporation) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 yeddef; System32\Drivers\yeddef.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-05 11:17 - 2014-11-05 11:17 - 00017994 _____ () C:\Users\Donna and Larry\Desktop\FRST.txt 2014-11-05 11:16 - 2014-11-05 11:17 - 00000000 ____D () C:\FRST 2014-11-05 11:15 - 2014-11-05 11:15 - 01106432 _____ (Farbar) C:\Users\Donna and Larry\Desktop\FRST.exe 2014-11-05 09:59 - 2014-11-05 10:59 - 00104120 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR430.SYS 2014-11-05 09:59 - 2014-11-05 10:59 - 00000020 _____ () C:\Windows\system32\Drivers\SMR430.dat 2014-11-04 08:22 - 2014-11-04 08:22 - 00000000 ____D () C:\NPE 2014-11-04 08:18 - 2014-11-05 10:59 - 00000000 ____D () C:\Users\Donna and Larry\AppData\Local\NPE 2014-11-04 08:15 - 2014-11-04 08:16 - 03060320 ____N (Symantec Corporation) C:\Users\Donna and Larry\Downloads\NPE.exe 2014-10-31 09:47 - 2014-10-31 09:47 - 00444293 _____ () C:\Users\Donna and Larry\Downloads\Rev_136_Miles_From_Larry_s_House(1).tcx 2014-10-31 09:47 - 2014-10-31 09:47 - 00402362 _____ () C:\Users\Donna and Larry\Downloads\32_miles_from_Debbie_Drive.tcx 2014-10-31 08:14 - 2014-10-31 16:13 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-10-30 10:39 - 2014-10-30 10:39 - 00001726 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk 2014-10-30 10:39 - 2014-10-30 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2014-10-30 10:39 - 2014-10-30 10:39 - 00000000 ____D () C:\Program Files\QuickTime 2014-10-30 10:36 - 2014-10-30 10:36 - 00001664 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-10-30 10:36 - 2014-10-30 10:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-10-30 10:35 - 2014-10-30 10:36 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB 2014-10-30 10:35 - 2014-10-30 10:36 - 00000000 ____D () C:\Program Files\iTunes 2014-10-30 10:35 - 2014-10-30 10:35 - 00000000 ____D () C:\Program Files\iPod 2014-10-25 06:41 - 2014-10-25 06:41 - 00890630 _____ () C:\Users\Donna and Larry\Downloads\63SimsB.tcx 2014-10-24 10:27 - 2014-10-24 10:27 - 01301881 _____ () C:\Users\Donna and Larry\Downloads\Tour_de_Manure_Plus_-_80_miles.tcx 2014-10-24 07:49 - 2014-10-24 07:49 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-10-24 07:49 - 2014-10-24 07:48 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-10-24 07:48 - 2014-10-24 07:48 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-10-24 07:48 - 2014-10-24 07:48 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-10-24 07:48 - 2014-10-24 07:48 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-10-24 07:48 - 2014-10-24 07:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-10-16 05:08 - 2014-06-15 17:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-10-16 05:08 - 2014-06-13 13:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2014-10-16 05:08 - 2014-06-13 13:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2014-10-16 04:54 - 2014-09-27 18:29 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-10-16 04:27 - 2014-09-04 18:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys 2014-10-16 04:22 - 2014-09-16 11:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-10-15 17:17 - 2014-10-27 16:21 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2014-10-15 05:04 - 2014-09-19 17:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-10-15 05:04 - 2014-09-19 17:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-10-15 05:04 - 2014-09-19 17:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-10-15 05:04 - 2014-09-19 17:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-10-15 05:04 - 2014-09-19 17:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-10-15 05:04 - 2014-09-19 17:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-10-15 05:04 - 2014-09-19 17:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-10-15 05:04 - 2014-09-19 17:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-10-15 05:04 - 2014-09-19 17:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-10-15 05:04 - 2014-09-19 17:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-10-15 05:04 - 2014-09-19 17:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-10-15 05:04 - 2014-09-19 17:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-10-15 05:04 - 2014-09-19 17:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-10-15 05:04 - 2014-09-19 17:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-10-15 05:04 - 2014-09-19 17:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-10-15 05:04 - 2014-09-19 17:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-10-15 05:04 - 2014-09-19 17:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-10-15 05:04 - 2014-09-19 17:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-10-15 05:04 - 2014-09-19 17:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-10-15 05:04 - 2014-09-19 17:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-10-15 05:04 - 2014-09-19 17:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-10-11 09:50 - 2014-10-11 09:50 - 00011052 _____ () C:\Users\Donna and Larry\Documents\Copy of contact_list (Ben Canary Island 2014).xlsx ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-05 11:17 - 2012-04-21 10:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-05 10:37 - 2012-01-12 13:04 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-05 09:59 - 2006-11-02 07:52 - 01059629 _____ () C:\Windows\WindowsUpdate.log 2014-11-05 09:55 - 2014-05-17 08:19 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-05 09:55 - 2012-01-12 13:04 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-05 09:55 - 2011-12-29 12:21 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-11-05 09:55 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-05 09:55 - 2006-11-02 07:47 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-05 09:55 - 2006-11-02 07:47 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-05 09:54 - 2006-11-02 08:01 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-11-04 10:20 - 2014-01-30 13:59 - 00000000 ____D () C:\Users\Donna and Larry\AppData\Roaming\HpUpdate 2014-11-04 08:18 - 2011-12-29 11:00 - 00000000 ____D () C:\ProgramData\Norton 2014-11-04 06:06 - 2006-11-02 05:33 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-01 07:44 - 2012-03-10 14:01 - 00000000 ____D () C:\ProgramData\pdf995 2014-11-01 06:21 - 2012-04-27 11:04 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-10-30 10:35 - 2014-09-16 08:54 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-10-30 10:35 - 2011-12-30 16:43 - 00000000 ____D () C:\Program Files\Common Files\Apple 2014-10-30 06:53 - 2011-12-29 13:46 - 00230150 _____ () C:\Windows\PFRO.log 2014-10-28 17:24 - 2014-04-21 22:01 - 00000000 ____D () C:\Users\Donna and Larry\Documents\Jeff Starr Photos 2014 2014-10-28 12:46 - 2012-01-12 13:05 - 00001971 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-10-24 07:54 - 2013-11-17 16:53 - 00000000 ____D () C:\ProgramData\Oracle 2014-10-24 07:48 - 2011-12-29 18:01 - 00000000 ____D () C:\Program Files\Java 2014-10-24 07:31 - 2014-05-17 08:17 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-10-24 07:31 - 2014-05-17 08:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-10-24 07:31 - 2014-05-17 08:16 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-10-16 17:50 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-10-16 17:21 - 2006-11-02 07:47 - 00314744 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-16 05:07 - 2011-12-29 13:38 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-10-16 04:45 - 2013-08-15 05:18 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-16 04:28 - 2006-11-02 05:24 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-10-06 12:51 - 2014-03-23 10:31 - 00000000 ____D () C:\Users\Donna and Larry\AppData\Local\CrashDumps ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-05 10:04 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-11-2014 Ran by Donna and Larry at 2014-11-05 11:18:09 Running from C:\Users\Donna and Larry\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton 360 (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466} FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 32 bit Windows Card Reader Driver (HKLM\...\{CE6DEE87-1C87-42ED-A108-7369BFE9076F}) (Version: 1.1.0.0 - TEAC) Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Reader X (10.1.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.7.637 - Adobe Systems, Inc.) ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) AtHomeConnect version 1.0.1.0 (HKLM\...\{631EFC00-5A7A-4A90-9578-039EDA92DE0F}_is1) (Version: 1.0.1.0 - HRBlock) Bing Bar (HKLM\...\{449CE12D-E2C7-4B97-B19E-55D163EA9435}) (Version: 7.0.619.0 - Microsoft Corporation) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden Dell Driver Download Manager (HKCU\...\bd4d3a0508d364f5) (Version: 3.0.0.0 - Dell Inc) Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.10.0000 - Dell Inc.) Elevated Installer (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - ) Garmin City Navigator North America NT 2015.10 (HKLM\...\{FCDB42FC-A70B-4041-877F-D73E16DE4345}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries) Garmin City Navigator NorthAmerica NT 2013.30 Update (HKLM\...\{45C4E2EC-53D5-4190-B1A5-02B9BA732C3A}) (Version: 16.30.0.0 - Garmin Ltd or its subsidiaries) Garmin Communicator Plugin (HKLM\...\{032A13FF-D26D-4844-9597-7EF698627985}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries) Garmin Express (HKLM\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Garmin Express (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden Garmin MapInstall (HKLM\...\{F0D44E64-51EE-4888-A1FD-F13108B75A43}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries) Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries) Garmin WebUpdater (HKLM\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries) Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.) Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden H&R Block Connecticut 2011 (HKLM\...\{732B5CC4-72BB-4D98-8F91-FA7FE6B920D6}) (Version: 1.11.3301 - HRB Technology, LLC.) H&R Block Connecticut 2012 (HKLM\...\{764E1CA6-6C7E-43E9-85B9-4F65F49A7598}) (Version: 1.12.4001 - HRB Technology, LLC.) H&R Block Connecticut 2013 (HKLM\...\{064D37C8-9C82-492F-B667-063015BE4398}) (Version: 1.13.4201 - HRB Technology, LLC.) H&R Block Deluxe + Efile + State 2011 (HKLM\...\{C6006AED-E5A7-4F77-BAD5-95AC43DE04F3}) (Version: 11.05.7102 - HRB Technology, LLC.) H&R Block Deluxe + Efile + State 2012 (HKLM\...\{89D20029-0578-4D8D-979A-695C8D868868}) (Version: 12.05.7803 - HRB Technology, LLC.) H&R Block Deluxe + Efile + State 2013 (HKLM\...\{EDE796DE-0A72-464D-9D21-F04BC41A092B}) (Version: 13.05.6502 - HRB Technology, LLC.) HP ENVY 4500 series Basic Device Software (HKLM\...\{790305ED-B75A-44E7-9B68-D5D737CCA03B}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.) HP ENVY 4500 series Help (HKLM\...\{95BECC50-22B4-4FCA-8A2E-BF77713E6D3A}) (Version: 30.0.0 - Hewlett Packard) HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard) HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) Intel® PRO Network Connections 12.1.11.0 (HKLM\...\PROSetDX) (Version: - Intel) iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.) Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle) Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Image Composite Editor (HKLM\...\{3D599ADA-65D9-4B51-898F-CE718DEC5DBB}) (Version: 1.4.4 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Modem Diagnostic Tool (HKLM\...\{F63A3748-B93D-4360-9AD4-B064481A5C7B}) (Version: 1.0.17.8 - Dell) Mozilla Firefox 33.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 33.0.2 (x86 en-US)) (Version: 33.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) Mozilla Thunderbird 31.2.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 31.2.0 (x86 en-US)) (Version: 31.2.0 - Mozilla) MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.44 - BVRP Software, Inc) Norton 360 (HKLM\...\N360) (Version: 21.6.0.32 - Symantec Corporation) NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation) NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation) NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation) Pdf995 (installed by H&R Block) (HKLM\...\Pdf995) (Version: - ) PdfEdit995 (installed by H&R Block) (HKLM\...\PdfEdit995) (Version: - ) Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.) QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - ) Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio) Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio) Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio) Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio) Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio) Roxio Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.0 - Roxio) Roxio Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio) Roxio MyDVD DE (HKLM\...\{D639085F-4B6E-4105-9F37-A0DBB023E2FB}) (Version: 9.0.117 - Roxio, Inc.) Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio) Seagate Manager Installer (HKLM\...\InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}) (Version: 2.01.0600 - Seagate) Seagate Manager Installer (Version: 2.01.0600 - Seagate) Hidden Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden System Requirements Lab for Intel (HKLM\...\{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}) (Version: 4.5.5.0 - Husdawg, LLC) Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin) Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-4136010648-1277825472-1809701594-1000_Classes\CLSID\{1AC77AE9-9EC6-405A-9F9B-C06AB3C10B71}\InprocServer32 -> C:\Program Files\Microsoft Research\Image Composite Editor\ShellExtension.dll No File CustomCLSID: HKU\S-1-5-21-4136010648-1277825472-1809701594-1000_Classes\CLSID\{1EF21888-3BD8-4064-BAD3-4BF694952652}\InprocServer32 -> C:\Program Files\Microsoft Research\Image Composite Editor\WLPG.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4136010648-1277825472-1809701594-1000_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.) ==================== Restore Points ========================= 16-10-2014 09:19:37 Windows Update 17-10-2014 00:51:26 Scheduled Checkpoint 24-10-2014 12:46:38 Installed Java 7 Update 71 25-10-2014 23:00:06 Scheduled Checkpoint 26-10-2014 13:20:26 Scheduled Checkpoint 27-10-2014 11:27:07 Scheduled Checkpoint 28-10-2014 17:12:22 Scheduled Checkpoint 29-10-2014 15:34:11 Scheduled Checkpoint 30-10-2014 14:01:32 Scheduled Checkpoint 31-10-2014 03:01:54 Scheduled Checkpoint 31-10-2014 15:38:23 Scheduled Checkpoint 01-11-2014 12:23:29 Scheduled Checkpoint 04-11-2014 00:15:50 Scheduled Checkpoint 04-11-2014 12:46:09 Scheduled Checkpoint 04-11-2014 14:09:35 Norton_Power_Eraser_20141104090935293 05-11-2014 05:00:07 Scheduled Checkpoint ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 05:23 - 2011-12-30 10:12 - 00000098 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0CA310C5-CE5A-4DE6-BDC8-FF1DCBB8517D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.) Task: {1A74ED2B-7BAD-4C73-A7D8-933245BF2E85} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {3785433B-AC2E-4187-A0D1-0EE5834026D8} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-19] (Microsoft Corporation) Task: {6C0AFD17-257F-4232-B171-C696CC4D83A6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {8AB70746-05CF-4137-A3D2-6938F01E7B87} - System32\Tasks\HP AR Program Upload - 7a494d11330f4fd7842d74672a0e252f350763b83f764731825e0d2a7318d679 => C:\Program Files\HP\HP ENVY 4500 series\bin\HPRewards.exe [2013-08-13] (TODO: <Company name>) Task: {90E69DDE-3219-4F45-8494-54552C692DF0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.) Task: {9CEA66B9-03FB-4D49-ACA8-049FA0004E1A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated) Task: {C562A667-B24C-47D1-9FB3-F121B7F60297} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation) Task: {DD9E9D4F-45F8-4DF6-9273-A9DE406EA30F} - System32\Tasks\HP AR Program Upload - a15a0d87f69746f5934241207e75d8315642a52b149f485bbe6cb060902dbb44 => C:\Program Files\HP\HP ENVY 4500 series\bin\HPRewards.exe [2013-08-13] (TODO: <Company name>) Task: {E3CBB6D6-8873-4E8D-930F-92F3FC62C853} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver => C:\Windows\system32\DFDWiz.exe Task: {E927DA48-9D15-4686-BB82-61F3694F5D17} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {FA98FC37-B19A-435C-8B41-5C643795B9BE} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] () (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-03-10 14:01 - 2012-03-10 14:01 - 00051716 _____ () C:\Windows\System32\pdf995mon.dll 2011-12-29 13:16 - 2006-10-26 16:21 - 00056056 _____ () C:\Windows\system32\DLAAPI_W.DLL 2006-11-05 10:58 - 2006-11-05 10:58 - 00516096 _____ () C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\LayoutDll9.dll 2006-11-05 10:28 - 2006-11-05 10:28 - 04587520 ____R () C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll 2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2014-10-31 08:14 - 2014-10-31 08:15 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Donna and Larry\Documents\.picasaoriginals:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\2006 Toyota Camry LE V6 Private Party Value kbb com.GIF:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Amex Concur Missing Payment.JPG:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Apple Chat 12-09-2011.JPG:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\ApplianceZone Part Receipt 11-05-09.GIF:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Autoanything Yakima Rack (via Skymiles Shopping) 11-22-10.JPG:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Avis First Free Gas.JPG:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Beth Israel Cemetery #2.PNG:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Beth Israel Cemetery.PNG:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Blu Ray List 1.GIF:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Blu Ray List 2.GIF:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Boat Cover Order 05-20-09.GIF:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Boat.jpg:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Capture.GIF:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Capture.JPG:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Cemetery Map #2.PNG:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Cemetery Map.PNG:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Crystal Lake Ride.JPG:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Dad 01-14-09.GIF:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Dad 2007 TurboTax Claim ScreenShot 07-14-09.GIF:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Dad Amtrust Checking Opening 06-23-09.GIF:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Dad Amtrust Savings Hx 11-10-09.GIF:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Dad Bloomfield Ambulance July 17, 2009.GIF:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Dad Peoples Transfer Nov 21, 2011.JPG:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Dad Peoples Transfers July 23, 2010.JPG:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Dad Regions Transfer 043009.GIF:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Dad's Honda Edmunds Buyer.GIF:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Dad's Honda KBB Private Party.GIF:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Debbie #1_MG_8471.jpg:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Debbie #2_MG_8471.jpg:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Debbie #3_MG_8471.jpg:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Delta Amex Platinum First 1000 Charges by Nov 15.JPG:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Delta Amex Platinum First Transactions Nov 19, 2010.JPG:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Delta Amex Transfer Bonus Nov 2010.JPG:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Delta Birthday Offer 2010.JPG:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Delta Choice Benefits Dec 2011.JPG:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Delta Hilton MQM Bonus Q4 2011.JPG:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Delta Skymiles Snapshot 03-01-10.GIF:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Delta Skymiles Snapshot 10-19-09.GIF:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Delta Skymiles Snapshot 11-11-09.GIF:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Delta Skymiles Snapshot 11-22-10.GIF:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Delta Skymiles Snapshot 11-26-10.GIF:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Delta Skymiles Snapshot 11-30-10.GIF:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Delta Statement 06-25-09 Bonus.GIF:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Delta Tampa Flights DXXWHU Dec 30 2010 With Seat Assignments.JPG:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Delta Tampa Flights October 8 Original seating 06-02-10.JPG:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Delta Tampa Flights October 8 Updated seating 06-02-10.JPG:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Dicks Sporting Goods Online Receipt 07-16-09.GIF:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Donna Amex Order May 26, 2010.JPG:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Donna Mags for Miles SI and Golf Digest 09-07-09.GIF:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Donna Skymiles Magazine Atlantic and PC World Purchase (Delta Site Link)07-01-10.GIF:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Donna Skymiles Magazine Bassin Purchase (Delta Site Link)07-14-09.GIF:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Donna Skymiles Magazine Bassin Purchase 07-14-09.GIF:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Donna Skymiles Magazine Sports Illustrated (Delta Site Link)07-01-10.GIF:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Donna Skymiles Magazine Sports Illustrated (Delta Site Link)07-01-10.JPG:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\DSCF2688 Size Check.JPG:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\DSCF2717.JPG:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\eFax Messenger 4.4:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Elyse's LG 500 Cover Receipt PayPal 03-04-10.GIF:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\EMS Pickup 11-23-2011.JPG:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Etrade Transfer Confirm April 16, 2010.JPG:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Fox Soccer Web Cap #2.GIF:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Fox Soccer Web Cap.GIF:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Goldminers Daughter Alta Reservation 2010.JPG:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\GUAQCX Delta BDL-SLC Alta February 2011.JPG:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Hilton Double Miles July to Sep 2010.JPG:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Hilton Double Points through June 30, 2010.JPG:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Hilton Dusseldorf Nov 2.JPG:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Hilton Free Night Q4-2011.JPG:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Hilton Honors Bonus Q4 09.GIF:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Hilton Honors Status 06-06-09.GIF:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Hilton Snapshot 12-11-2011.JPG:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Hilton St. Louis Cancellation.JPG:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Hilton Status July 1, 2009 (20 nights, not 18).GIF:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Honda Recall Brake Master Dec 23, 2010.JPG:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Janus Cost Basis Ben Account Redemption.JPG:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Janus Coverdell Exchange 04012011 Ben.JPG:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\JUMP DRIVE BEN-06-02-08:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\June 2009 Atlanta Weekend.GIF:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Keeler Bay Chart.JPG:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Larry USAir Order Sears Kiplingers July 1, 2010.JPG:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Macy's (Second time) for Lisa Dec 2010.JPG:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Map.JPG:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\McAfee detect log 12-01-2010.JPG:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\MOVE Photos:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\My Documents:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\NWA as of Jan 28-2010.GIF:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\OneNote Notebooks:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\PartsTree Order 04-15-2011.JPG:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Peoples Transfer October 23, 2011.JPG:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Pic 1.jpg:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Pic 2.jpg:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Regions Address Change 1 07-02-09.GIF:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Regions Address Change 2 