Infected with trojanzeroaccessinf any advice?

[Jake1988]

Hi

I have been stuck with this for a about a month now as i've not been able to recieve any help with it.

First virus started off as a trojan zero access but has now become trojan zero access inf. I have ran Malwarebytes which found the virus but problems are still persisting.

Problems include a lengethend start up time where i have to run system restore every time.

Loss of data which i have saved from my last sessioin on the computer.

Virus protection software (norton antivirus) keeps turning off.

Using a Compaq Presario CQ61 with windows vista.

If anyone could help it would be greatly appreciated!

Thanks.

Jake

DDS

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Jake at 11:11:54 on 2012-08-17

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3038.1826 [GMT 1:00]

.

AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\STacSV.exe

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\rundll32.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\aestsrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\SMINST\BLService.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Kodak\KODAK Share Button App\Listener.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Steam\steam.exe

C:\Users\Jake\AppData\Local\Akamai\netsession_win.exe

C:\Users\Jake\AppData\Roaming\DRPSu\DrvUpdater.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Users\Jake\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Users\Jake\AppData\Local\Akamai\netsession_win.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Java\jre6\bin\jucheck.exe

C:\Windows\system32\werfault.exe

C:\Program Files\McAfee Security Scan\2.0.181\McUICnt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.mail.ru/cnt/9134

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb

uInternet Settings,ProxyOverride = *.local;<local>;127.0.0.1:9421;

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.8.3.6\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.8.3.6\IPSBHO.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.8.3.6\coIEPlg.dll

TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll

uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden

uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [steam] "c:\program files\steam\Steam.exe" -silent

uRun: [Akamai NetSession Interface] "c:\users\jake\appdata\local\akamai\netsession_win.exe"

uRun: [KGShareApp] c:\program files\kodak\kodak share button app\KGShare_App.exe

uRun: [DrvUpdater] c:\users\jake\appdata\roaming\drpsu\DrvUpdater.exe

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun

uRun: [spotify Web Helper] "c:\users\jake\appdata\roaming\spotify\data\SpotifyWebHelper.exe"

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [updateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"

mRun: [updatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

StartupFolder: c:\users\jake\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-gb\local\search.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{68EABCD3-3D92-4742-B663-6362B9F46391} : NameServer = 192.168.16.1

TCP: Interfaces\{D2C81628-7F6B-4DB2-B422-AADEB932A76C} : DhcpNameServer = 192.168.1.254

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.8.3.6\CoIEPlg.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\jake\appdata\roaming\mozilla\firefox\profiles\vhbfrf03.default\

FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll

FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

FF - plugin: c:\users\jake\appdata\roaming\facebook\npfbplugin_1_0_3.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1008030.006\SymEFA.sys [2011-10-11 310320]

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1008030.006\BHDrvx86.sys [2011-10-11 259632]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1008030.006\cchpx86.sys [2011-10-11 467592]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20120722.001\IDSvix86.sys [2012-7-24 382624]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_fa807195\AEstSrv.exe [2009-7-20 81920]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]

R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.8.3.6\ccSvcHst.exe [2011-10-11 117648]

R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-2-28 365952]

R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-2-28 222512]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-9-24 45600]

R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\nis\1008030.006\symndisv.sys [2011-10-11 48760]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-9 135664]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-5-16 106656]

S3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2011-5-6 13904]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-9 135664]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-08-14 23:18:40 -------- d-----w- c:\program files\Norton Bootable Recovery Tool Wizard

.

==================== Find3M ====================

.

2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 14:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 14:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe

.

============= FINISH: 11:13:08.83 ===============

Attach

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 20/07/2009 10:25:37

System Uptime: 17/08/2012 10:52:25 (1 hours ago)

.

Motherboard: Quanta | | 306A

Processor: Pentium® Dual-Core CPU T4200 @ 2.00GHz | CPU | 1200/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 222 GiB total, 23.378 GiB free.

D: is FIXED (NTFS) - 11 GiB total, 1.798 GiB free.

E: is CDROM (CDFS)

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP491: 16/07/2012 20:52:20 - Installed DirectX

RP492: 24/07/2012 14:32:21 - Scheduled Checkpoint

.

==== Installed Programs ======================

.

Acrobat.com

Activation Assistant for the 2007 Microsoft Office suites

ActiveCheck component for HP Active Support Library

Adobe AIR

Adobe Community Help

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Illustrator CS5

Adobe Media Player

Adobe Reader 9

Adobe Shockwave Player

Adobe Shockwave Player 11.5

Akamai NetSession Interface

Akamai NetSession Interface Service

AOL Toolbar 5.0

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Atheros Driver Installation Program

Bonjour

CCleaner

Compatibility Pack for the 2007 Office system

CyberLink DVD Suite

CyberLink YouCam

DivX Setup

Dota 2

DriverPack Solution Updater

ESU for Microsoft Vista

Facebook Plug-In

Google Chrome

Google Update Helper

Heroes of Might & Magic V: Hammers of Fate

Heroes of Might and Magic V

Heroes of Might and Magic V - Tribes of the East

Heroes of Might and Magic® III Complete

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Active Support Library

HP Common Access Service Library

HP Customer Experience Enhancements

HP DVD Play 3.7

HP Help and Support

HP Quick Launch Buttons 6.40 M1

HP Total Care Advisor

HP Total Care Setup

HP Update

HP User Guides 0138

HP Wireless Assistant

HPAsset component for HP Active Support Library

HPNetworkAssistant

IDT Audio

iTunes

Java 6 Update 11

KODAK Share Button App

LabelPrint

LCP New Generation Literacy Year4

League of Legends

LightScribe System Software 1.14.17.1

Malwarebytes' Anti-Malware

McAfee Security Scan Plus

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Professional Edition 2003

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Works

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Might & Magic ® Heroes ® VI

Mozilla Firefox 10.0.2 (x86 en-GB)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

muvee Reveal

My HP Games

Norton Internet Security

Norton Security Scan

NVIDIA Drivers

Pando Media Booster

PDF Settings CS5

Power2Go

PowerDirector

QuickTime

Raptor - Call of the Shadows

Realtek 8169 8168 8101E 8102E Ethernet Driver

Realtek USB 2.0 Card Reader

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

SEGA Genesis & Mega Drive Classics

Serif PhotoPlus SE

Shockwave

Skype Toolbars

Skype™ 5.8

SoulSeek 157 NS 13e

Spotify

SpyHunter

Steam

Stronghold 3

Synaptics Pointing Device Driver

Team Fortress 2

Total Annihilation - Commander Pack

Total War: SHOGUN 2

Ubisoft Game Launcher

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Office 2007 (KB934528)

VC80CRTRedist - 8.0.50727.4053

Ventrilo Client

VLC media player 1.1.0

Warcraft III

Warcraft III: All Products

Warhammer® 40,000®: Dawn of War® II – Retribution™

Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0)

Windows Driver Package - NVIDIA (nv) Display (12/05/2007 6.14.11.6921)

World of Warcraft

.

==== End Of File ===========================

Attaching files wasn't working so i've just posted them. Hope that's ok!

[aliB]

hi

Download ComboFix here :

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them
  Click me
  
• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Then

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
  
• Select All Users
  
• Under the Custom Scan box paste this in
  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  services.*
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  qmgr.dll
  /md5stop
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s
  CREATERESTOREPOINT
  
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Post both logs

[Jake1988]

Hi, thanks for the help.

I can't get Combofix to create a log as it vanishes after the process in complete. OLT worked fine though.

OLT

OTL logfile created on: 17/08/2012 14:23:30 - Run 1

OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Jake\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.97 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 54.43% Memory free

6.15 Gb Paging File | 4.71 Gb Available in Paging File | 76.62% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 222.33 Gb Total Space | 23.70 Gb Free Space | 10.66% Space Free | Partition Type: NTFS

Drive D: | 10.55 Gb Total Space | 1.80 Gb Free Space | 17.04% Space Free | Partition Type: NTFS

Unable to calculate disk information.

