"Vista Antispyware 2010" Aftermath

[samcham]

I got an infection of the "Vista Antispyware 2010" malware. Norton 360 detected it and attempted to remove it.

Afterward, I cannot open programs. I get "Application not found" dialog boxes when I try to open Internet Explorer, Firefox, iTunes. When I try to open Microsoft Word 2003 (c:\Progrma Files\Microsoft Office\OFFICE11\WINWORD.EXE), I get a dialog that says, "This file does not have a program associated with it for performing this action. Create an association in the Set Associations control panel."

I don't know whether this is a continuing infection, an artifact left behind by the infection, or something that Norton 360 caused. Either way, my system is now completely unusable. I contacted Symantec, and they want $160 to diagnose and repair my system.

The "av.exe" process is not present in Task Manager.

I cannot run Hijack This. When I try to run it from a flash drive, I get an "Open With" dialog, showing Internet Explorer as the recommended program. Obviously, that's not right.

Can anyone shed any light on what might have happened to my system?

[deltalima]

Hi samcham,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

The logs can take some time to research, so please be patient with me.

Please note the following:

• I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  
• The fixes are specific to your problem and should only be used for this issue on this machine.
  
• Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  
• If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  
• It's often worth reading through these instructions and printing them for ease of reference.
  
• If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  
• Please reply to this thread. Do not start a new topic.
  

[deltalima]

Hi samcham,

You will need to use a different computer than the infected one to download the following tool and then copy it using a CD or USB pen drive to the computer with the problem.

Run exeHelper

Click here to download exeHelper by raktor and save it to your desktop.

• Double-click on exeHelper.com to run the tool.
  
• A black window should pop up, press any key to close once the fix is completed.
  
• A log named exehelperlog.txt should open afterward. If it does not, find the log in the same place exeHelper resides.
  
• Post the contents of exehelperlog.txt in your next reply.
  
• Note: If the window shows a message that says "Error deleting file", please run exeHelper again and then post the log.
  

Please now try to run HijackThis and if successful post the log in your next reply.

[samcham]

Hi samcham,

You will need to use a different computer than the infected one to download the following tool and then copy it using a CD or USB pen drive to the computer with the problem.

Run exeHelper

Click here to download exeHelper by raktor and save it to your desktop.

• Double-click on exeHelper.com to run the tool.
  
• A black window should pop up, press any key to close once the fix is completed.
  
• A log named exehelperlog.txt should open afterward. If it does not, find the log in the same place exeHelper resides.
  
• Post the contents of exehelperlog.txt in your next reply.
  
• Note: If the window shows a message that says "Error deleting file", please run exeHelper again and then post the log.
  

Please now try to run HijackThis and if successful post the log in your next reply.

Deltalima:

Thanks for the reply. When I try to download exehelper.com, there are two problems. First, I cannot save the file. I get an error message saying "Error copying file or folder: Cannot copy exeHelper.com: Access is denied. Make sure the disk is not full or write-protected and that the file is not currently in use."

Second, Norton is identifying the file as a trojan, and automatically putting the file in quarantine.

Please advise.

Thanks again.

[deltalima]

Hi samcham,

Cannot copy exeHelper.com: Access is denied

That error is due to Norton misidentifying the tool as a Trojan, one option would be to temporarily disable Norton so that the tool can be downloaded.

Alternatively please use another computer to download FixExe.reg and copy it to a flash drive.

Now move the drive to the infected computer and open the drive that corresponds to the removable media that you copied the program onto. Once open, double-click on the FixExe.reg file. When Windows prompts whether or not you want to allow the data to be added to your computer, click on the Yes button.

Please now try to run HijackThis and if successful post the log in your next reply.

[samcham]

I disabled Norton and was able to run exeHelper.

exeHelper log file contents:

exeHelper by Raktor
Build 20091220
Run at 17:52:03 on 03/05/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

I'll run HijackThis and post the results shortly.

[samcham]

Hi samcham,

That error is due to Norton misidentifying the tool as a Trojan, one option would be to temporarily disable Norton so that the tool can be downloaded.

Alternatively please use another computer to download FixExe.reg and copy it to a flash drive.

Now move the drive to the infected computer and open the drive that corresponds to the removable media that you copied the program onto. Once open, double-click on the FixExe.reg file. When Windows prompts whether or not you want to allow the data to be added to your computer, click on the Yes button.

Please now try to run HijackThis and if successful post the log in your next reply.

I am still unable to run HijackThis. I get an "Open With" dialog, recommending using Internet Explorer to open the file.

In other words, exeHelper had no effect.

I am going to be out of town for the next 2 days, and unable to access either computer. Please post any other ideas you have, and I'll check back here Sunday evening.

Thanks!