07-02-09.GIF:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Seabury.gif:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Seabury.jpg:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Shop Amex Ipad Order 12-099-2011.JPG:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Staples Rebate Ink 02-25-2011.JPG:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\TT 2007 Form List.GIF:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\TurboTax:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\TurboTax 2008 Receipt.GIF:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Ulead DVD MovieFactory:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\USAirways Dividend Miles 2009.GIF:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\USAirways Dividend Miles 2010 (Mag purchase--activity July 2010).GIF:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\UTC Fidelity Status June 23, 2010.JPG:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\UTC Fidelity Status Nov 13, 2010.JPG:Roxio EMC Stream AlternateDataStreams: C:\Users\Donna and Larry\Documents\Waksman Ketubah Excerpt.TIF:Roxio EMC Stream ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-4136010648-1277825472-1809701594-500 - Administrator - Disabled) Donna and Larry (S-1-5-21-4136010648-1277825472-1809701594-1000 - Administrator - Enabled) => C:\Users\Donna and Larry Guest (S-1-5-21-4136010648-1277825472-1809701594-501 - Limited - Enabled) UpdatusUser (S-1-5-21-4136010648-1277825472-1809701594-1003 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/16/2014 04:53:14 AM) (Source: Windows Search Service) (EventID: 3007) (User: ) Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer. Context: Application, SystemIndex Catalog Error: (10/16/2014 04:53:12 AM) (Source: Windows Search Service) (EventID: 3006) (User: ) Description: Performance monitoring cannot be initialized for the gatherer service, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer. Error: (10/16/2014 04:40:05 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4 Error: (10/16/2014 04:40:00 AM) (Source: Perflib) (EventID: 1010) (User: ) Description: EmdCacheC:\Windows\system32\emdmgmt.dll4 Error: (10/15/2014 09:51:37 PM) (Source: EventSystem) (EventID: 4609) (User: ) Description: d:\longhorn\com\complus\src\events\tier2\security.cpp78800706e5 Error: (10/06/2014 00:51:46 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application plugin-container.exe, version 32.0.3.5379, time stamp 0x54224e6b, faulting module mozalloc.dll, version 32.0.3.5379, time stamp 0x54221b67, exception code 0x80000003, fault offset 0x0000141b, process id 0x1384, application start time 0xplugin-container.exe0. Error: (10/02/2014 02:51:46 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application plugin-container.exe, version 32.0.3.5379, time stamp 0x54224e6b, faulting module mozalloc.dll, version 32.0.3.5379, time stamp 0x54221b67, exception code 0x80000003, fault offset 0x0000141b, process id 0x880, application start time 0xplugin-container.exe0. Error: (10/02/2014 01:59:20 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: The entry <C:\USERS\DONNA AND LARRY\DOCUMENTS\MY DOCUMENTS\BETH AHM KOL\MEMORIAL PLAQUES AND YARZHEITS\KOL YARZHEITS JANUARY TO DECEMBER 2015 (REVISION OCT 02, 2014).DOC> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (09/16/2014 09:33:02 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Excessive update rate for Larry\032and\032Donna’s\032Library._home-sharing._tcp.local.; delaying announcement by 3 seconds Error: (09/16/2014 09:32:58 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Excessive update rate for Larry\032and\032Donna’s\032Library._home-sharing._tcp.local.; delaying announcement by 2 seconds System errors: ============= Error: (11/05/2014 09:58:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: NVIDIA Update Service Daemon%%1069 Error: (11/05/2014 09:58:28 AM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: nvUpdatusService.\UpdatusUser%%1330 Error: (11/05/2014 08:51:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: NVIDIA Update Service Daemon%%1069 Error: (11/05/2014 08:51:14 AM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: nvUpdatusService.\UpdatusUser%%1330 Error: (11/05/2014 08:45:41 AM) (Source: PlugPlayManager) (EventID: 11) (User: ) Description: The device Root\LEGACY_SMR430\0000 disappeared from the system without first being prepared for removal. Error: (11/04/2014 09:17:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: NVIDIA Update Service Daemon%%1069 Error: (11/04/2014 09:17:23 AM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: nvUpdatusService.\UpdatusUser%%1330 Error: (11/04/2014 09:15:51 AM) (Source: PlugPlayManager) (EventID: 11) (User: ) Description: The device Root\LEGACY_SMR430\0000 disappeared from the system without first being prepared for removal. Error: (11/04/2014 08:26:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: NVIDIA Update Service Daemon%%1069 Error: (11/04/2014 08:26:38 AM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: nvUpdatusService.\UpdatusUser%%1330 Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2014-11-05 11:17:37.850 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system. Date: 2014-11-05 11:17:37.656 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system. Date: 2014-11-05 11:17:37.462 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system. Date: 2014-11-05 11:17:37.267 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system. Date: 2014-11-05 11:17:29.096 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-05 11:17:28.901 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-05 11:17:28.703 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-05 11:17:28.507 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-05 11:17:21.018 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20141030.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-05 11:17:20.823 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20141030.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core2 Duo CPU E4500 @ 2.20GHz Percentage of memory in use: 64% Total physical RAM: 2045.45 MB Available physical RAM: 715.97 MB Total Pagefile: 4334.16 MB Available Pagefile: 2401.46 MB Total Virtual: 2047.88 MB Available Virtual: 1891.86 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:288.04 GB) (Free:120.11 GB) NTFS ==>[Drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 48000000) Partition 1: (Not Active) - (Size=55 MB) - (Type=DE) Partition 2: (Active) - (Size=288 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  8. PC ran well yesterday and I've got a smiling Elyse again...Thank you Elise!
  9. Yikes...No matter what, keep getting error message: combofix /uninstall combofix.exe /uninstall "File name is not valid"
  10. Will do on both my PC and Daughter's...Thanks again. Donation will be made today!
  11. I found I did not have Combofix on the flash...Then I checked my PC and found it was still on my PC. I tried run, combofix / uninstall and got a message that it couldn't be found. I then just tried to delete Combofix (did not show up as installed in Control Panel). As Combofix was being deleted, McAfee again quarantined artemis trojan. Should I re-download and re-install on both my PC and my daughter's?
  12. Thank you !!! --I could not find Combofix on the "bad" PC. I think that's because I ran it from the flash drive. Should I delete the two text files that remain on my c: drive? --I use McAfee Security Center...and its firewall in addition to my router. Using Windows firewall is overkill, correct? --I have Windows Defender on...Is this OK? --In your experience, is Malwarebytes compatible with McAfee? Last question---Should I delete Eset online Scanner via Control Panel? THANKS AGAIN!!! I'll also make the suggested changes on my other PCs.
  13. C:\ProgramData\AOL Downloads\SUD4131\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined
  14. Mbam came back with a warning that the desktop shortcut is still there. PC appears normal otherwise... Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Database version: 5225 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18975 12/1/2010 12:09:35 PM mbam-log-2010-12-01 (12-09-07).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 290826 Time elapsed: 1 hour(s), 45 minute(s), 45 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Users\Elyse\Desktop\Win HDD.lnk (Rogue.WinHDD) -> No action taken.