Computer Name: OLDGREGG | User Name: Jake | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/17 14:20:58 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Jake\Downloads\OTL.exe

PRC - [2012/08/17 13:13:26 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe

PRC - [2012/08/17 13:00:38 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\steam.exe

PRC - [2012/02/19 21:37:34 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2012/02/03 15:14:44 | 000,108,032 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\KODAK Share Button App\Listener.exe

PRC - [2011/09/22 01:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe

PRC - [2010/09/16 21:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

PRC - [2010/01/15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/01/20 09:39:12 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe

PRC - [2009/01/20 09:38:46 | 000,249,938 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\stacsv.exe

PRC - [2009/01/20 09:37:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\AEstSrv.exe

PRC - [2008/12/24 01:18:20 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe

========== Modules (No Company Name) ==========

MOD - [2012/08/17 13:13:26 | 020,316,496 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll

MOD - [2012/08/17 13:13:25 | 001,099,576 | ---- | M] () -- C:\Program Files\Steam\bin\avcodec-53.dll

MOD - [2012/08/17 13:13:25 | 000,900,944 | ---- | M] () -- C:\Program Files\Steam\bin\chromehtml.dll

MOD - [2012/08/17 13:13:25 | 000,190,776 | ---- | M] () -- C:\Program Files\Steam\bin\avformat-53.dll

MOD - [2012/08/17 13:13:25 | 000,123,192 | ---- | M] () -- C:\Program Files\Steam\bin\avutil-51.dll

MOD - [2012/06/14 18:23:42 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll

MOD - [2012/06/14 18:23:08 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll

MOD - [2012/06/14 18:22:23 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll

MOD - [2012/06/14 18:19:22 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll

MOD - [2012/05/11 17:31:40 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll

MOD - [2012/05/11 17:23:18 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll

MOD - [2012/05/11 17:23:14 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\b6d83a652c94b32fc8f99a6df0acd7f4\System.Transactions.ni.dll

MOD - [2012/05/11 17:23:13 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4b5eaa70d2900b98ccf6fd9915f34d69\System.EnterpriseServices.ni.dll

MOD - [2012/05/11 17:23:13 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4b5eaa70d2900b98ccf6fd9915f34d69\System.EnterpriseServices.Wrapper.dll

MOD - [2012/05/11 17:22:59 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll

MOD - [2012/05/11 17:12:17 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll

MOD - [2012/05/11 17:09:04 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll

MOD - [2012/05/11 17:08:21 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll

MOD - [2012/05/11 17:06:48 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll

MOD - [2012/05/11 17:06:39 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll

MOD - [2012/05/11 17:04:57 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll

MOD - [2012/03/28 20:18:27 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll

MOD - [2012/02/19 21:37:33 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

MOD - [2010/09/16 21:04:50 | 000,095,528 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll

MOD - [2010/09/16 21:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

MOD - [2009/11/03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2009/04/11 07:28:21 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll

MOD - [2009/04/11 03:04:15 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

MOD - [2009/03/30 05:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

MOD - [2009/03/30 05:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

MOD - [2008/11/18 20:03:14 | 000,032,768 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll

MOD - [2008/11/18 19:57:08 | 000,007,168 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll

MOD - [2008/11/18 19:57:06 | 000,057,344 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll

MOD - [2008/11/18 19:56:58 | 000,118,784 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\ECLibrary.dll

MOD - [2008/11/18 19:56:56 | 000,010,240 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll

MOD - [2008/11/18 19:56:40 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll

MOD - [2008/11/18 19:56:40 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll

MOD - [2008/11/18 19:56:40 | 000,005,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll

MOD - [2008/09/24 01:21:22 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll

MOD - [2007/08/14 21:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll

MOD - [2007/07/12 21:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll

MOD - [2007/07/12 21:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/08/17 13:13:26 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2011/11/16 17:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)

SRV - [2011/09/22 01:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe -- (Norton Internet Security)

SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2009/01/20 09:38:46 | 000,249,938 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\stacsv.exe -- (STacSV)

SRV - [2009/01/20 09:37:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\AEstSrv.exe -- (AESTFilters)

SRV - [2008/12/24 01:18:20 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)

SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SYMREDRV.SYS -- (SYMREDRV)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SYMDNS.SYS -- (SYMDNS)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | On_Demand | Stopped] -- Combo-Fix.sys -- ({79007602-0CDB-4405-9DBF-1257BB3226EE})

DRV - [2012/08/16 20:11:02 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120816.048\navex15.sys -- (NAVEX15)

DRV - [2012/08/16 20:11:02 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)

DRV - [2012/08/16 20:11:02 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2012/08/16 20:11:02 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120816.048\naveng.sys -- (NAVENG)

DRV - [2012/06/14 19:39:26 | 000,382,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20120722.001\IDSvix86.sys -- (IDSVix86)

DRV - [2011/10/11 18:00:29 | 000,467,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\cchpx86.sys -- (ccHP)

DRV - [2011/09/22 01:35:58 | 000,217,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\symtdi.sys -- (SYMTDI)

DRV - [2011/09/22 01:35:58 | 000,089,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\symfw.sys -- (SYMFW)

DRV - [2011/09/22 01:35:58 | 000,048,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\symndisv.sys -- (SYMNDISV)

DRV - [2011/05/06 16:57:10 | 000,013,904 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)

DRV - [2010/03/16 21:15:18 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2010/01/20 22:03:39 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\SymEFA.sys -- (SymEFA)

DRV - [2010/01/20 22:03:39 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\srtsp.sys -- (SRTSP)

DRV - [2010/01/20 22:03:39 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\BHDrvx86.sys -- (BHDrvx86)

DRV - [2010/01/20 22:03:39 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\srtspx.sys -- (SRTSPX)

DRV - [2010/01/20 22:03:28 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)

DRV - [2009/01/20 09:39:16 | 000,394,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

DRV - [2009/01/15 11:13:00 | 007,543,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2008/12/23 12:47:52 | 000,138,240 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2008/12/20 08:01:46 | 001,093,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2008/09/24 17:09:48 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)

DRV - [2008/01/21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)

DRV - [2007/06/19 01:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb

IE - HKLM\..\SearchScopes,DefaultScope = {025691BC-FC8A-4AB2-96A1-7111A3722E0D}

IE - HKLM\..\SearchScopes\{025691BC-FC8A-4AB2-96A1-7111A3722E0D}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcnnbie7-en-gb

IE - HKLM\..\SearchScopes\{862D96F9-09F3-41FE-9635-F1FB35E4105F}: "URL" = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936

IE - HKLM\..\SearchScopes\{F304A406-DF59-4420-A8BC-6A357E233831}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-605186710-3114713356-2354346427-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb

IE - HKU\S-1-5-21-605186710-3114713356-2354346427-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes]

IE - HKU\S-1-5-21-605186710-3114713356-2354346427-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.ru/cnt/9134

IE - HKU\S-1-5-21-605186710-3114713356-2354346427-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-605186710-3114713356-2354346427-1000\..\SearchScopes,DefaultScope = {E88E0043-C9D4-4e33-8555-FEE4F5B63060}

IE - HKU\S-1-5-21-605186710-3114713356-2354346427-1000\..\SearchScopes\{025691BC-FC8A-4AB2-96A1-7111A3722E0D}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcnnbie7-en-gb

IE - HKU\S-1-5-21-605186710-3114713356-2354346427-1000\..\SearchScopes\{862D96F9-09F3-41FE-9635-F1FB35E4105F}: "URL" = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936

IE - HKU\S-1-5-21-605186710-3114713356-2354346427-1000\..\SearchScopes\{E88E0043-C9D4-4e33-8555-FEE4F5B63060}: "URL" = http://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb

IE - HKU\S-1-5-21-605186710-3114713356-2354346427-1000\..\SearchScopes\{F304A406-DF59-4420-A8BC-6A357E233831}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008

IE - HKU\S-1-5-21-605186710-3114713356-2354346427-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-605186710-3114713356-2354346427-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>;127.0.0.1:9421;

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Jake\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011/10/12 17:49:39 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/29 02:01:48 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/08 22:25:12 | 000,000,000 | ---D | M]

[2010/03/15 21:55:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jake\AppData\Roaming\Mozilla\Extensions

[2012/05/24 17:46:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\vhbfrf03.default\extensions

[2010/07/22 17:40:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\vhbfrf03.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2012/05/24 17:46:16 | 000,000,000 | ---D | M] (Спутник @Mail.Ru) -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\vhbfrf03.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}

[2012/08/17 12:57:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/02/19 21:37:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/10/06 20:51:27 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml

[2011/10/06 20:51:27 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011/10/06 20:51:27 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml

[2011/10/06 20:51:27 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml

[2011/10/06 20:51:27 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: http://www.mail.ru/cnt/9134

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Jake\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/03/12 21:53:38 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\IPSBHO.dll (Symantec Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O3 - HKU\S-1-5-21-605186710-3114713356-2354346427-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)

O3 - HKU\S-1-5-21-605186710-3114713356-2354346427-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)