[deltalima]

Hi samcham,

I am still unable to run HijackThis. I get an "Open With" dialog

OK, now please try the alternative method using FixExe.reg from my previous post and then run a HijackThis scan and post the log back here.

[samcham]

I ran the other tool, and was able to run HijackThis!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:22:35 PM, on 3/5/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
F:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/?shva=1#inbox
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe"  /autorun
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix: 
O15 - Trusted Zone: *.line6.net
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10306 bytes

I will check back on Sunday when I return.

Thanks!

[deltalima]

Hi samcham,

Please Note:

The programs I ask you to run need to be run in Administrator Mode by... Right clicking the program file & selecting: Run as Administrator.

Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.

When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.

• Right click on OTL.exe and select Run as Administrator.
  
• Under Output, ensure that Minimal Output is selected.
  
• Under Extra Registry section, select Use SafeList.
  
• Click the Scan All Users checkbox.
  
• Click on Run Scan at the top left hand corner.
  
• When done, two Notepad files will open.
  
  • OTL.txt <-- Will be opened
    
  • Extras.txt <-- Will be minimized
    

  [*]Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.

• Right click the .exe file and select Run as Administrator. If asked to allow gmer.sys driver to load, please consent
  
• If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  
• Run Gmer again and click on the Rootkit tab.
  
• Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  
• Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  
• Click on the "Scan" and wait for the scan to finish.
  Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  
• When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  
• Note: If you have any problems, try running GMER in SAFE MODE
  

Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.

.

[samcham]

Thanks, deltalima. Per your instructions...

OTL.txt:

OTL logfile created on: 3/7/2010 7:39:19 PM - Run 1
OTL by OldTimer - Version 3.1.35.0	 Folder = C:\Users\Sam Chambers\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.69 Gb Total Space | 66.07 Gb Free Space | 47.64% Space Free | Partition Type: NTFS
Drive D: | 10.36 Gb Total Space | 1.78 Gb Free Space | 17.16% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SAMCHAMBERS-COM
Current User Name: Sam Chambers
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Users\Sam Chambers\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\SMINST\BLService.exe ()
PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc.)


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - C:\Users\Sam Chambers\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msi.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sfc_os.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sfc.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msiltcfg.dll (Microsoft Corporation)


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - (N360) -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe (Symantec Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (Recovery Service for Windows) -- C:\Program Files\SMINST\BLService.exe ()
SRV - (Symantec RemoteAssist) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100305.004\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100305.004\NAVENG.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100224.002\IDSvix86.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\N360\0308000.029\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\N360\0308000.029\SRTSP.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\N360\0308000.029\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS (Symantec Corporation)
DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\N360\0308000.029\SRTSPX.SYS (Symantec Corporation)
DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (ccHP) -- C:\Windows\System32\Drivers\N360\0308000.029\ccHPx86.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (L6PODX3LV) -- C:\Windows\System32\drivers\L6PODX3LV.sys (Line 6)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (TIEHDUSB) -- C:\Windows\System32\drivers\tiehdusb.sys (Texas Instruments Incorporated)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3294211691-668111062-4179659421-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
IE - HKU\S-1-5-21-3294211691-668111062-4179659421-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/?shva=1#inbox
IE - HKU\S-1-5-21-3294211691-668111062-4179659421-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3294211691-668111062-4179659421-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3294211691-668111062-4179659421-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/03/07 19:32:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/05 08:09:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/04 21:09:34 | 000,000,000 | ---D | M]