  15. Hello Elise, My daughter's pc is getting back to normal...I reengaged McAfee and Windows Defender and I can connect to the internet. However, as I was preparing to post this, MY pc's McAfee has alerted me that it found and repaired/removed the artemis trojan in the Combofix.exe on the flash drive I've been using. Once we get to the "all clear" on my daughter's pc, please help me with the following: 1) Please recommend a malware/spyware program that I can use which is compatible with McAfee. 2) Can you tell me what "digital line detect" DGL.exe is? OTL Extras logfile created on: 12/1/2010 8:22:19 AM - Run 4 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Elyse\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18975) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,022.00 Mb Total Physical Memory | 375.00 Mb Available Physical Memory | 37.00% Memory free 2.00 Gb Paging File | 1.00 Gb Available in Paging File | 57.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 138.96 Gb Total Space | 78.09 Gb Free Space | 56.20% Space Free | Partition Type: NTFS Drive D: | 10.00 Gb Total Space | 5.96 Gb Free Space | 59.59% Space Free | Partition Type: NTFS Computer Name: ELYSE-PC | User Name: Elyse | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02046B4A-A343-49DF-B56B-1F18718C33FF}" = rport=139 | protocol=6 | dir=out | app=system | "{059510F0-97C9-4B41-90DB-78672DE587F6}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{0DCEB9C9-DB5F-4C13-953C-CBFEFE0E9A97}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{13A642E0-13DE-4907-9574-6C4F63B3FBBF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{1FFF77A0-8A15-4CFF-ABA8-16036700F6DD}" = lport=137 | protocol=17 | dir=in | app=system | "{33B3523C-46D7-42E1-8882-DFB853201B5C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{427129A8-32A4-46FF-83EF-CC6F983D9900}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{70893976-2D20-45DB-A440-E17794DFD8F5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7768FB86-6EC5-4415-B49A-8064C472B5C6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8CA5B0AF-BBA2-4026-A07B-FFAA5F0942B4}" = lport=138 | protocol=17 | dir=in | app=system | "{8D178766-AA7C-47D2-A957-4DAD92214580}" = lport=445 | protocol=6 | dir=in | app=system | "{8E2335A4-48D7-4466-A6C1-6B67D6625C87}" = lport=139 | protocol=6 | dir=in | app=system | "{9B96799F-F383-404C-BE0A-F7E83EA411E2}" = rport=138 | protocol=17 | dir=out | app=system | "{A9C01BAA-EB66-49EF-A877-A13BCD64D182}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{B9BE744B-86B7-4CA2-96D2-79C6D6CD32F0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C7D442C4-0690-441D-9A39-887479189F50}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{EDE3818A-A4DC-4BAE-A3F8-9162812CDE85}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{EF5D20F5-B193-48B9-A5CE-C77CABEBAE1A}" = lport=2869 | protocol=6 | dir=in | app=system | "{F332BD3D-7C34-439B-BC9A-BAB79CB6DAB2}" = rport=445 | protocol=6 | dir=out | app=system | "{FD957BB7-5150-4A8F-BA34-2CB5070394B7}" = rport=137 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0A104368-894D-4B07-A53B-3CDE11E3B759}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{1A57E649-0CD4-425C-B094-AE14C93609AF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{1D9F8505-6A0E-4D2E-80E4-DCAD71C592F9}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe | "{1EF102B3-2D5B-4BDC-8BC1-DE0048F5DB41}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | "{21F8E7D4-7A47-42C5-A4A8-8F262BC434FF}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | "{2AA8F35E-8800-42D1-813C-1432834197DF}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{2BCFAF89-8D88-4333-B5FC-17C5035B4712}" = protocol=6 | dir=in | app=c:\program files\grisoft\avg7\avgamsvr.exe | "{34471FDA-195B-4B1E-BE1C-D1329675C2B4}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{361E2442-9AB0-4BC4-9241-2B4F7E90F2F8}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | "{3BBDDD66-8234-417A-A8A0-49826F7B85BE}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | "{4803596F-82AB-4498-AA02-4461C8B17CD9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{4A0CACF9-F62B-40F5-979E-F1A1D0965B67}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{4BEF131F-A71E-4535-88E1-F0091DAA56B1}" = protocol=6 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe | "{4D59601A-790C-4426-B352-C5189CEAAF0E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{503222C6-CB1B-4824-8892-EA7A83F89FFC}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{5432895F-9286-49EC-B212-8A8D3F32CAD1}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{5BAB2CBB-3F2D-4F62-A5CD-3C30B75DA835}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{72152D34-A8FE-47CD-8D94-A33682648B72}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{807F5447-8053-40F0-8DD0-67D1C164E89B}" = protocol=6 | dir=in | app=c:\program files\grisoft\avg7\avginet.exe | "{8964C86C-8B0F-495D-8221-FD06DB7FA56E}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{8F9F412A-6305-4EC1-ABC1-5EAA05437CC0}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{8FDD7F4D-C7F2-4DE3-AE67-E6F4F8AF3F1D}" = protocol=17 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe | "{9987D7C0-B886-46F8-A52C-CB22E03C0DB4}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{A16C552D-E2C1-4A3D-92BE-1F52B3C46004}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{A1F1C8C1-C052-4F2B-91A1-9E301BE7C77B}" = protocol=17 | dir=in | app=c:\program files\grisoft\avg7\avgamsvr.exe | "{A3047DD5-6EC3-4E8F-95D0-1DB3C6F32689}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | "{ABD8BDFB-3CC5-48D8-BAA6-1E1E6AD3CF5F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{AE9B8488-02EA-466A-B6D9-27D367CA125F}" = protocol=17 | dir=in | app=c:\program files\grisoft\avg7\avginet.exe | "{B0566386-AD0F-4FC4-A8A6-EAA34AECEBFE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{B47256A9-E262-455F-BB1C-16989D1800F5}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | "{B66642BB-F3A8-4AE0-BA2D-FC9D6AE41286}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe | "{B6C7BBB4-44A9-4DA3-97C1-7C047293457A}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe | "{B6F54CD2-3CBC-4D2E-A7F5-AA649F0CFA69}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{BE382B48-B3BE-4D97-95FE-3A108145B9E5}" = protocol=17 | dir=in | app=c:\program files\grisoft\avg7\avgcc.exe | "{C4C16F40-01F4-49DF-B108-6E7FD9B1382D}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | "{C509627D-EE2D-45C3-A628-72FED1158102}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe | "{D1EE2F2D-9D87-4F01-B444-EA85B2819F1F}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe | "{D3048130-9DA3-436C-97A9-254A8C987C3D}" = protocol=17 | dir=in | app=c:\program files\grisoft\avg7\avgemc.exe | "{D39E18FA-9AD0-4832-AEBD-D05876F4FBF8}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe | "{D8C406F8-79B9-48C7-B9DF-47A93803B860}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | "{DBBEC440-3490-48BA-8408-B5E8A40ABA3F}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | "{DBE73066-6575-4FE4-B21A-6784B2FF3BD0}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe | "{DD3BE0A2-5440-4A72-B844-FE8C9E9B04EC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{E24CAD4E-658A-4202-8B08-5282585AA9B4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{F4A90251-F860-4783-969A-7A45302BECDA}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{F6B0246E-8D3B-4B86-88E9-2A128739C258}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe | "{FB4607C8-9133-4F50-B8B7-B5C256A360F3}" = protocol=6 | dir=in | app=c:\program files\grisoft\avg7\avgcc.exe | "{FF19D5C3-0969-47F2-83EA-1580FB055AEA}" = protocol=6 | dir=in | app=c:\program files\grisoft\avg7\avgemc.exe | "TCP Query User{236F24B3-3B7A-4389-8E7A-21A23855735E}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | "UDP Query User{A8F65F6E-E88E-4FDB-849E-580476569626}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools "{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant "{09801D34-8DE8-406A-BFD7-747AF74F5E6E}" = WhiteBoardMeeting "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data "{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety "{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer "{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java SE Runtime Environment 6 "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module "{36C97B5B-5593-45B8-B50E-DAD87036BD9D}" = Microsoft LifeCam "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker "{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7ADE3A47-B425-45E9-8FF6-11BE2B775645}" = Corel Snapfire Plus "{7C49EA42-5647-4051-84C2-E6404F25A931}" = Yahoo! Music Jukebox "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin "{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Documentation & Support Launcher "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{93A1B09E-BAFA-4628-A5B6-921CB026955A}" = Corel Paint Shop Pro Photo XI "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8 "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CCFF1E13-77A2-4032-8B12-7566982A27DF}" = Internet Service Offers Launcher "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype
  16. ComboFix 10-11-30.02 - Elyse 11/30/2010 17:32:36.1.2 - x86 Microsoft