O4 - HKLM..\Run: [updateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKU\S-1-5-21-605186710-3114713356-2354346427-1000..\Run: [Akamai NetSession Interface] C:\Users\Jake\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)

O4 - HKU\S-1-5-21-605186710-3114713356-2354346427-1000..\Run: [DrvUpdater] C:\Users\Jake\AppData\Roaming\DRPSu\DrvUpdater.exe ()

O4 - HKU\S-1-5-21-605186710-3114713356-2354346427-1000..\Run: [KGShareApp] C:\Program Files\Kodak\KODAK Share Button App\KGShare_App.exe (Eastman Kodak Company)

O4 - HKU\S-1-5-21-605186710-3114713356-2354346427-1000..\Run: [spotify Web Helper] C:\Users\Jake\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()

O4 - HKU\S-1-5-21-605186710-3114713356-2354346427-1000..\Run: [steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)

O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-GB\local\search.html ()

O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)

O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)

O15 - HKU\S-1-5-21-605186710-3114713356-2354346427-1000\..Trusted Ranges: Range1 ([http] in Local intranet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68EABCD3-3D92-4742-B663-6362B9F46391}: NameServer = 192.168.16.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D2C81628-7F6B-4DB2-B422-AADEB932A76C}: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Jake\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Jake\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{9f31569c-661e-11e1-8600-00269e1d3d84}\Shell - "" = AutoRun

O33 - MountPoints2\{9f31569c-661e-11e1-8600-00269e1d3d84}\Shell\AutoRun\command - "" = F:\KODAK_Camera_Setup_App.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

NetSvcs: ezSharedSvc - File not found

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/08/17 14:20:03 | 000,000,000 | ---D | C] -- C:\ComboFix

[2012/08/17 14:15:49 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/08/17 14:14:05 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/08/17 10:53:01 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2012/08/15 00:18:40 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Bootable Recovery Tool Wizard

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/17 13:55:02 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/08/17 13:16:16 | 000,000,216 | ---- | M] () -- C:\Users\Jake\Desktop\Awesomenauts.url

[2012/08/17 12:58:43 | 000,031,776 | ---- | M] () -- C:\ProgramData\nvModes.001

[2012/08/17 12:57:59 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/08/17 12:57:14 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/08/17 12:57:14 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/08/17 12:56:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/08/17 12:56:52 | 3186,544,640 | -HS- | M] () -- C:\hiberfil.sys

[2012/08/17 11:02:02 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJake.job

[2012/08/17 10:55:21 | 000,031,776 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2012/08/17 10:52:46 | 242,813,380 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012/08/16 09:25:51 | 000,008,268 | ---- | M] () -- C:\Users\Jake\AppData\Local\d3d9caps.dat

[2012/07/23 19:40:46 | 000,000,472 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Jake.job

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/17 10:52:46 | 242,813,380 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2012/08/16 22:26:09 | 3186,544,640 | -HS- | C] () -- C:\hiberfil.sys

[2012/08/11 18:59:29 | 000,000,216 | ---- | C] () -- C:\Users\Jake\Desktop\Awesomenauts.url

[2012/01/11 20:39:03 | 000,002,048 | -HS- | C] () -- C:\Users\Jake\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@

[2011/12/12 20:51:33 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin

[2010/10/17 21:00:40 | 000,021,504 | ---- | C] () -- C:\Windows\jestertb.dll

[2010/09/24 18:25:20 | 000,177,904 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat

[2010/08/21 16:28:10 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2010/06/07 12:11:44 | 000,004,096 | -H-- | C] () -- C:\Users\Jake\AppData\Local\keyfile3.drm

[2010/03/26 11:44:39 | 000,014,336 | ---- | C] () -- C:\Users\Jake\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/03/25 19:51:10 | 000,008,268 | ---- | C] () -- C:\Users\Jake\AppData\Local\d3d9caps.dat

[2010/03/17 16:38:18 | 000,003,362 | ---- | C] () -- C:\Users\Jake\AppData\Roaming\wklnhst.dat

[2009/07/20 11:12:49 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.001

[2009/07/20 11:01:31 | 000,000,247 | ---- | C] () -- C:\ProgramData\hpqp.ini

[2009/07/20 10:57:51 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.dat

========== LOP Check ==========

[2011/01/05 01:34:48 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2012/08/17 19:51:21 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\DRPSu

[2010/03/25 01:44:35 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\Facebook

[2012/06/24 21:03:05 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\FixZeroAccess

[2010/06/15 13:45:49 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\LolClient

[2012/06/07 14:01:23 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\LolClient2

[2012/03/28 22:07:26 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\Might & Magic Heroes VI

[2010/09/26 19:28:33 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\muvee Technologies

[2011/01/03 17:58:14 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\Serif

[2012/08/17 19:51:22 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\Spotify

[2010/03/17 16:38:20 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\Template

[2011/05/20 16:09:49 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\The Creative Assembly

[2010/07/05 21:11:50 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\WildTangent

[2012/08/17 12:56:00 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >

[2009/02/28 15:44:26 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe

[2009/02/28 15:44:25 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe

[2009/02/28 15:44:25 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe

[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe

[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe

[2009/02/28 15:44:26 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe

[2008/01/21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: QMGR.DLL >

[2008/01/21 03:25:00 | 000,758,272 | ---- | M] (Microsoft Corporation) MD5=02ED7B4DBC2A3232A389106DA7515C3D -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\qmgr.dll

[2009/04/11 07:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\System32\qmgr.dll

[2009/04/11 07:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6002.18005_none_257c3df8f693d6d8\qmgr.dll

< MD5 for: SERVICES >

[2006/09/18 22:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services

[2006/09/18 22:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services

< MD5 for: SERVICES.AIP >

[2010/04/07 21:47:20 | 000,132,544 | ---- | M] (Adobe Systems Incorporated) MD5=3E69B3D98D1B184EA96CFBC18CE07CA5 -- C:\Program Files\Adobe\Adobe Illustrator CS5\Plug-ins\Extensions\Services.aip

< MD5 for: SERVICES.EXE >

[2008/01/21 03:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe

[2009/04/11 07:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

[2009/04/11 07:27:59 | 000,282,624 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\services.exe

< MD5 for: SERVICES.EXE.MUI >

[2006/11/02 13:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui

[2006/11/02 13:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui

< MD5 for: SERVICES.EXE.ND_ >

[2012/08/17 14:19:38 | 000,000,014 | ---- | M] () MD5=CEF854A550CEFD6DE45107D38B4DD48E -- C:\ComboFix\services.exe.ND_

< MD5 for: SERVICES.LNK >

[2008/01/21 03:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

[2008/01/21 03:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >

[2006/09/18 22:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof

[2006/09/18 22:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof

[2006/09/18 22:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof

< MD5 for: SERVICES.MSC >

[2006/11/02 13:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc

[2006/09/18 22:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc

[2006/11/02 13:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc

[2006/09/18 22:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc

< MD5 for: SVCHOST.EXE >

[2008/01/21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe

[2008/01/21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >

[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >

[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe

[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2008/01/21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s >

"ImagePath" = %SystemRoot%\system32\svchost.exe -k netsvcs -- [2008/01/21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Jake\Desktop\re up finding nemo.avi:TOC.WMV

< End of report >

Extras

OTL Extras logfile created on: 17/08/2012 14:23:30 - Run 1

OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Jake\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.97 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 54.43% Memory free

6.15 Gb Paging File | 4.71 Gb Available in Paging File | 76.62% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 222.33 Gb Total Space | 23.70 Gb Free Space | 10.66% Space Free | Partition Type: NTFS

Drive D: | 10.55 Gb Total Space | 1.80 Gb Free Space | 17.04% Space Free | Partition Type: NTFS

Unable to calculate disk information.