[2009/07/26 22:53:20 | 000,000,000 | ---D | M] -- C:\Users\Sam Chambers\AppData\Roaming\Mozilla\Extensions
[2010/02/27 19:26:43 | 000,000,000 | ---D | M] -- C:\Users\Sam Chambers\AppData\Roaming\Mozilla\Firefox\Profiles\tgu84gh2.default\extensions
[2009/08/30 13:09:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sam Chambers\AppData\Roaming\Mozilla\Firefox\Profiles\tgu84gh2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/07 19:31:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/06/30 12:44:08 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	   localhost
O1 - Hosts: ::1			 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-3294211691-668111062-4179659421-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-3294211691-668111062-4179659421-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3294211691-668111062-4179659421-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O7 - HKU\S-1-5-21-3294211691-668111062-4179659421-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3294211691-668111062-4179659421-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3294211691-668111062-4179659421-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3294211691-668111062-4179659421-1000\..Trusted Domains: line6.net ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3294211691-668111062-4179659421-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{22266734-816a-11de-b7b3-001f167fdef8}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O33 - MountPoints2\{7e239f6a-85f9-11de-ab79-001f167fdef8}\Shell - "" = AutoRun
O33 - MountPoints2\{7e239f6a-85f9-11de-ab79-001f167fdef8}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010/03/07 19:36:59 | 000,554,496 | ---- | C] (OldTimer Tools) -- C:\Users\Sam Chambers\Desktop\OTL.exe
[2010/03/04 20:02:33 | 000,000,000 | ---D | C] -- C:\Users\Sam Chambers\AppData\Local\Threat Expert
[2010/03/04 19:53:58 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll.old
[2010/03/04 19:51:16 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/03/04 19:02:01 | 000,000,000 | ---D | C] -- C:\Users\Sam Chambers\AppData\Roaming\AVS4YOU
[2010/03/04 18:58:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2010/03/04 18:57:30 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3a.dll
[2010/03/04 18:57:29 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2010/03/04 18:57:29 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2010/03/04 18:43:06 | 000,000,000 | ---D | C] -- C:\Users\Sam Chambers\Documents\Any DVD Converter Professional
[2010/03/04 18:42:36 | 000,000,000 | ---D | C] -- C:\Users\Sam Chambers\AppData\Roaming\AnvSoft
[2010/03/04 18:37:12 | 000,000,000 | ---D | C] -- C:\Users\Sam Chambers\Documents\DVDVideoSoft
[2010/03/04 18:37:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2010/03/03 21:57:31 | 000,000,000 | ---D | C] -- C:\Program Files\Combined Community Codec Pack
[2010/03/03 19:09:16 | 000,000,000 | ---D | C] -- C:\Users\Sam Chambers\AppData\Roaming\FreeVideoConverter
[2010/03/03 17:49:32 | 000,000,000 | ---D | C] -- C:\Users\Sam Chambers\AppData\Roaming\Regensoft
[2010/03/02 23:29:53 | 000,000,000 | ---D | C] -- C:\Users\Sam Chambers\AppData\Local\Geckofx
[2010/02/24 20:58:11 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010/02/24 20:58:11 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/02/23 19:34:04 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/02/23 19:33:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/02/23 19:32:03 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/02/23 19:32:02 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/02/23 19:32:02 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/02/23 19:32:01 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/02/23 19:32:01 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/02/23 19:32:01 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/02/23 19:32:01 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/02/23 19:32:01 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/02/23 19:32:01 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/02/23 19:31:49 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/02/23 19:31:48 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/02/23 19:31:47 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/02/20 15:13:09 | 000,000,000 | ---D | C] -- C:\EOrganizer
[2010/02/09 19:30:14 | 003,600,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/02/09 19:30:14 | 003,548,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/02/09 19:29:58 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/02/09 19:29:55 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/02/09 19:29:55 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/02/09 19:29:54 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010/03/07 19:42:21 | 002,097,152 | -HS- | M] () -- C:\Users\Sam Chambers\NTUSER.DAT
[2010/03/07 19:39:59 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BE73111E-9AD5-4719-A678-73CB211C61A2}.job
[2010/03/07 19:37:39 | 000,293,376 | ---- | M] () -- C:\Users\Sam Chambers\Desktop\ptw8m6nl.exe
[2010/03/07 19:37:07 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Users\Sam Chambers\Desktop\OTL.exe
[2010/03/07 19:34:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/07 19:32:54 | 000,000,246 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2010/03/07 19:32:23 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D6BE9152-BB37-4FE0-AE1D-1D192C3D7D5F}.job
[2010/03/07 19:31:59 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/07 19:31:58 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/07 19:31:39 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/07 19:31:19 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/07 19:31:18 | 000,042,904 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/03/07 19:31:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/07 19:31:01 | 2951,118,848 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/05 18:27:51 | 000,524,288 | -HS- | M] () -- C:\Users\Sam Chambers\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2010/03/05 18:27:51 | 000,065,536 | -HS- | M] () -- C:\Users\Sam Chambers\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2010/03/05 18:27:30 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/03/05 18:27:22 | 003,767,309 | -H-- | M] () -- C:\Users\Sam Chambers\AppData\Local\IconCache.db
[2010/03/04 20:15:45 | 000,007,992 | -HS- | M] () -- C:\Users\Sam Chambers\AppData\Local\24Q8P1Qh
[2010/03/04 20:13:07 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSam Chambers.job
[2010/03/03 21:42:21 | 000,147,840 | ---- | M] () -- C:\Users\Sam Chambers\Desktop\ScreenHunter_03 Mar. 03 21.42.gif
[2010/03/03 18:51:59 | 000,005,632 | ---- | M] () -- C:\Users\Sam Chambers\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/01 21:12:10 | 000,279,995 | ---- | M] () -- C:\Users\Sam Chambers\2009 Client copy for CHAMBERS (03-01-2010).pdf
[2010/03/01 11:09:53 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/01 11:09:53 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/01 11:09:53 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/02/26 19:40:04 | 000,042,904 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/02/24 06:26:52 | 000,112,616 | ---- | M] () -- C:\Users\Sam Chambers\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/24 01:10:52 | 000,404,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/14 16:08:44 | 000,194,560 | ---- | M] () -- C:\Users\Sam Chambers\Documents\Moving Cards 2.doc
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010/03/07 19:37:36 | 000,293,376 | ---- | C] () -- C:\Users\Sam Chambers\Desktop\ptw8m6nl.exe
[2010/03/04 20:12:52 | 2951,118,848 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/04 19:53:59 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2010/03/04 19:38:30 | 000,007,992 | -HS- | C] () -- C:\Users\Sam Chambers\AppData\Local\24Q8P1Qh
[2010/03/03 21:42:21 | 000,147,840 | ---- | C] () -- C:\Users\Sam Chambers\Desktop\ScreenHunter_03 Mar. 03 21.42.gif
[2010/03/01 21:12:09 | 000,279,995 | ---- | C] () -- C:\Users\Sam Chambers\2009 Client copy for CHAMBERS (03-01-2010).pdf
[2010/02/14 15:21:44 | 000,194,560 | ---- | C] () -- C:\Users\Sam Chambers\Documents\Moving Cards 2.doc
[2009/11/08 14:42:49 | 000,000,032 | ---- | C] () -- C:\Windows\GearBox.ini
[2009/10/20 20:08:11 | 000,006,190 | ---- | C] () -- C:\Windows\hplj3380.ini
[2009/09/17 20:40:53 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/08 21:08:54 | 000,000,416 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009/08/10 20:11:57 | 000,005,632 | ---- | C] () -- C:\Users\Sam Chambers\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/10 19:49:46 | 000,000,021 | ---- | C] () -- C:\ProgramData\hpqp.txt
[2009/08/09 21:40:48 | 000,042,904 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/08/09 21:40:22 | 000,042,904 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/08/05 07:00:16 | 000,000,680 | ---- | C] () -- C:\Users\Sam Chambers\AppData\Local\d3d9caps.dat
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/30 20:13:07 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/07/26 22:55:12 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2009/07/26 20:05:08 | 000,000,000 | ---- | C] () -- C:\Users\Sam Chambers\AppData\Local\QSwitch.txt
[2009/07/26 20:05:08 | 000,000,000 | ---- | C] () -- C:\Users\Sam Chambers\AppData\Local\DSwitch.txt
[2009/07/26 20:05:08 | 000,000,000 | ---- | C] () -- C:\Users\Sam Chambers\AppData\Local\AtStart.txt
[2009/05/14 14:29:30 | 000,008,520 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2009/05/12 12:15:04 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/05/12 12:14:54 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/05/12 12:14:28 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/05/12 12:13:53 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/05/12 12:11:56 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/05/12 12:11:47 | 000,000,246 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/04/20 07:27:52 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/04/20 07:21:52 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/04/20 07:19:51 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/04/20 07:18:27 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2009/01/25 16:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/01/08 18:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 04:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2004/03/28 01:26:36 | 000,415,232 | ---- | C] () -- C:\Windows\System32\Sparkle.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2002/10/15 17:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8
< End of report >