  17. Hello Elise, I ran OTL and Rootkit Unhooker on the infected PC in normal mode. I could not find the second file from OTL--no sign of "extra.txt" after searching...I ran OTL 3 times with same result. OTL logfile created on: 11/30/2010 3:44:26 PM - Run 2 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Elyse\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18975) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,022.00 Mb Total Physical Memory | 251.00 Mb Available Physical Memory | 25.00% Memory free 2.00 Gb Paging File | 1.00 Gb Available in Paging File | 48.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 138.96 Gb Total Space | 73.64 Gb Free Space | 52.99% Space Free | Partition Type: NTFS Drive D: | 10.00 Gb Total Space | 5.96 Gb Free Space | 59.59% Space Free | Partition Type: NTFS Drive F: | 1.88 Gb Total Space | 1.83 Gb Free Space | 97.82% Space Free | Partition Type: FAT Computer Name: ELYSE-PC | User Name: Elyse | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010/11/30 15:08:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Elyse\Desktop\OTL(2).exe PRC - [2010/06/10 05:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe PRC - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe PRC - [2009/11/04 16:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe PRC - [2009/11/04 15:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe PRC - [2009/10/29 06:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe PRC - [2009/10/29 06:54:44 | 000,806,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcupdmgr.exe PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe PRC - [2009/10/02 13:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe PRC - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe PRC - [2009/09/25 23:31:32 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe PRC - [2009/07/24 14:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe PRC - [2009/07/08 20:22:24 | 005,134,864 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe PRC - [2009/06/26 16:21:00 | 000,757,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/04/11 01:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008/01/19 02:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2007/06/11 04:25:42 | 006,731,312 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe PRC - [2007/05/30 07:31:10 | 000,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe PRC - [2007/02/08 00:16:24 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe PRC - [2006/10/03 10:37:04 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe PRC - [2006/09/22 08:35:58 | 000,045,056 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe PRC - [2006/04/28 08:14:44 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe ========== Modules (SafeList) ========== MOD - [2010/11/30 15:08:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Elyse\Desktop\OTL(2).exe MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll MOD - [2009/12/08 13:12:24 | 000,014,544 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll MOD - [2009/04/11 01:28:23 | 000,409,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll MOD - [2009/04/11 01:28:22 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Journal\NBMapTIP.dll MOD - [2009/04/11 01:28:20 | 001,160,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll MOD - [2009/04/11 01:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll MOD - [2006/11/02 04:42:17 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbcint.dll ========== Win32 Services (SafeList) ========== SRV - [2010/06/10 05:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc) SRV - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service) SRV - [2009/11/04 16:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield) SRV - [2009/11/04 15:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon) SRV - [2009/10/28 11:50:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS) SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService) SRV - [2009/10/02 13:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service) SRV - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service) SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009/08/05 21:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2009/07/24 14:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc) SRV - [2009/07/08 20:22:22 | 000,068,112 | ---- | M] (McAfee) [On_Demand | Stopped] -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor) SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy) SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc) SRV - [2008/12/20 21:10:26 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/05/30 07:31:10 | 000,312,880 | ---- | M] (GRISOFT s.r.o.) [Auto | Running] -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard) SRV - [2006/11/07 12:27:02 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive) DRV - [2010/07/15 14:18:22 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP) DRV - [2009/11/04 16:54:12 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk) DRV - [2009/11/04 16:54:12 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2009/11/04 16:54:12 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk) DRV - [2009/11/04 16:54:12 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk) DRV - [2009/11/04 16:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk) DRV - [2009/08/05 21:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr) DRV - [2009/06/26 16:21:02 | 001,956,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000) DRV - [2009/04/10 23:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM) DRV - [2007/12/26 01:46:00 | 000,288,768 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wg111v2.sys -- (RTL8187) DRV - [2007/09/02 03:00:00 | 000,395,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2007/08/09 17:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32) DRV - [2007/05/30 07:10:42 | 000,011,000 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys -- (AVG Anti-Spyware Driver) DRV - [2007/05/30 07:10:42 | 000,010,872 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\AvgAsCln.sys -- (AvgAsCln) DRV - [2007/04/14 01:49:32 | 000,418,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv) DRV - [2007/03/12 17:49:40 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2007/03/12 17:49:40 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2007/03/12 17:49:40 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2007/02/09 11:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DRVNDDM.SYS -- (DRVNDDM) DRV - [2007/02/08 19:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M) DRV - [2007/02/08 19:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM) DRV - [2007/02/08 00:16:26 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2007/01/19 02:20:54 | 000,021,728 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\scmndisp.sys -- (SCMNdisP) DRV - [2007/01/06 00:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006/11/02 02:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel® DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel® DRV - [2006/11/02 02:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2006/10/26 15:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM) DRV - [2006/10/26 15:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM) DRV - [2006/10/26 15:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM) DRV - [2006/10/26 15:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M) DRV - [2006/10/26 15:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM) DRV - [2006/10/26 15:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM) DRV - [2006/10/26 15:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM) DRV - [2006/10/26 15:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M) DRV - [2006/10/24 23:53:08 | 002,068,992 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006/10/18 13:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV) DRV - [2006/10/18 13:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2) DRV - [2006/10/18 13:08:04 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf) DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct) DRV - [2006/08/17 14:43:52 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys -- (dsunidrv) DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2006/07/21 10:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-2356230131-352162168-836978672-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-2356230131-352162168-836978672-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes] IE - HKU\S-1-5-21-2356230131-352162168-836978672-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-2356230131-352162168-836978672-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2356230131-352162168-836978672-1000\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) IE - HKU\S-1-5-21-2356230131-352162168-836978672-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKU\S-1-5-21-2356230131-352162168-836978672-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2356230131-352162168-836978672-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Secure Search" FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0 FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p=" FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/11/22 16:42:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/28 23:06:23 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/28 19:04:07 | 000,000,000 | ---D | M] [2009/07/27 16:15:59 | 000,000,000 | ---D | M] -- C:\Users\Elyse\AppData\Roaming\Mozilla\Extensions [2010/11/28 13:50:03 | 000,000,000 | ---D | M] -- C:\Users\Elyse\AppData\Roaming\Mozilla\Firefox\Profiles\cc1744uo.default\extensions [2009/07/18 14:14:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Elyse\AppData\Roaming\Mozilla\Firefox\Profiles\cc1744uo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009/12/29 17:33:53 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Users\Elyse\AppData\Roaming\Mozilla\Firefox\Profiles\cc1744uo.