Computer Name: OLDGREGG | User Name: Jake | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-605186710-3114713356-2354346427-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htafile [open] -- "%1" %*

http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{09DAE1D0-29A1-435A-9473-E98DB975F0B8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{0FBAFECE-FA09-4075-98D2-9370E412D19D}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client |

"{1118847A-F510-42E6-9A62-992FC753A4C8}" = lport=138 | protocol=17 | dir=in | app=system |

"{13E042B3-447E-4E9D-A2B2-31682CB5760A}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher |

"{14B0256A-BFEB-4866-93B8-FA2000CFB0E2}" = lport=6933 | protocol=17 | dir=in | name=league of legends launcher |

"{1851BEB5-2DD5-484D-AC85-06D5E2001B7F}" = rport=445 | protocol=6 | dir=out | app=system |

"{2D1B45F2-DD63-4DE5-911D-9DFE4A0F163B}" = lport=8397 | protocol=6 | dir=in | name=league of legends launcher |

"{2D7816BB-B6B3-4D2F-8689-1DB6D41DF0A1}" = lport=6933 | protocol=6 | dir=in | name=league of legends launcher |

"{30E1DD2E-D842-4EB0-B3E7-7A277715BC1E}" = lport=6995 | protocol=17 | dir=in | name=league of legends launcher |

"{3241CB30-C981-42A8-99D0-103538EAD64D}" = lport=6888 | protocol=6 | dir=in | name=league of legends launcher |

"{32E3BBC4-B556-4B19-B352-C5ACD70109DA}" = lport=6921 | protocol=17 | dir=in | name=league of legends launcher |

"{33959E33-5DA0-4860-A61A-2F537217866A}" = lport=6960 | protocol=6 | dir=in | name=league of legends launcher |

"{3BFD701A-555D-47C6-90EC-1663250207AF}" = lport=6976 | protocol=6 | dir=in | name=league of legends launcher |

"{3E352296-724C-4C6B-A1A8-72FA30AA6163}" = lport=6964 | protocol=6 | dir=in | name=league of legends launcher |

"{416E908F-321B-41A0-91C2-73C39676A2A5}" = lport=6942 | protocol=17 | dir=in | name=league of legends launcher |

"{4176959F-D5F4-488E-A43F-B51EDC6C0AE0}" = rport=137 | protocol=17 | dir=out | app=system |

"{47F5807A-0CA2-4626-BC0B-D57CAB958D6A}" = lport=6894 | protocol=6 | dir=in | name=league of legends launcher |

"{4DB5FC07-6417-4417-A78F-7859B2924C4F}" = lport=6987 | protocol=6 | dir=in | name=league of legends launcher |

"{563C4112-33BE-45CC-AE41-A700A4C433B7}" = lport=6897 | protocol=6 | dir=in | name=league of legends launcher |

"{5B975087-D287-43CE-981D-EE5C417F86A0}" = lport=6910 | protocol=6 | dir=in | name=league of legends launcher |

"{61DB71AD-0FE3-40A7-B3FF-D7C29CAEAFFE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{62600736-72D4-464D-AD18-79A7D88CBBAA}" = lport=445 | protocol=6 | dir=in | app=system |

"{62E114E4-0B97-4D22-BD7E-57DE633B6955}" = lport=6976 | protocol=17 | dir=in | name=league of legends launcher |

"{63EED010-D5C8-41D8-89A6-88A9E8837CE7}" = lport=6894 | protocol=17 | dir=in | name=league of legends launcher |

"{648E641B-02B2-42E1-B5FA-EF3BFAEEACCB}" = lport=6951 | protocol=17 | dir=in | name=league of legends launcher |

"{67A2128B-EFCD-4C24-8C6C-00E1AC8F803B}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |

"{680BB0DD-07BD-4407-B049-61638BB849BD}" = lport=6964 | protocol=17 | dir=in | name=league of legends launcher |

"{699D488A-A24E-4FB1-8524-348203F7FDF2}" = lport=6921 | protocol=6 | dir=in | name=league of legends launcher |

"{6B0A58D2-E57C-44AB-AC16-252A80E1DDDC}" = lport=6910 | protocol=17 | dir=in | name=league of legends launcher |

"{781B87C8-C47E-40D6-B868-865442E1ED72}" = lport=8398 | protocol=6 | dir=in | name=league of legends launcher |

"{7B777A42-7CCB-4780-B0A6-01F0D91792DF}" = lport=8398 | protocol=17 | dir=in | name=league of legends launcher |

"{80C7289A-AC12-4B7D-9817-BBD692815C88}" = lport=6951 | protocol=6 | dir=in | name=league of legends launcher |

"{8177DAE9-39C4-4796-A09B-84135B85395D}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |

"{871A667D-6B08-4D11-94FD-B10F148DE722}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |

"{8AADFC95-29AC-4D4C-B1AB-33E2EC2357AD}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher |

"{93B4B878-69D3-4997-AD4B-EAD634AE3DD8}" = lport=6897 | protocol=17 | dir=in | name=league of legends launcher |

"{A7CACFFF-BB0A-4CAB-8CCD-A1EAC68865E8}" = lport=6995 | protocol=6 | dir=in | name=league of legends launcher |

"{A8B66EC4-C0DE-486E-9F72-47FF6A79C9AD}" = lport=139 | protocol=6 | dir=in | app=system |

"{B0377119-3BE2-4AFB-A895-D0F2D13D5607}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |

"{B6DC5A33-4D2D-453E-B12B-269F05F96E9F}" = lport=6899 | protocol=6 | dir=in | name=league of legends launcher |

"{BE755B2A-B1CB-4BA5-8A7C-8794C753EE36}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby |

"{BEF55AF7-6EC2-4A89-8145-AB859D2FCC5E}" = lport=6888 | protocol=17 | dir=in | name=league of legends launcher |

"{CE5BE03C-44C2-4D5C-84A1-3330085FD8F1}" = rport=138 | protocol=17 | dir=out | app=system |

"{CF5E0CB6-2AA3-4089-83A8-7AD884430E96}" = lport=6934 | protocol=17 | dir=in | name=league of legends launcher |

"{D1FBB309-AEFD-4502-8F6E-C8D7A0357F57}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |

"{D420883E-8467-4914-B4FC-019690EC3E54}" = lport=137 | protocol=17 | dir=in | app=system |

"{D56BE9E0-E679-4749-AE8C-A13833AD14E9}" = rport=139 | protocol=6 | dir=out | app=system |

"{D6DC7B7B-C99B-4554-A06A-B3EA928F3354}" = lport=8397 | protocol=17 | dir=in | name=league of legends launcher |

"{D98BB5CA-D730-4752-987C-15BCA5E88976}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client |

"{DD3BDBD0-27BE-4DFD-B207-D9411B76F83A}" = lport=6932 | protocol=6 | dir=in | name=league of legends launcher |

"{DDC1A6D3-B84C-4BB7-A68D-DC7FBED42DB4}" = lport=6934 | protocol=6 | dir=in | name=league of legends launcher |

"{E0317492-7F32-404E-A860-1C272797EB8B}" = lport=6942 | protocol=6 | dir=in | name=league of legends launcher |

"{E1086C36-5E75-4722-9105-DF570A5E03D1}" = lport=6960 | protocol=17 | dir=in | name=league of legends launcher |

"{ED48B6E7-8C5C-4A2B-9266-17EAA4315897}" = lport=6932 | protocol=17 | dir=in | name=league of legends launcher |

"{EDBF3618-87E6-45FA-9BD7-0DA4ACA65E9A}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |

"{F5831082-C7AF-4F10-BDD8-195BA83F4650}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby |

"{F6A77A8E-5277-4434-B460-5D2818AD2585}" = lport=6987 | protocol=17 | dir=in | name=league of legends launcher |

"{F9F8DA22-5FCF-435F-AAF7-154ADFEB1394}" = lport=6899 | protocol=17 | dir=in | name=league of legends launcher |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{03EAF3B7-48FB-462F-A3F9-DBF86E98C3B3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{0982B97D-39C5-4F3A-8DEF-5D89C7341E3A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\stronghold3\bin\win32_release\mapeditor.exe |

"{0EB0BFAD-234F-402A-9C48-52C5AF2E11A4}" = protocol=6 | dir=in | app=c:\users\jake\appdata\roaming\spotify\spotify.exe |

"{1233F655-CA98-48FB-94F9-97EB0BEF0742}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{1BC85F6E-A578-4531-ACC2-18E6AB77049A}" = protocol=6 | dir=in | app=c:\program files\league of legends\lol.launcher.exe |

"{21E1C8B7-5C8F-47F0-90C1-A30BF2091EB8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |

"{24897323-95EA-4CC4-89A9-7CE83E862E17}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe |

"{259531F0-DAB2-43DA-B5BF-02E2048A6153}" = protocol=17 | dir=in | app=c:\users\jake\appdata\local\akamai\netsession_win.exe |

"{2677CE74-0347-4306-A72C-6FEDFA094DDC}" = dir=in | app=c:\program files\itunes\itunes.exe |

"{271769DD-C3C2-4612-9E2A-054ED5AAE9A1}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |

"{31534F46-B062-48DD-9608-C53B7D6E7C82}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe |

"{32C9888A-8473-4027-9B25-1EE29E6B8DF5}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{362251A5-2742-47A6-A97B-F2CBDAA77AF0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\medieval ii total war\launcher.exe |