Extras.txt:

OTL Extras logfile created on: 3/7/2010 7:39:19 PM - Run 1
OTL by OldTimer - Version 3.1.35.0	 Folder = C:\Users\Sam Chambers\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.69 Gb Total Space | 66.07 Gb Free Space | 47.64% Space Free | Partition Type: NTFS
Drive D: | 10.36 Gb Total Space | 1.78 Gb Free Space | 17.16% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SAMCHAMBERS-COM
Current User Name: Sam Chambers
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3294211691-668111062-4179659421-1000\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06D293D2-FCD2-43ED-A3F4-13897F73D9EB}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{089C95E6-4BFC-4A7B-81D1-1FD1229CBD86}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{12B1670B-BA83-4F28-AA17-00349E6F03D1}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{16D48B44-4A31-4A81-8921-C1413512C623}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{1CFABB91-D3AA-4633-A5FE-60732BA3C9D2}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{2267D65E-D619-45EF-8ED3-BB094A0855B6}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service | 
"{290CEE41-AF6E-4018-A39B-9A60202DC980}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2B41F392-E4D8-498E-8F24-83AE7EED648F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{2E041FAD-83D7-42C8-806E-94AC7A2BC989}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{3646A19F-3759-4776-807B-00DB766D1ED3}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{3C6E8EA5-D063-4587-9ADF-DD0EF31ADE07}" = rport=138 | protocol=17 | dir=out | app=system | 
"{4470B9B8-D561-4974-898F-CD6FD6010EEF}" = rport=137 | protocol=17 | dir=out | app=system | 
"{4998BA1E-185C-46D0-8D91-ED01F20348B4}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{57E5ECD7-F597-4330-BE3A-C6850A7B392D}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{5BB8BA95-0E7F-4D51-9577-4255D46A012A}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{5C3F9B5F-28E1-4BAF-872F-A98535D6EEBE}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{5D282531-1E51-43C0-960D-C230CBBA54ED}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{67D61821-BCA1-452C-932C-764D05AF7719}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{68581BF3-1370-49EE-A5FF-9778DA13709D}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{6AAB5B74-CD0E-4AD7-8364-1FA444564B27}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{7AE25235-224C-437E-971F-2FAA781A6C63}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{7E236974-E11C-49C5-9CE4-2FDE4F38FD74}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{8743E838-65E9-4D37-A2C8-4599882BC807}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{8A5EA23E-775B-4319-A8EC-7DDA05C1CC48}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9172F98E-0A56-47FF-81A5-70A92510CF7E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{9406E634-08D0-4938-98EC-E49673CA14D6}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{A08F363B-AD1E-46CF-9FA6-F934A650D8A6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A233A969-C736-4B33-B3D9-30828C28198A}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{AD98EFB8-5DDD-414D-A81E-A7F17F031445}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{AFF14E6C-EC3E-4231-A1EB-2E13D4920D42}" = rport=445 | protocol=6 | dir=out | app=system | 
"{B34B81CE-CF52-4715-BF1C-1CB8D44ACB2C}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{BBFA9006-5346-4B66-AFCA-BC15FABB89D5}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{BFE09F93-9909-4D60-BC13-C94AF8CC1EE5}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{C080C66A-0677-4D49-AB05-81BE69C120D8}" = lport=139 | protocol=6 | dir=in | app=system | 
"{C550C579-A8AD-4AB7-A827-6E477DCC8DBB}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{D154E18E-118E-4D24-9EE8-CEC6320B246E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D3D12BE4-867D-46D0-AB86-29EC95723ED0}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{D890D1EF-7C29-42BA-99A1-95D94D2D97A8}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{E15DA6C6-43FF-4A4D-B808-4CAEB362C71F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{E2E1C635-30FF-4FCB-B071-A0374F9011D9}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{ED0263D2-0DD7-4B4F-9A36-AB56CFA287F6}" = lport=138 | protocol=17 | dir=in | app=system | 
"{FA0048B7-23CF-4996-BDC2-6DFB1588DB6F}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04AA9193-7808-4810-8E22-40C719FE2A02}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{0A7A8578-E077-445C-8D74-DE94FFABC075}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{0E7B47E9-96C6-412B-8838-2D217F3808B9}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{0EC9A068-FC37-4F3D-BF6D-FE0B0493C9F5}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{18E1F718-611B-4678-A4D5-FBA5E737B2B4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{26AB0BA0-B311-46DE-8560-A2B1269926C8}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{2F2D020B-0D71-4986-9B2B-9D3234EF8BBD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{343D04F6-81EF-4C11-9C60-A30C47125364}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{3524D459-D673-4C8A-8B94-81CA3C859999}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{352F3D1F-0ED5-4F23-B5A3-75B7B2E4FB99}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{3885B2D6-D271-4C85-8297-F435085B3F34}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{40EF2D8F-DE6F-4A3C-90EA-4041DCD997BC}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{44E14647-BB65-4AD9-9C10-51517CF6B4A8}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{4B252172-3DD1-49EC-B945-E9517E58CF4B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{4B7BF50B-CBBC-46EA-BE9C-2F64BEE27907}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{518E3A7C-FBDA-44C2-83A4-D03A1E6D3291}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | 