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760} [2009/12/29 17:34:00 | 000,004,554 | ---- | M] () -- C:\Users\Elyse\AppData\Roaming\Mozilla\Firefox\Profiles\cc1744uo.default\searchplugins\aim-search.xml [2007/12/22 15:25:13 | 000,001,877 | ---- | M] () -- C:\Users\Elyse\AppData\Roaming\Mozilla\Firefox\Profiles\cc1744uo.default\searchplugins\aolsearch.xml [2007/03/14 18:04:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009/07/27 16:15:56 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org [2007/12/22 14:30:13 | 000,001,948 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\AOL Search.xml [2010/06/07 19:36:03 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll () O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) O3 - HKU\S-1-5-21-2356230131-352162168-836978672-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-2356230131-352162168-836978672-1000\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O3 - HKU\S-1-5-21-2356230131-352162168-836978672-1000\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [!AVG Anti-Spyware] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (GRISOFT s.r.o.) O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe () O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\PhotoDownloader.exe File not found O4 - HKLM..\Run: [ECenter] c:\DELL\E-Center\EULALauncher.exe ( ) O4 - HKLM..\Run: [iSUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation) O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\firefox.com.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC) O4 - HKLM..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe (McAfee) O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.) O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2356230131-352162168-836978672-1000..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.) O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0) O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (RtlGina2.dll) - File not found O24 - Desktop WallPaper: C:\Users\Elyse\Documents\Pictures\Vermont 2010\DSCF3852.JPG O24 - Desktop BackupWallPaper: C:\Users\Elyse\Documents\Pictures\Vermont 2010\DSCF3852.JPG O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{5b2f6ba2-a124-11dc-9b19-00188b8f8d55}\Shell\AutoRun\command - "" = F:\WirelessSecurity\install.exe -- File not found O33 - MountPoints2\{6ec7323f-b979-11dc-b4dc-00188b8f8d55}\Shell\AutoRun\command - "" = F:\WirelessSecurity\install.exe -- File not found O33 - MountPoints2\{9aa8e311-d27f-11db-a9c1-00188b8f8d55}\Shell\AutoRun\command - "" = WirelessSecurity\install.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/11/30 15:33:21 | 000,000,000 | ---D | C] -- C:\Users\Elyse\Desktop\7-Zip [2010/11/30 15:32:10 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Elyse\Desktop\OTL(2).exe [2010/11/29 14:41:43 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Elyse\Desktop\HiJackThis.exe [2010/11/29 11:32:46 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\mbam-setup.exe [2010/11/29 11:32:15 | 000,509,440 | ---- | C] (iS3, Inc.) -- C:\STOPzilla_Setup.exe [2010/11/28 20:41:15 | 000,000,000 | ---D | C] -- C:\Users\Elyse\AppData\Roaming\Malwarebytes [2010/11/28 20:41:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/11/28 20:41:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/11/28 20:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/11/28 20:41:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes ========== Files - Modified Within 30 Days ========== [2010/11/30 15:33:51 | 000,612,592 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/11/30 15:33:51 | 000,107,654 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/11/30 15:23:24 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{94767EEC-8076-4E0F-A716-8FDBFDAA5786}.job [2010/11/30 15:22:34 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/11/30 15:22:33 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/11/30 15:22:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/11/30 15:09:58 | 001,110,476 | ---- | M] () -- C:\Users\Elyse\Desktop\7z920.exe [2010/11/30 15:08:52 | 000,629,057 | ---- | M] () -- C:\Users\Elyse\Desktop\RkU3.8.388.590.rar [2010/11/30 15:08:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Elyse\Desktop\OTL(2).exe [2010/11/30 13:58:48 | 000,001,356 | ---- | M] () -- C:\Users\Elyse\AppData\Local\d3d9caps.dat [2010/11/29 16:01:42 | 000,016,615 | ---- | M] () -- C:\Windows\System32\Config.MPF [2010/11/29 11:55:36 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/11/29 08:14:18 | 000,509,440 | ---- | M] (iS3, Inc.) -- C:\STOPzilla_Setup.exe [2010/11/28 21:22:22 | 000,359,929 | ---- | M] () -- C:\Users\Elyse\Desktop\dds.scr [2010/11/28 21:21:44 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Elyse\Desktop\HiJackThis.exe [2010/11/28 20:10:34 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup.exe [2010/11/28 18:51:56 | 000,000,755 | ---- | M] () -- C:\Users\Elyse\Desktop\Win HDD.lnk [2010/11/27 16:51:53 | 000,002,651 | ---- | M] () -- C:\Users\Elyse\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk [2010/11/27 15:11:59 | 000,002,255 | ---- | M] () -- C:\Users\Elyse\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes (2).lnk [2010/11/23 20:16:36 | 000,002,401 | ---- | M] () -- C:\Users\Elyse\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk [2010/11/17 22:15:41 | 000,060,416 | ---- | M] () -- C:\Users\Elyse\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/11/15 23:32:35 | 000,001,096 | ---- | M] () -- C:\Users\Elyse\Desktop\17C-SynthesisOfProtein - Shortcut.lnk [2010/11/14 15:20:43 | 000,013,746 | ---- | M] () -- C:\Users\Elyse\Documents\musicianssss.docx [2010/11/04 21:05:55 | 000,014,300 | ---- | M] () -- C:\Users\Elyse\Documents\music.docx [2010/11/02 12:24:59 | 000,002,627 | ---- | M] () -- C:\Users\Elyse\Desktop\Microsoft Office Word 2007.lnk ========== Files Created - No Company Name ========== [2010/11/30 15:32:16 | 000,629,057 | ---- | C] () -- C:\Users\Elyse\Desktop\RkU3.8.388.590.rar [2010/11/30 15:32:15 | 001,110,476 | ---- | C] () -- C:\Users\Elyse\Desktop\7z920.exe [2010/11/29 14:41:43 | 000,359,929 | ---- | C] () -- C:\Users\Elyse\Desktop\dds.scr [2010/11/28 20:41:09 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/11/28 18:51:56 | 000,000,755 | ---- | C] () -- C:\Users\Elyse\Desktop\Win HDD.lnk [2010/11/15 23:32:35 | 000,001,096 | ---- | C] () -- C:\Users\Elyse\Desktop\17C-SynthesisOfProtein - Shortcut.lnk [2010/11/02 18:22:13 | 000,014,300 | ---- | C] () -- C:\Users\Elyse\Documents\music.docx [2010/04/22 12:51:20 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat [2010/04/17 16:57:36 | 000,000,124 | ---- | C] () -- C:\Windows\POOHRTR.INI [2010/04/17 16:57:36 | 000,000,124 | ---- | C] () -- C:\Windows\POOHRFM.INI [2010/02/07 15:08:15 | 000,000,100 | ---- | C] () -- C:\Windows\ka.ini [2009/12/26 11:18:30 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009/08/21 20:21:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2008/12/02 19:17:42 | 011,143,213 | ---- | C] () -- C:\Users\Elyse\AppData\Roaming\UserTile.png [2008/09/25 19:35:41 | 000,001,356 | ---- | C] () -- C:\Users\Elyse\AppData\Local\d3d9caps.dat [2008/07/07 09:42:13 | 000,000,093 | ---- | C] () -- C:\Users\Elyse\AppData\Local\fusioncache.dat [2007/04/10 13:46:52 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini [2007/03/16 11:43:44 | 000,000,029 | ---- | C] () -- C:\Windows\atid.ini [2007/03/15 19:38:15 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL [2007/03/14 16:15:44 | 000,060,416 | ---- | C] () -- C:\Users\Elyse\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007/03/12 17:49:45 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2007/03/12 10:12:52 | 000,000,228 | ---- | C] () -- C:\Windows\wininit.ini [2007/01/06 06:09:26 | 000,208,896 | ---- | C] () -- C:\Program Files\Common Files\VistaRunApp.exe [2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini [2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/09/16 22:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll [2006/09/16 22:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll ========== LOP Check ========== [2007/03/16 11:46:06 | 000,000,000 | ---D | M] -- C:\Users\Elyse\AppData\Roaming\acccore [2007/11/18 17:38:13 | 000,000,000 | ---D | M] -- C:\Users\Elyse\AppData\Roaming\Grisoft [2007/03/17 08:35:13 | 000,000,000 | ---D | M] -- C:\Users\Elyse\AppData\Roaming\WildTangent [2010/09/15 00:23:07 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job [2010/08/01 00:00:10 | 000,000,318 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job [2010/11/29 16:01:44 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010/11/30 15:23:24 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{94767EEC-8076-4E0F-A716-8FDBFDAA5786}.job ========== Purity Check ========== < End of report > RkU Version: 3.8.388.590, Type LE (SR2) ============================================== OS Name: Windows Vista Version 6.0.6002 (Service Pack 2) Number of processors #2 ============================================== >Drivers ============================================== 0x8920C000 C:\Windows\system32\DRIVERS\atikmdag.sys 7520256 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver) 0x81C09000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System) 0x81C09000 PnpManager 3903488 bytes 0x81C09000 RAW 3903488 bytes 0x81C09000 WMIxWDM 3903488 bytes 0x93670000 Win32k 2109440 bytes 0x93670000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver) 0x8B40C000 C:\Windows\system32\DRIVERS\VX1000.sys 1957888 bytes (Microsoft Corporation, Microsoft LifeCam VX1000 Device Driver) 0x8280D000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver) 0x82275000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver) 0x89CF0000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver) 0x8AC06000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver) 0x8046E000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module) 0x9931E000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver) 0x8A00A000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 737280 bytes (Conexant Systems, Inc., HSF_CNXT driver) 0x9600C000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor) 0x8A651000 C:\Windows\system32\drivers\stwrt.sys 667648 bytes (SigmaTel, Inc., NDRC) 0x89938000 C:\Windows\System32\drivers\dxgkrnl.sys 659456 bytes (Microsoft Corporation, DirectX Graphics Kernel) 0x8A0CB000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver) 0x8054E000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic) 0x82204000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface) 0x96113000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack) 0x8AEF8000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 405504 bytes (Symantec Corporation, Symantec Eraser Control Driver) 0x8AE0F000 C:\Windows\system32\DRIVERS\wg111v2.sys 323584 bytes (NETGEAR Inc., NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NDIS Driver) 0x992A2000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver) 0x89C7C000 C:\Windows\system32\DRIVERS\HSXHWBS2.sys 303104 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver) 0x8069D000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver) 0x8AD70000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock) 0x80601000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT) 0x8042D000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver) 0x80704000 C:\Windows\system32\drivers\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver) 0x89C01000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver) 0x8AE7F000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver) 0x823AB000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem) 0x99229000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr) 0x8291D000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver) 0x8A60B000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB) 0x81FC2000 ACPI_HAL 208896 bytes 0x81FC2000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL) 0x8AEC5000 C:\Windows\system32\drivers\mfehidk.sys 208896 bytes (McAfee, Inc., Host Intrusion Detection Link Driver) 0x80762000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager) 0x8ADB8000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver) 0x8A158000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver) 0x8A6F4000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices)) 0x82380000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider) 0x89CC6000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library) 0x960CC000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver) 0x8AD0B000 C:\Windows\System32\Drivers\Mpfp.sys 167936 bytes (McAfee, Inc., McAfee Personal Firewall Plus Driver) 0x992F2000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver) 0x9927A000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver) 0x8296D000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache) 0x80658000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator) 0x8A721000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter) 0x8A1B4000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption)) 0x829A5000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll) 0x961CB000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr) 0x8A780000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver) 0x9920A000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr) 0x8AFCC000 C:\Windows\System32\Drivers\dump_nvstor32.sys 118784 bytes 0x80745000 C:\Windows\system32\DRIVERS\nvstor32.sys 118784 bytes (NVIDIA Corporation, NVIDIA
  18. Hello Elise, Thanks for your help...I still need it, but things are somewhat different today than when I posted initially. I realize how busy you and your co-volunteers are, but I've got a very upset daughter who needs her pc for school. So I took a few actions that I hope have helped...Please don't be too mad at me...(My daughter shares your name, and you can guess who Dolly was...) First---I cannot connect her PC to the internet. Her wireless device (USB) finds my network, but it will not connect to the internet. So everything has been done by downloading onto my PC and using a flash-drive on her PC after Safe Mode startup. The virus did not allow the PC to recognize flash drives. At this moment I can now boot her PC in regular mode without win-HDD popping up and overtaking everything, but it is still having some effect on performance. Given that I've done this since my original post, I will wait to hear back from you before taking any further actions....Please also confirm for me if / how to use the suggested programs via flash drive to the infected PC. Here is what I've done--all in Safe Mode: --Ran HJT and fixed the following (checked and fixed within HJT) I will post the HJT log --pre-fix and post-fix below. O4 - HKCU\..\Run: [EqCAlppKDp.exe] C:\Users\Elyse\AppData\Local\Temp\EqCAlppKDp.exe O4 - HKCU\..\Run: [471138] C:\Users\Elyse\AppData\Local\Temp\471138.exe --Copied MBAM to the PC hard drive and renamed and ran as "firefox.com" --Ran MBAM in Safe-Mode: This seems to have helped somewhat, but clearly there is more work to do. PRE-FIX: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 2:01:10 PM, on 11/29/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18975) Boot mode: Safe mode Running processes: C:\Windows\Explorer.EXE C:\Windows\system32\rstrui.exe F:\HiJackThis.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\PhotoDownloader.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [EqCAlppKDp.exe] C:\Users\Elyse\AppData\Local\Temp\EqCAlppKDp.exe O4 - HKCU\..\Run: [471138] C:\Users\Elyse\AppData\Local\Temp\471138.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: NETGEAR WG111v2 Smart Wizard..lnk = C:\Program Files\Common Files\VistaRunApp.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\Dell Games\Dell Game Console\GameConsoleService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 11055 bytes POST-Fix Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 2:03:02 PM, on 11/29/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18975) Boot mode: Safe mode Running processes: C:\Windows\Explorer.EXE F:\HiJackThis.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Windows\system32\NOTEPAD.EXE R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\PhotoDownloader.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: NETGEAR WG111v2 Smart Wizard..lnk = C:\Program Files\Common Files\VistaRunApp.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\Dell Games\Dell Game Console\GameConsoleService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 10898 bytes MBAM Log Post run as "firefox.com" Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4052 Windows 6.0.6002 Service Pack 2 (Safe Mode) Internet Explorer 8.0.6001.18975 11/29/2010 2:25:41 PM mbam-log-2010-11-29 (14-25-41).txt Scan type: Quick scan Objects scanned: 120548 Time elapsed: 6 minute(s), 20 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected)
  19. PC was hijacked by Win HDD last evening..Can't do anything--no connection to internet (but will connect to local network)...Won't allow flashdrives to be read in full startup mode. Have run Mbam in Safe Mode, but it found nothing--but it could not update prior to running. Trying it again this morning. I ran the HijackThis in Safe Mode yesterday (following instructions from a different help site)...Perhaps this can help get us started on a fix...Greatly appreciate any help. My daughter's schoolwork is now on hold. HijackThis Log (Safe Mode) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 9:54:48 PM, on 11/28/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18975) Boot mode: Safe mode Running processes: C:\Windows\explorer.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\notepad.exe C:\Windows\notepad.exe C:\Windows\system32\NOTEPAD.EXE F:\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\PhotoDownloader.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [EqCAlppKDp.exe] C:\Users\Elyse\AppData\Local\Temp\EqCAlppKDp.exe O4 - HKCU\..\Run: [471138] C:\Users\Elyse\AppData\Local\Temp\471138.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: NETGEAR WG111v2 Smart Wizard..lnk = C:\Program Files\Common Files\VistaRunApp.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\Dell Games\Dell Game Console\GameConsoleService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 11262 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.