"{365F7202-0C65-4D9E-ACD3-51036444F711}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sega classics\segagenesisclassics.exe |

"{41DDB365-C8AB-4571-8B47-F4AC629CF43A}" = protocol=17 | dir=in | app=c:\program files\league of legends\lol.launcher.exe |

"{4286ADCB-4977-43B6-9233-2D26398125F0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |

"{44FB8034-2D5E-4B60-84BE-DA44B8C9DF97}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |

"{520FB5C6-794D-459A-B9BD-228B723A9D59}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\might and magic heroes vi\might & magic heroes vi.exe |

"{54EA54CB-6BE1-4CD3-8674-824A9055CA8D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |

"{54F653BF-DFA6-4FCD-ABC1-A94ED75A6817}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{5A2EFDBC-2177-4539-BA94-FA7CEBE55DC8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |

"{5B5519F7-5B56-48CD-8221-47E4A4D470C5}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\shogun2.exe |

"{5C919CD8-C91B-4D89-8B8C-50B50B05270F}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |

"{5F6D6458-0D93-46F3-B836-8E27B2E50B1E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{63858629-0192-4601-97A9-5EE0872C0229}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |

"{6CC32395-C378-4FDE-B302-F9309F4CEF50}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |

"{71A86E31-21DB-4354-AFF5-029A676B899B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sega classics\segagenesisclassics.exe |

"{7830E5CB-86BC-4CB8-B7D0-8A635B06C5EA}" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |

"{7ECEE71D-954A-4D8D-93C3-0A3052091FE9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{83A49542-9ED5-4C59-9760-FD00E94020C4}" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |

"{8ADAFAB9-D529-465E-B4FA-7F0BD0EC94AC}" = protocol=6 | dir=in | app=c:\users\jake\appdata\local\akamai\netsession_win.exe |

"{8FE478D5-4F16-41E9-A841-496795202469}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{971F8B6F-B8FB-4246-AD56-F8A6F00B75EE}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\might and magic heroes vi\might & magic heroes vi.exe |

"{9BE7671E-C8CE-4773-BDCE-F0AE9DE770E4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war ii - retribution\dow2.exe |

"{9D212D3F-9F1F-40F1-8125-D8A5BF9AB670}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\stronghold3\bin\win32_release\mapeditor.exe |

"{9F84E0DD-90C6-4A99-92AA-DE6F3DE63008}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |

"{A7E975EE-1D4C-45EB-BA35-A96853684F39}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe |

"{A95FCC5A-8D70-498C-AE7E-25802FC99BE3}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |

"{A96B62DC-D24F-419C-82CE-282C77E35A1F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |

"{AC5C9B7E-0F21-46D8-8EDD-EBD2AB373A89}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{B4BFABFA-DD54-478C-9467-9CB71987FDE5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{B93EBDE8-CE52-49A4-B29C-A46D0C9A9665}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{B97F00FB-FCB2-4BFD-BB9C-111800592474}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{BDA5A272-6F9F-4818-A2B2-BE75E3D8ECBD}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war ii - retribution\dow2.exe |

"{CE53E36B-0F80-45FF-B988-DA1E0EF80770}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\medieval ii total war\launcher.exe |

"{D4F604AE-9EB3-4E04-925F-CD0A4A39B269}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |

"{D633F93E-D195-4FF2-A335-619FC097FDB6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\shogun2.exe |

"{D9714615-4583-41ED-B895-4FE696268EC5}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{DAF49D7B-AE42-4E70-AF40-D3C62F9356A0}" = protocol=17 | dir=in | app=c:\users\jake\appdata\roaming\spotify\spotify.exe |

"{DEAD307D-DA98-400F-9AE4-1D3E2510B22F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{E0130B97-9886-4CF8-9197-C2B0FCF7C264}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe |

"{E0F12231-AC6B-400B-98E6-22D54EC33267}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\stronghold3\bin\win32_release\stronghold3.exe |

"{E15D8CBE-A73F-4649-A10A-D95A0EA2F4EE}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{F0747AAA-999B-450D-BA11-397804CE60BC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\stronghold3\bin\win32_release\stronghold3.exe |

"TCP Query User{7EF7A52A-E6BE-4CCE-92E4-693206F940CF}C:\program files\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseekns\slsk.exe |

"TCP Query User{97398458-4672-4D2F-B672-1A0B2FD20174}C:\program files\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |

"UDP Query User{4949D5AA-666D-4642-86E2-4550818CCDB1}C:\program files\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseekns\slsk.exe |

"UDP Query User{6224A5BC-EF7D-4744-AB6A-049FDA0C4CB5}C:\program files\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{09234F0D-5971-4701-94EE-89CB6926E273}" = Serif PhotoPlus SE

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help

"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1

"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{16B2498C-C6C1-4AE7-95EF-D2A09F50071C}" = KODAK Share Button App

"{17050C48-16CB-4500-A102-CEAD750CE11E}" = HP User Guides 0138

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V

"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant

"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 11

"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 M1

"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes

"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7

"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update

"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library

"{66FF4C48-0083-4E60-8556-B883AB200091}" = Heroes of Might & Magic V: Hammers of Fate

"{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client

"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver

"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B97EC91-B3FD-4BFF-88FC-5345A26AC2E7}" = Adobe Illustrator CS5

"{9E897D0F-F804-41A3-966C-7BB6EB5B6BE8}" = SpyHunter

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9

"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player

"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support

"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader

"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player

"{E1B3D19D-8C1D-4C91-86CE-FBB8F5624382}" = LCP New Generation Literacy Year4

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218

"{E5E29403-3D25-40C6-892B-F9FEE2A95585}" = HP Wireless Assistant

"{E8020EC7-5DD8-80C9-7237-7B2E9BDA8CC6}" = muvee Reveal

"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"3AB84797D160AF55A0CC9990F040AFD2E44CD3B7" = Windows Driver Package - NVIDIA (nv) Display (12/05/2007 6.14.11.6921)

"3D970B9F930E7AAE23C06D39A1AC98548C90B442" = Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0)

"5820ED5B6B185D354EB99DCB0240AF46811B907C" = Windows Driver Package - NVIDIA (nv) Display (12/05/2007 6.14.11.6921)

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Akamai" = Akamai NetSession Interface Service

"AOL Toolbar" = AOL Toolbar 5.0

"CCleaner" = CCleaner

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"DivX Setup.divx.com" = DivX Setup

"Google Chrome" = Google Chrome

"Heroes of Might and Magic® III" = Heroes of Might and Magic® III Complete

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"League of Legends_is1" = League of Legends

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"McAfee Security Scan" = McAfee Security Scan Plus

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Mozilla Firefox 10.0.2 (x86 en-GB)" = Mozilla Firefox 10.0.2 (x86 en-GB)

"NIS" = Norton Internet Security

"NSS" = Norton Security Scan

"NVIDIA Drivers" = NVIDIA Drivers

"Raptor - Call of the Shadows_is1" = Raptor - Call of the Shadows

"Shockwave" = Shockwave

"Soulseek2" = SoulSeek 157 NS 13e

"Spotify" = Spotify

"Steam App 204300" = Awesomenauts

"Steam App 34270" = SEGA Genesis & Mega Drive Classics

"Steam App 34330" = Total War: SHOGUN 2

"Steam App 440" = Team Fortress 2

"Steam App 47400" = Stronghold 3

"Steam App 48220" = Might & Magic ® Heroes ® VI

"Steam App 56400" = Warhammer® 40,000®: Dawn of War® II – Retribution™

"Steam App 570" = Dota 2

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Total Annihilation - Commander Pack_is1" = Total Annihilation - Commander Pack

"VLC media player" = VLC media player 1.1.0

"Warcraft III" = Warcraft III

"WildTangent hp Master Uninstall" = My HP Games

"World of Warcraft" = World of Warcraft

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-605186710-3114713356-2354346427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Akamai" = Akamai NetSession Interface

"DRPSu Updater" = DriverPack Solution Updater

"Facebook Plug-In" = Facebook Plug-In

"Spotify" = Spotify

"Warcraft III" = Warcraft III: All Products

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 16/08/2012 17:58:19 | Computer Name = OldGregg | Source = Windows Search Service | ID = 3013

Description =

Error - 16/08/2012 17:58:19 | Computer Name = OldGregg | Source = Windows Search Service | ID = 3013

Description =

Error - 16/08/2012 17:58:19 | Computer Name = OldGregg | Source = Windows Search Service | ID = 3013

Description =

Error - 16/08/2012 17:58:19 | Computer Name = OldGregg | Source = Windows Search Service | ID = 3013

Description =

Error - 16/08/2012 17:58:19 | Computer Name = OldGregg | Source = Windows Search Service | ID = 3013

Description =

Error - 16/08/2012 17:58:19 | Computer Name = OldGregg | Source = Windows Search Service | ID = 3013

Description =

Error - 16/08/2012 17:58:19 | Computer Name = OldGregg | Source = Windows Search Service | ID = 3013

Description =

Error - 16/08/2012 18:05:17 | Computer Name = OldGregg | Source = Application Error | ID = 1000

Description = Faulting application Skype.exe, version 5.8.0.158, time stamp 0x4f4de709,

faulting module Skype.exe, version 5.8.0.158, time stamp 0x4f4de709, exception

code 0xc0000005, fault offset 0x001e4f47, process id 0xf9c, application start time

0x01cd7bf6f7b86955.