"{59F4799C-CF80-4B0F-B6C1-6161CBD9D2C1}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{5D24B1EA-21FA-44E2-86E6-1BCF46DC0F2D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{5E37CC4F-BE4B-4DB7-ACF5-5EC79785A427}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{66D2B604-5C55-4528-BDEE-6C8515698DF7}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{6D13DA6B-4374-47AE-807B-5B949FA9DF60}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | 
"{6D4987CB-968C-440E-A8A9-997EE0E46D11}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{719A3F4F-171A-48A2-B028-D1FD400C409E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{73682500-AC67-4550-8C96-07E55AFC7829}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{78844DE3-7ADA-407F-884A-BD4733FFF219}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{7FF04C62-5758-49CF-85C4-B8A37D9E3ED2}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{80A92347-00CA-4218-AFC5-D96D2BB30E88}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{864BD865-C145-4192-885C-D376B89AE7C1}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8C807156-5FE5-4237-9A05-412826951EB3}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{A4562598-49F5-46C4-A15E-CD766ACC5E57}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A7503238-3AB0-49A0-8DC6-CF6152AB3C9A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{A827A266-D16F-4BD3-AD69-4EB6D6BA696E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A83BD373-CADB-4239-89CF-D97A4D582EAB}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A915242C-E590-42FB-8585-29AE7A7F1FB8}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{AB655EDD-1F95-4283-9F07-0F60006695C1}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B6B13725-2904-46F6-ABF9-6C51E60C4E7C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{BBC5E16A-07E9-44BC-907D-4EF48E49C4C3}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{C6C3EF6B-4C50-4C22-94A2-81FA2AE9DF1D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{C8CC8677-430C-482F-90D1-CE4FC7263280}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{CE92C198-6F09-4760-BD03-462F11565044}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{D24DEB7B-D523-474D-A8E9-22CC34FBF70E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{D9D49EAC-7835-4DDD-95BA-CE928F764F6A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{DC5BFC85-0E82-4DA2-8BF3-EDF21B40F1AF}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{E516D3F5-7A0F-4F0E-9396-4D405D12379A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E8D2A093-A5DA-4A9D-B6C1-8E1D1266D2D6}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{EA887EAF-ACB9-4A0B-83B1-073DFF04471E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{EE18D2DA-FEF2-4625-9449-938963390C36}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{EED59F82-F238-4260-AB51-DA393F916824}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{EF261AC9-6D42-48FC-9934-B9A464EC5994}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{F22664F8-B46C-4CE4-8E34-E70F88841829}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{F6D35285-A7D4-4FDA-A638-22C9CCB4FE8A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{F83C163B-3E7D-48B0-A5BB-62D438C0EC3F}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{FA8D0D0F-91B9-408E-AB4B-E0F5E7E8F480}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{087D7A3A-9A2E-494B-A9B1-89EC337D0E4D}" = Wisdom-soft AutoScreenRecorder 3.1 Free
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160" = Canon MP160
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{48FF6DE6-0619-4562-B4B1-21F161FE0DE0}" = Symantec Technical Support Advanced Chat Controls
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{665CBCA4-5AB0-414B-A288-3F8F99FEFC45}" = HP User Guides 0118
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66F28964-CE41-459A-A4FF-A6BBD1374282}" = Wisdom-soft ScreenHunter 5.1 Free
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Effect Maker Free Edition_is1" = Advanced Effect Maker Free Edition Version 2 (With VAC 2.0 B1)
"AutoGK" = Auto Gordian Knot 2.55
"AviSynth" = AviSynth 2.5
"Canon MP160 User Registration" = Canon MP160 User Registration
"CanonMyPrinter" = Canon My Printer
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"CutePDF Writer Installation" = CutePDF Writer 2.7
"DVD Decrypter" = DVD Decrypter (Remove Only)
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Line 6 Uninstaller" = Line 6 Uninstaller
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"MP Navigator 3.0" = Canon MP Navigator 3.0
"N360" = Norton 360
"NVIDIA Drivers" = NVIDIA Drivers
"SafeWallet" = SBSH SafeWallet Pro for iPhone and iPod Touch
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Videora iPod Converter" = Videora iPod Converter 5.04
"VobSub" = VobSub v2.23 (Remove Only)
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinRAR archiver" = WinRAR archiver
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"YouTube Downloader App" = YouTube Downloader App 2.03

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 3/4/2010 9:38:11 PM | Computer Name = SamChambers-Com | Source = WinMgmt | ID = 10
Description = 

Error - 3/4/2010 9:47:51 PM | Computer Name = SamChambers-Com | Source = Application Hang | ID = 1002
Description = The program Power2Go.exe version 6.0.0.2202 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Problem Reports and Solutions control panel.  Process
 ID: 770  Start Time: 01cabc0568fa984b  Termination Time: 70

Error - 3/4/2010 10:05:44 PM | Computer Name = SamChambers-Com | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 

Error - 3/4/2010 10:11:22 PM | Computer Name = SamChambers-Com | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\CyberLink\DVD
 Suite\PowerStarter.exe.Manifest".  Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.

Error - 3/4/2010 10:11:22 PM | Computer Name = SamChambers-Com | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\CyberLink\DVD
 Suite\PowerStarter.exe.Manifest".  Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.

Error - 3/4/2010 10:11:39 PM | Computer Name = SamChambers-Com | Source = WinMgmt | ID = 10
Description = 

Error - 3/4/2010 11:26:00 PM | Computer Name = SamChambers-Com | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 

Error - 3/4/2010 11:35:13 PM | Computer Name = SamChambers-Com | Source = WinMgmt | ID = 10
Description = 

Error - 3/5/2010 2:47:43 AM | Computer Name = SamChambers-Com | Source = WinMgmt | ID = 10
Description = 

Error - 3/5/2010 2:56:42 AM | Computer Name = SamChambers-Com | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 

[ System Events ]
Error - 2/5/2010 9:06:26 AM | Computer Name = SamChambers-Com | Source = Service Control Manager | ID = 7031
Description = 

Error - 2/6/2010 5:49:17 PM | Computer Name = SamChambers-Com | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.5 for the Network Card with network
 address 00242C75A602 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
 sent a DHCPNACK message).