Error - 17/08/2012 05:54:26 | Computer Name = OldGregg | Source = WinMgmt | ID = 10

Description =

Error - 17/08/2012 07:58:25 | Computer Name = OldGregg | Source = WinMgmt | ID = 10

Description =

[ System Events ]

Error - 12/07/2010 03:26:02 | Computer Name = OldGregg | Source = Service Control Manager | ID = 7000

Description =

Error - 12/07/2010 11:55:02 | Computer Name = OldGregg | Source = HTTP | ID = 15016

Description =

Error - 12/07/2010 11:55:17 | Computer Name = OldGregg | Source = Service Control Manager | ID = 7000

Description =

Error - 12/07/2010 16:38:31 | Computer Name = OldGregg | Source = HTTP | ID = 15016

Description =

Error - 12/07/2010 16:38:58 | Computer Name = OldGregg | Source = Service Control Manager | ID = 7000

Description =

Error - 13/07/2010 10:42:23 | Computer Name = OldGregg | Source = HTTP | ID = 15016

Description =

Error - 13/07/2010 10:42:47 | Computer Name = OldGregg | Source = Service Control Manager | ID = 7000

Description =

Error - 13/07/2010 14:25:29 | Computer Name = OldGregg | Source = HTTP | ID = 15016

Description =

Error - 13/07/2010 14:25:54 | Computer Name = OldGregg | Source = Service Control Manager | ID = 7000

Description =

Error - 13/07/2010 15:53:39 | Computer Name = OldGregg | Source = HTTP | ID = 15016

Description =

< End of report >

Thanks again.

Jake

[aliB]

hi

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

File::

C:\Users\Jake\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@

FCopy::

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe | C:\Windows\System32\services.exe

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

[Jake1988]

Hi

Took a while but here you go!

[19:48:42] Jake Smithson: ComboFix 12-08-17.03 - Jake 17/08/2012 18:50:08.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3038.1295 [GMT 1:00]

Running from: c:\users\Jake\Desktop\ComboFix.exe

Command switches used :: c:\users\Jake\Desktop\CFScript.txt

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\users\Jake\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Jake\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@

c:\windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@

c:\windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000001.@

c:\windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\80000000.@

c:\windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\800000cb.@

c:\windows\jestertb.dll

c:\windows\system32\drivers\etc\hosts.ics

.

c:\windows\system32\services.exe . . . is infected!!

.

.

--------------- FCopy ---------------

.

c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe --> c:\windows\System32\services.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_{79007602-0CDB-4405-9DBF-1257BB3226EE}

.

.

((((((((((((((((((((((((( Files Created from 2012-07-17 to 2012-08-17 )))))))))))))))))))))))))))))))

.

.

2012-08-17 18:07 . 2012-08-17 18:12 -------- d-----w- c:\users\Jake\AppData\Local\temp

2012-08-17 18:07 . 2012-08-17 18:07 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-14 23:18 . 2012-08-14 23:18 -------- d-----w- c:\program files\Norton Bootable Recovery Tool Wizard

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-25 07:40 . 2012-06-25 07:40 110080 ----a-r- c:\users\Jake\AppData\Roaming\Microsoft\Installer\{9E897D0F-F804-41A3-966C-7BB6EB5B6BE8}\IconF7A21AF7.exe

2012-06-25 07:40 . 2012-06-25 07:40 110080 ----a-r- c:\users\Jake\AppData\Roaming\Microsoft\Installer\{9E897D0F-F804-41A3-966C-7BB6EB5B6BE8}\IconD7F16134.exe

2012-06-25 07:40 . 2012-06-25 07:40 110080 ----a-r- c:\users\Jake\AppData\Roaming\Microsoft\Installer\{9E897D0F-F804-41A3-966C-7BB6EB5B6BE8}\IconCF33A0CE.exe

2012-06-02 22:19 . 2012-06-22 14:10 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-22 14:10 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-22 14:07 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-22 14:07 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:19 . 2012-06-22 14:10 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:12 . 2012-06-22 14:10 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:12 . 2012-06-22 14:07 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 14:19 . 2012-06-22 14:02 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 14:12 . 2012-06-22 14:01 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-02-19 20:37 . 2011-05-08 21:25 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]

"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-11-18 966656]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"Steam"="c:\program files\Steam\Steam.exe" [2012-08-17 1353080]

"Akamai NetSession Interface"="c:\users\Jake\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]

"KGShareApp"="c:\program files\Kodak\KODAK Share Button App\KGShare_App.exe" [2012-02-03 394752]

"DrvUpdater"="c:\users\Jake\AppData\Roaming\DRPSu\DrvUpdater.exe" [2011-04-28 192856]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]

"Spotify Web Helper"="c:\users\Jake\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-17 932528]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-04 1410344]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]

"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-28 136600]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-01-20 483420]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13605408]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 92704]

.

c:\users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-27 98632]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

@="FSFilter Activity Monitor"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]

2008-09-24 00:21 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]

2008-12-04 05:15 218408 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]

2008-06-14 02:11 210216 ------w- c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]

2008-12-24 22:45 210216 ------w- c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe

.

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\aestsrv.exe [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ezSharedSvc

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-08 23:07]

.

2012-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-08 23:07]

.

2012-08-17 c:\windows\Tasks\HPCeeScheduleForJake.job

- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-02-28 19:34]

.

2012-07-23 c:\windows\Tasks\Norton Security Scan for Jake.job

- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-09-28 23:51]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.mail.ru/cnt/9134

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb

uInternet Settings,ProxyOverride = *.local;<local>;127.0.0.1:9421;

IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-GB\local\search.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{68EABCD3-3D92-4742-B663-6362B9F46391}: NameServer = 192.168.16.1

FF - ProfilePath - c:\users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\vhbfrf03.default\

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-29850121.sys

SafeBoot-60953222.sys

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-08-17 19:12

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.3.6\diMaster.dll\" /prefetch:1"

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\STacSV.exe

c:\windows\system32\rundll32.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe

c:\program files\SMINST\BLService.exe

c:\program files\CyberLink\Shared files\RichVideo.exe

c:\windows\system32\DllHost.exe

c:\program files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe

c:\program files\Kodak\KODAK Share Button App\Listener.exe

c:\windows\System32\rundll32.exe

c:\windows\ehome\ehmsas.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Common Files\Steam\SteamService.exe

c:\program files\Norton Internet Security\Engine\16.8.3.6\WSCStub.exe

c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\servicing\TrustedInstaller.exe

c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

c:\program files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

.

Completion time: 2012-08-17 19:21:06 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-17 18:20

.

Pre-Run: 22,773,518,336 bytes free

Post-Run: 22,534,377,472 bytes free

.

- - End Of File - - 1F3CF4936DCA9596D5F3E03298C56369

Thanks alot.

[aliB]

Open OTL again

Under the Custom Scan box paste this in

/md5start

services.*

/md5stop

Click the Quick Scan button

post the log it produces

[Jake1988]

OTL

OTL logfile created on: 17/08/2012 22:03:08 - Run 2

OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Jake\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.97 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 53.91% Memory free

6.14 Gb Paging File | 4.71 Gb Available in Paging File | 76.71% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 222.33 Gb Total Space | 21.07 Gb Free Space | 9.48% Space Free | Partition Type: NTFS

Drive D: | 10.55 Gb Total Space | 1.80 Gb Free Space | 17.04% Space Free | Partition Type: NTFS

Unable to calculate disk information.