Error - 2/10/2010 4:23:23 AM | Computer Name = SamChambers-Com | Source = Service Control Manager | ID = 7000
Description = 

Error - 2/10/2010 7:25:00 PM | Computer Name = SamChambers-Com | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.2
 with the system  having network hardware address 00-21-00-DA-CE-7F. Network operations
 on this system may  be disrupted as a result.

Error - 2/13/2010 2:07:28 AM | Computer Name = SamChambers-Com | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:29:56 AM on 2/11/2010 was unexpected.

Error - 2/13/2010 2:08:39 AM | Computer Name = SamChambers-Com | Source = Service Control Manager | ID = 7000
Description = 

Error - 2/13/2010 12:33:22 PM | Computer Name = SamChambers-Com | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
 address 00242C75A602 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
 sent a DHCPNACK message).

Error - 2/19/2010 8:48:03 AM | Computer Name = SamChambers-Com | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
 address 00242C75A602 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
 sent a DHCPNACK message).

Error - 2/22/2010 9:57:45 PM | Computer Name = SamChambers-Com | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.3 for the Network Card with network
 address 00242C75A602 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
 sent a DHCPNACK message).

Error - 2/24/2010 1:55:19 AM | Computer Name = SamChambers-Com | Source = Service Control Manager | ID = 7000
Description = 


< End of report >

GMER:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-07 20:46:50
Windows 6.0.6002 Service Pack 2
Running: ptw8m6nl.exe; Driver: C:\Users\SAMCHA~1\AppData\Local\Temp\awairuoc.sys


---- System - GMER 1.0.15 ----

SSDT			877AD718																							 ZwAlertResumeThread
SSDT			877ADAC0																							 ZwAlertThread
SSDT			87F29CA0																							 ZwAllocateVirtualMemory
SSDT			8771A238																							 ZwAlpcConnectPort
SSDT			877EFB40																							 ZwAssignProcessToJobObject
SSDT			877AD280																							 ZwCreateMutant
SSDT			877EF860																							 ZwCreateSymbolicLinkObject
SSDT			87C9AE50																							 ZwCreateThread
SSDT			877EFC20																							 ZwDebugActiveProcess
SSDT			878640E0																							 ZwDuplicateObject
SSDT			87F29AC0																							 ZwFreeVirtualMemory
SSDT			877AD370																							 ZwImpersonateAnonymousToken
SSDT			877AD450																							 ZwImpersonateThread
SSDT			876EA760																							 ZwLoadDriver
SSDT			87833548																							 ZwMapViewOfSection
SSDT			877EF008																							 ZwOpenEvent
SSDT			878642C0																							 ZwOpenProcess
SSDT			87F29D70																							 ZwOpenProcessToken
SSDT			877EFE48																							 ZwOpenSection
SSDT			878641D0																							 ZwOpenThread
SSDT			877EFA50																							 ZwProtectVirtualMemory
SSDT			877B0330																							 ZwResumeThread
SSDT			87833298																							 ZwSetContextThread
SSDT			87833378																							 ZwSetInformationProcess
SSDT			877EFD00																							 ZwSetSystemInformation
SSDT			877EFF28																							 ZwSuspendProcess
SSDT			877ADBA0																							 ZwSuspendThread
SSDT			882BA138																							 ZwTerminateProcess
SSDT			877ADF28																							 ZwTerminateThread
SSDT			87833468																							 ZwUnmapViewOfSection
SSDT			87F29BB0																							 ZwWriteVirtualMemory
SSDT			877EF950																							 ZwCreateThreadEx

---- Kernel code sections - GMER 1.0.15 ----

.text		   ntkrnlpa.exe!KeSetEvent + 11D																		81EE4880 8 Bytes  [18, D7, 7A, 87, C0, DA, 7A, ...]
.text		   ntkrnlpa.exe!KeSetEvent + 131																		81EE4894 4 Bytes  [A0, 9C, F2, 87]
.text		   ntkrnlpa.exe!KeSetEvent + 13D																		81EE48A0 4 Bytes  [38, A2, 71, 87]
.text		   ntkrnlpa.exe!KeSetEvent + 191																		81EE48F4 4 Bytes  [40, FB, 7E, 87] {INC EAX; STI; JLE 0xffffffffffffff8b}
.text		   ntkrnlpa.exe!KeSetEvent + 1F5																		81EE4958 4 Bytes  [80, D2, 7A, 87]
.text		   ...																								  
.text		   C:\Windows\system32\DRIVERS\nvlddmkm.sys															 section is writeable [0x8E608340, 0x3EA427, 0xE8000020]

---- User IAT/EAT - GMER 1.0.15 ----

IAT			 C:\Windows\Explorer.EXE[3016] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]				[73E97817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396
ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT			 C:\Windows\Explorer.EXE[3016] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]				 [73EEA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396
ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT			 C:\Windows\Explorer.EXE[3016] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]			 [73E9BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396
ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT			 C:\Windows\Explorer.EXE[3016] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]	   [73E8F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396
ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT			 C:\Windows\Explorer.EXE[3016] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]				 [73E975E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396
ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT			 C:\Windows\Explorer.EXE[3016] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]			  [73E8E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396
ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT			 C:\Windows\Explorer.EXE[3016] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]  [73EC8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396
ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT			 C:\Windows\Explorer.EXE[3016] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]	 [73E9DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396
ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT			 C:\Windows\Explorer.EXE[3016] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]			 [73E8FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396
ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT			 C:\Windows\Explorer.EXE[3016] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]			  [73E8FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396
ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT			 C:\Windows\Explorer.EXE[3016] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]			   [73E871CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396
ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT			 C:\Windows\Explorer.EXE[3016] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]	   [73F1CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396
ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT			 C:\Windows\Explorer.EXE[3016] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]		  [73EBC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396
ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT			 C:\Windows\Explorer.EXE[3016] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]			 [73E8D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396
ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT			 C:\Windows\Explorer.EXE[3016] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]					   [73E86853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396
ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT			 C:\Windows\Explorer.EXE[3016] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]					  [73E8687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396
ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT			 C:\Windows\Explorer.EXE[3016] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]		 [73E92AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396
ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT			 C:\Windows\Explorer.EXE[3016] @ C:\Windows\system32\ole32.dll [msvcrt.dll!free]					  [696CF3FB] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0															  Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1															  Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Tcp																			  SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\tdx \Device\Udp																			  SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\tdx \Device\RawIp																			SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----

Thanks!

[deltalima]

Hi samcham,

Please re-open HijackThis and select Scan. Check the boxes next to all the entries listed below (if present):

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

Now close all other open windows and then click on Fix Checked. Close HijackThis.

Run Malwarebytes Anti-Malware Scan

• Please run Malwarebytes Anti-Malware and Update
  
• Once the program has loaded, select Perform quick scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Be sure that everything is checked, and click Remove Selected.
  
• When completed, a log will open in Notepad. Please post that log in your next reply.
  

The log can also be found here:

1. Launch Malwarebytes' Anti-Malware
   
2. Click on the Logs radio tab.
   

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

• Please go Here then click on:

  Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
  All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

• Select the option YES, I accept the Terms of Use then click on:
  
• When prompted allow the Add-On/Active X to install.
  
• Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  
• Now click on Advanced Settings and select the following:
  

• • Scan for potentially unwanted applications
    
  • Scan for potentially unsafe applications
    
  • Enable Anti-Stealth Technology
    

[*]Now click on:

[*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

[*]When completed the Online Scan will begin automatically.

[*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

[*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

[*]Now click on:

[*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

[*]Copy and paste that log as a reply to this topic.

Please post the log from ESET and the log from Malwarebytes in your next reply.

[samcham]

Deltalima:

HijackThis did find the registry key you specified. I had HijackThis delete it.

Malwarebytes log:

Malwarebytes' Anti-Malware 1.44
Database version: 3835
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

3/8/2010 6:39:54 AM
mbam-log-2010-03-08 (06-39-54).txt

Scan type: Quick Scan
Objects scanned: 116657
Time elapsed: 4 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ESET log:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=2880604710458c49963d63c7b4bc8d0f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-03-08 02:11:09
# local_time=2010-03-08 09:11:09 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=3589 16777213 100 100 140332 12679179 0 0
# compatibility_mode=5892 16776574 100 100 12762121 104656716 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=173385
# found=0
# cleaned=0
# scan_time=8325

Thanks!

[deltalima]

Hi samcham,

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Remove GMER

Delete the GMER icon from your desktop, it will be named ptw8m6nl.exe

Clean up with OTL

• Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc.
  
• Close all other programs apart from OTL as this step will require a reboot
  
• On the OTL main screen, press the CleanUp! button
  
• Say Yes to the prompt and then allow the program to reboot your computer.
  

Create a new, clean System Restore point which you can use in case of future system problems:

• Press Start >> All Programs >> Accessories >>System Tools >> System Restore
  
• Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
  
• Now remove old, infected System Restore points:
  
• Next click Start >> Run and type cleanmgr in the box and press OK
  
• Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  
• Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
  
• Press OK and Yes to confirm
  

Update your AntiVirus Software and keep your other programs up-to-date

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

You can use one of these sites to check if any updates are needed for your pc.

Secunia Software Inspector

F-secure Health Check

Security Updates for Windows, Internet Explorer & Microsoft Office

Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.

Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware

Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

• MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  
• Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
  Using Winpatrol to protect your computer from malicious software
  

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!

[samcham]

Thank You so much for your help. I could not have recovered my system on my own, and you saved me from having to reformat my hard drive and re-installing everything!!