Computer Name: OLDGREGG | User Name: Jake | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/17 20:28:04 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Jake\Downloads\OTL(1).exe

PRC - [2012/08/17 13:13:26 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe

PRC - [2012/08/17 13:00:38 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\steam.exe

PRC - [2012/05/26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Jake\AppData\Local\Akamai\netsession_win.exe

PRC - [2012/05/17 18:39:06 | 000,932,528 | ---- | M] () -- C:\Users\Jake\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

PRC - [2012/02/19 21:37:34 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2012/02/03 15:14:44 | 000,108,032 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\KODAK Share Button App\Listener.exe

PRC - [2011/09/22 01:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe

PRC - [2011/04/28 09:27:52 | 000,192,856 | ---- | M] () -- C:\Users\Jake\AppData\Roaming\DRPSu\DrvUpdater.exe

PRC - [2010/09/16 21:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

PRC - [2010/01/15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/02/28 15:30:56 | 000,382,384 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe

PRC - [2009/01/20 09:39:12 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe

PRC - [2009/01/20 09:38:46 | 000,249,938 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\stacsv.exe

PRC - [2009/01/20 09:37:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\AEstSrv.exe

PRC - [2008/12/24 01:18:20 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe

========== Modules (No Company Name) ==========

MOD - [2012/08/17 13:13:26 | 020,316,496 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll

MOD - [2012/08/17 13:13:25 | 001,099,576 | ---- | M] () -- C:\Program Files\Steam\bin\avcodec-53.dll

MOD - [2012/08/17 13:13:25 | 000,900,944 | ---- | M] () -- C:\Program Files\Steam\bin\chromehtml.dll

MOD - [2012/08/17 13:13:25 | 000,190,776 | ---- | M] () -- C:\Program Files\Steam\bin\avformat-53.dll

MOD - [2012/08/17 13:13:25 | 000,123,192 | ---- | M] () -- C:\Program Files\Steam\bin\avutil-51.dll

MOD - [2012/06/14 18:23:42 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll

MOD - [2012/06/14 18:23:08 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll

MOD - [2012/06/14 18:22:23 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll

MOD - [2012/06/14 18:19:22 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll

MOD - [2012/05/17 18:39:06 | 000,932,528 | ---- | M] () -- C:\Users\Jake\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

MOD - [2012/05/11 17:31:40 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll

MOD - [2012/05/11 17:23:18 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll

MOD - [2012/05/11 17:23:14 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\b6d83a652c94b32fc8f99a6df0acd7f4\System.Transactions.ni.dll

MOD - [2012/05/11 17:23:13 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4b5eaa70d2900b98ccf6fd9915f34d69\System.EnterpriseServices.ni.dll

MOD - [2012/05/11 17:23:13 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4b5eaa70d2900b98ccf6fd9915f34d69\System.EnterpriseServices.Wrapper.dll

MOD - [2012/05/11 17:22:59 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll

MOD - [2012/05/11 17:12:17 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll

MOD - [2012/05/11 17:09:04 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll

MOD - [2012/05/11 17:08:21 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll

MOD - [2012/05/11 17:06:48 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll

MOD - [2012/05/11 17:06:39 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll

MOD - [2012/05/11 17:04:57 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll

MOD - [2012/02/19 21:37:33 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

MOD - [2011/04/28 09:27:52 | 000,192,856 | ---- | M] () -- C:\Users\Jake\AppData\Roaming\DRPSu\DrvUpdater.exe

MOD - [2010/09/16 21:04:50 | 000,095,528 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll

MOD - [2010/09/16 21:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

MOD - [2009/11/03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2009/04/11 07:28:21 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll

MOD - [2009/04/11 03:04:15 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

MOD - [2009/03/30 05:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

MOD - [2009/03/30 05:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

MOD - [2008/11/18 20:03:14 | 000,032,768 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll

MOD - [2008/11/18 19:57:08 | 000,007,168 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll

MOD - [2008/11/18 19:57:06 | 000,057,344 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll

MOD - [2008/11/18 19:56:58 | 000,118,784 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\ECLibrary.dll

MOD - [2008/11/18 19:56:56 | 000,010,240 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll

MOD - [2008/11/18 19:56:40 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll

MOD - [2008/11/18 19:56:40 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll

MOD - [2008/11/18 19:56:40 | 000,005,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll

MOD - [2008/09/24 01:21:22 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll

MOD - [2007/08/14 21:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll

MOD - [2007/07/12 21:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll

MOD - [2007/07/12 21:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/08/17 13:13:26 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2011/09/22 01:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe -- (Norton Internet Security)

SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2009/01/20 09:38:46 | 000,249,938 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\stacsv.exe -- (STacSV)

SRV - [2009/01/20 09:37:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\AEstSrv.exe -- (AESTFilters)

SRV - [2008/12/24 01:18:20 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)

SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SYMREDRV.SYS -- (SYMREDRV)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SYMDNS.SYS -- (SYMDNS)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)

DRV - [2012/08/16 20:11:02 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120817.003\NAVEX15.SYS -- (NAVEX15)

DRV - [2012/08/16 20:11:02 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)

DRV - [2012/08/16 20:11:02 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2012/08/16 20:11:02 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120817.003\NAVENG.SYS -- (NAVENG)

DRV - [2012/06/14 19:39:26 | 000,382,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20120722.001\IDSvix86.sys -- (IDSVix86)

DRV - [2011/10/11 18:00:29 | 000,467,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\cchpx86.sys -- (ccHP)

DRV - [2011/09/22 01:35:58 | 000,217,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\symtdi.sys -- (SYMTDI)

DRV - [2011/09/22 01:35:58 | 000,089,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\symfw.sys -- (SYMFW)

DRV - [2011/09/22 01:35:58 | 000,048,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\symndisv.sys -- (SYMNDISV)

DRV - [2011/05/06 16:57:10 | 000,013,904 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)

DRV - [2010/03/16 21:15:18 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2010/01/20 22:03:39 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\SymEFA.sys -- (SymEFA)

DRV - [2010/01/20 22:03:39 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\srtsp.sys -- (SRTSP)

DRV - [2010/01/20 22:03:39 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\BHDrvx86.sys -- (BHDrvx86)

DRV - [2010/01/20 22:03:39 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\srtspx.sys -- (SRTSPX)

DRV - [2010/01/20 22:03:28 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)

DRV - [2009/01/20 09:39:16 | 000,394,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

DRV - [2009/01/15 11:13:00 | 007,543,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2008/12/23 12:47:52 | 000,138,240 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2008/12/20 08:01:46 | 001,093,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2008/09/24 17:09:48 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)

DRV - [2008/01/21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)

DRV - [2007/06/19 01:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb

IE - HKLM\..\SearchScopes,DefaultScope = {025691BC-FC8A-4AB2-96A1-7111A3722E0D}

IE - HKLM\..\SearchScopes\{025691BC-FC8A-4AB2-96A1-7111A3722E0D}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcnnbie7-en-gb

IE - HKLM\..\SearchScopes\{862D96F9-09F3-41FE-9635-F1FB35E4105F}: "URL" = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936

IE - HKLM\..\SearchScopes\{F304A406-DF59-4420-A8BC-6A357E233831}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.ru/cnt/9134

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\SearchScopes,DefaultScope = {E88E0043-C9D4-4e33-8555-FEE4F5B63060}

IE - HKCU\..\SearchScopes\{025691BC-FC8A-4AB2-96A1-7111A3722E0D}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcnnbie7-en-gb

IE - HKCU\..\SearchScopes\{862D96F9-09F3-41FE-9635-F1FB35E4105F}: "URL" = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936

IE - HKCU\..\SearchScopes\{E88E0043-C9D4-4e33-8555-FEE4F5B63060}: "URL" = http://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb

IE - HKCU\..\SearchScopes\{F304A406-DF59-4420-A8BC-6A357E233831}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>;127.0.0.1:9421;

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Jake\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011/10/12 17:49:39 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/29 02:01:48 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/08 22:25:12 | 000,000,000 | ---D | M]

[2010/03/15 21:55:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jake\AppData\Roaming\Mozilla\Extensions

[2012/05/24 17:46:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\vhbfrf03.default\extensions

[2010/07/22 17:40:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\vhbfrf03.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2012/05/24 17:46:16 | 000,000,000 | ---D | M] (Спутник @Mail.Ru) -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\vhbfrf03.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}

[2012/08/17 19:55:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/02/19 21:37:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/10/06 20:51:27 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml

[2011/10/06 20:51:27 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011/10/06 20:51:27 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml

[2011/10/06 20:51:27 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml

[2011/10/06 20:51:27 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: http://www.mail.ru/cnt/9134

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Jake\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2012/08/17 19:10:30 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\IPSBHO.dll (Symantec Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)

O4 - HKLM..\Run: [updateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Jake\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)

O4 - HKCU..\Run: [DrvUpdater] C:\Users\Jake\AppData\Roaming\DRPSu\DrvUpdater.exe ()

O4 - HKCU..\Run: [KGShareApp] C:\Program Files\Kodak\KODAK Share Button App\KGShare_App.exe (Eastman Kodak Company)

O4 - HKCU..\Run: [spotify Web Helper] C:\Users\Jake\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()

O4 - HKCU..\Run: [steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-GB\local\search.html ()

O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68EABCD3-3D92-4742-B663-6362B9F46391}: NameServer = 192.168.16.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D2C81628-7F6B-4DB2-B422-AADEB932A76C}: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Jake\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Jake\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/17 19:18:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/08/17 19:07:33 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\temp

[2012/08/17 18:46:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/08/17 18:46:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/08/17 18:46:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/08/17 18:46:13 | 000,000,000 | ---D | C] -- C:\ComboFix

[2012/08/17 18:44:14 | 004,733,838 | R--- | C] (Swearware) -- C:\Users\Jake\Desktop\ComboFix.exe

[2012/08/17 14:15:49 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/08/17 14:14:05 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/08/17 10:53:01 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2012/08/15 00:18:40 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Bootable Recovery Tool Wizard

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/17 21:55:30 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/08/17 21:55:30 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/08/17 21:55:03 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/08/17 19:56:44 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/08/17 19:56:39 | 000,031,776 | ---- | M] () -- C:\ProgramData\nvModes.001

[2012/08/17 19:55:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/08/17 19:54:26 | 3184,488,448 | -HS- | M] () -- C:\hiberfil.sys

[2012/08/17 19:10:30 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2012/08/17 18:44:26 | 004,733,838 | R--- | M] (Swearware) -- C:\Users\Jake\Desktop\ComboFix.exe

[2012/08/17 13:16:16 | 000,000,216 | ---- | M] () -- C:\Users\Jake\Desktop\Awesomenauts.url

[2012/08/17 11:02:02 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJake.job

[2012/08/17 10:55:21 | 000,031,776 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2012/08/17 10:52:46 | 242,813,380 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012/08/16 09:25:51 | 000,008,268 | ---- | M] () -- C:\Users\Jake\AppData\Local\d3d9caps.dat

[2012/07/23 19:40:46 | 000,000,472 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Jake.job

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/17 18:46:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/08/17 18:46:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/08/17 18:46:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/08/17 18:46:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/08/17 18:46:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/08/17 10:52:46 | 242,813,380 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2012/08/16 22:26:09 | 3184,488,448 | -HS- | C] () -- C:\hiberfil.sys

[2012/08/11 18:59:29 | 000,000,216 | ---- | C] () -- C:\Users\Jake\Desktop\Awesomenauts.url

[2011/12/12 20:51:33 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin

[2010/09/24 18:25:20 | 000,177,904 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat

[2010/08/21 16:28:10 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2010/06/07 12:11:44 | 000,004,096 | -H-- | C] () -- C:\Users\Jake\AppData\Local\keyfile3.drm

[2010/03/26 11:44:39 | 000,014,336 | ---- | C] () -- C:\Users\Jake\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/03/25 19:51:10 | 000,008,268 | ---- | C] () -- C:\Users\Jake\AppData\Local\d3d9caps.dat

[2010/03/17 16:38:18 | 000,003,362 | ---- | C] () -- C:\Users\Jake\AppData\Roaming\wklnhst.dat

[2009/07/20 11:12:49 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.001

[2009/07/20 11:01:31 | 000,000,247 | ---- | C] () -- C:\ProgramData\hpqp.ini

[2009/07/20 10:57:51 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.dat

========== LOP Check ==========

[2011/01/05 01:34:48 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2012/08/17 19:51:21 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\DRPSu

[2010/03/25 01:44:35 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\Facebook

[2012/06/24 21:03:05 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\FixZeroAccess

[2010/06/15 13:45:49 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\LolClient

[2012/06/07 14:01:23 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\LolClient2

[2012/03/28 22:07:26 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\Might & Magic Heroes VI

[2010/09/26 19:28:33 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\muvee Technologies

[2011/01/03 17:58:14 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\Serif

[2012/08/17 19:51:22 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\Spotify

[2010/03/17 16:38:20 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\Template

[2011/05/20 16:09:49 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\The Creative Assembly

[2010/07/05 21:11:50 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\WildTangent

[2012/08/17 19:50:32 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< MD5 for: SERVICES >

[2006/09/18 22:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services

[2006/09/18 22:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services

< MD5 for: SERVICES.AIP >

[2010/04/07 21:47:20 | 000,132,544 | ---- | M] (Adobe Systems Incorporated) MD5=3E69B3D98D1B184EA96CFBC18CE07CA5 -- C:\Program Files\Adobe\Adobe Illustrator CS5\Plug-ins\Extensions\Services.aip

< MD5 for: SERVICES.EXE >

[2008/01/21 03:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe

[2009/04/11 07:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\erdnt\cache\services.exe

[2009/04/11 07:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe

[2009/04/11 07:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SERVICES.EXE.MUI >

[2006/11/02 13:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui

[2006/11/02 13:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui

< MD5 for: SERVICES.EXE.VIR >

[2009/04/11 07:27:59 | 000,282,624 | ---- | M] () Unable to obtain MD5 -- C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir

< MD5 for: SERVICES.LNK >

[2008/01/21 03:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

[2008/01/21 03:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >

[2006/09/18 22:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof

[2006/09/18 22:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof

[2006/09/18 22:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof

< MD5 for: SERVICES.MSC >

[2006/11/02 13:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc

[2006/09/18 22:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc

[2006/11/02 13:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc

[2006/09/18 22:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Jake\Desktop\re up finding nemo.avi:TOC.WMV

< End of report >

Thanks

[aliB]

hi

Step 1

Update MalwareBytes AntiMalware and Run a Quick Scan.

Post the log it produces

Step 2

ESET Online Scanner

1. Click on the following link to open ESET OnlineScan in a new window.
   ESET OnlineScan
   
2. Click the button.
   
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   1. 
      
   2. Click on to download the ESET Smart Installer. Save it to your desktop.
      
   3. Double click on the icon on your desktop.
      
   4. Check
      
   5. Click the button.
      
   6. Accept any security warnings from your browser.
      
   7. Check
      
   8. Push the Start button.
      
   9. ESET will then download updates for itself, install itself, and begin
      scanning your computer. Please be patient as this can take some time.
      
   10. When the scan completes, push
       
   11. Push , and save the file to your desktop using a unique name, such as
       ESETScan. Include the contents of this report in your next reply.
       
   12. Push the button.
       
   13. Push
       
       Things i would like to see in your reply:
       • Malwarebytes Results.
         
       • Eset scanner report.
         
       • Update on how your computer is running

[Jake1988]

HI

My computer is running better than before. I no longer have the startup or antivirus software problems.

Eset scanner did not find any threats.

Mal Log

Malwarebytes Anti-Malware (Trial) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.18.02

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Jake :: OLDGREGG [administrator]

Protection: Enabled

21/08/2012 13:16:27

mbam-log-2012-08-21 (13-16-27).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 196934

Time elapsed: 12 minute(s), 4 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Sorry about the wait. It took me ages to do the scan!

[aliB]

hi

Congratulations your logs appear clean :thumbsup:

Reset and Re-enable your System Restore

The following will implement some cleanup procedures as well as reset System Restore points:

• Click START then RUN
  
• Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  
  

NEXT

• Open OTL to run it. (Vista users, right click on OTL and "Run as administrator")
  
• Click on the CleanUp button.
  
• Click Yes to begin the cleanup process and remove tools, including this application
  
• You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes

Recommendations

See Here for a list of recommendations for free Antivirus\AntiSpyware applications.

• Keep Your windows up to date by regularly checking their website at:
  http://windowsupdate.microsoft.com/
  
• SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
  
• SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
  
• Make Internet Explorer more secure
  • Click Start > Run
    
  • Type Inetcpl.cpl & click OK
    
  • Click on the Security tab
    
  • Click Reset all zones to default level
    
  • Make sure the Internet Zone is selected & Click Custom level
    
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  [*]MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

  [*]Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more

  secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up

  blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from

  Here

  If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.

  • NoScript - for blocking ads and other potential website attacks
    
  • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling
    

  [*]Click Here to learn how to keep a backup of your important files

  [*]FileHippo Update Checkker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.

Stay safe :wave:

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!