Rogue Anti-Virus Infection

Robertodole · July 5, 2010

When I click on google links, I am told that I have been infected, and I am redirected to a site with what looks like an animated .gif counting the number of infections found on my machine. Ran a full Norton scan as well as a full malwarebytes scan, Norton found 21 threats but not this one, and malwarebytes found nothing. GMER also found nothing, and it put out a blank .txt file for ark.txt, so I didnt include that logfile. Logs are below, and attach.txt is attached.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4279

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

7/5/2010 2:26:53 PM

mbam-log-2010-07-05 (14-26-53).txt

Scan type: Full scan (C:\|D:\|E:\|)

Objects scanned: 339524

Time elapsed: 52 minute(s), 49 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS:

DDS (Ver_10-03-17.01) - NTFSX64

Run by Mark Dziubek at 14:40:07.44 on Mon 07/05/2010

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3895.1948 [GMT -4:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\SPLASH.SYS\config\DVMExportService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\IObit\IObit Security 360\IS360srv.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Norton 360\Engine\4.2.0.12\ccSvcHst.exe

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Norton 360\Engine\4.2.0.12\ccSvcHst.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe

C:\Program Files (x86)\AIM\aim.exe

C:\Windows\System32\StikyNot.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe

C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe

C:\Windows\system32\taskeng.exe

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe

C:\Program Files (x86)\IObit\IObit Security 360\is360.exe

C:\Windows\system32\taskmgr.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Mark Dziubek\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/

uSearch Bar = Preserve

mLocal Page = c:\windows\syswow64\blank.htm

uInternet Settings,ProxyOverride = *.local

mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files (x86)\aim toolbar\aimtb.dll

mWinlogon: Userinit=userinit.exe

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files (x86)\norton 360\engine\4.2.0.12\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files (x86)\norton 360\engine\4.2.0.12\IPSBHO.DLL

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files (x86)\aim toolbar\aimtb.dll

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\msn\toolbar\3.0.0566.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files (x86)\msn\toolbar\3.0.0566.0\msneshellx.dll

TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files (x86)\aim toolbar\aimtb.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files (x86)\norton 360\engine\4.2.0.12\coIEPlg.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [LightScribe Control Panel] c:\program files (x86)\common files\lightscribe\LightScribeControlPanel.exe -hidden

uRun: [HPADVISOR] c:\program files (x86)\hewlett-packard\hp advisor\HPAdvisor.exe view=DOCKVIEW

uRun: [Aim] "c:\program files (x86)\aim\aim.exe" /d locale=en-US

uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe

mRun: [HPCam_Menu] "c:\program files (x86)\hewlett-packard\media\webcam\muitransfer\muistartmenu.exe" "c:\program files (x86)\hewlett-packard\media\webcam" updatewithcreateonce "software\hewlett-packard\media\Webcam"

mRun: [QlbCtrl.exe] c:\program files (x86)\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start

mRun: [NortonOnlineBackupReminder] "c:\program files (x86)\symantec\norton online backup\activation\NobuActivation.exe" UNATTENDED

mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe

mRun: [WirelessAssistant] c:\program files (x86)\hewlett-packard\hp wireless assistant\HPWAMain.exe

mRun: [sunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"

mRun: [sSBkgdUpdate] "c:\program files (x86)\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [OpwareSE4] "c:\program files (x86)\scansoft\omnipagese4\OpwareSE4.exe"

mRun: [iObit Security 360] "c:\program files (x86)\iobit\iobit security 360\IS360tray.exe" /autostart

mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe /install /silent

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~4\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~4\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files (x86)\common files\lightscribe\LSRunOnce.exe"

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

TB-X64: {61539ECD-CC67-4437-A03C-9AACCBD14326} - No File

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [igfxTray] c:\windows\system32\igfxtray.exe

mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe

mRun-x64: [Apoint] c:\program files\apoint2k\Apoint.exe

mRun-x64: [sysTrayApp] c:\program files\idt\wdm\sttray64.exe

mRun-x64: [smartMenu] c:\program files\hewlett-packard\hp mediasmart\SmartMenu.exe /background

mRun-x64: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun-x64: [CanonSolutionMenu] c:\program files (x86)\canon\solutionmenu\CNSLMAIN.exe /logon

mRun-x64: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun-x64: [WrtMon.exe] c:\windows\system32\spool\drivers\x64\3\WrtMon.exe

================= FIREFOX ===================

FF - ProfilePath - c:\users\markdz~1\appdata\roaming\mozilla\firefox\profiles\zg6suy16.default\

FF - prefs.js: browser.search.selectedEngine - AIM Search

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?invocationType=bu10aiminstabie7&sredir=2706&query=

FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn\components\coFFPlgn.dll

FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll

FF - plugin: c:\program files (x86)\musicnotes\npmusicn.dll

FF - plugin: c:\program files (x86)\musicnotes\NPSibelius.dll

FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\default\appdata\local\huludesktop\instances\0.9.10.1\nphdplg.dll

FF - plugin: c:\windows\syswow64\adobe\director\np32dsw.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\users\mark dziubek\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\users\mark dziubek\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: browser.xul.error_pages.enabled - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 3000000

FF - user.js: content.maxtextrun - 8191

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 32

FF - user.js: network.http.max-connections-per-server - 8

FF - user.js: network.http.max-persistent-connections-per-proxy - 8

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

c:\users\mark dziubek\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\users\mark dziubek\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\users\mark dziubek\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\users\mark dziubek\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\users\mark dziubek\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\users\mark dziubek\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\users\mark dziubek\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\users\mark dziubek\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\users\mark dziubek\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\users\mark dziubek\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\users\mark dziubek\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\users\mark dziubek\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\users\mark dziubek\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\users\mark dziubek\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\users\mark dziubek\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\users\mark dziubek\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\users\mark dziubek\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\users\mark dziubek\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\users\mark dziubek\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\users\mark dziubek\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\users\mark dziubek\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\users\mark dziubek\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\users\mark dziubek\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\users\mark dziubek\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\users\mark dziubek\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\users\mark dziubek\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\users\mark dziubek\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\users\mark dziubek\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\users\mark dziubek\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\users\mark dziubek\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\users\mark dziubek\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\users\mark dziubek\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\users\mark dziubek\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\users\mark dziubek\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\users\mark dziubek\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\users\mark dziubek\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\users\mark dziubek\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360x64\0402000.00c\symds64.sys [2010-5-25 433200]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360x64\0402000.00c\symefa64.sys [2010-5-25 221232]

R1 BHDrvx64;BHDrvx64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20100619.001\BHDrvx64.sys [2010-6-23 942640]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360x64\0402000.00c\cchpx64.sys [2010-5-25 615040]

R1 DVMIO;DVMIO;c:\splash.sys\config\dvmio.sys [2009-9-27 21624]

R1 IDSVia64;IDSVia64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20100702.001\IDSviA64.sys [2010-7-4 463408]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360x64\0402000.00c\ironx64.sys [2010-5-25 150064]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360x64\0402000.00c\symtdiv.sys [2010-5-25 451120]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe [2010-1-27 89600]

R2 DvmMDES;DeviceVM Meta Data Export Service;c:\splash.sys\config\DVMExportService.exe [2009-7-8 323584]

R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2009-7-8 30520]

R2 IS360service;IS360service;c:\program files (x86)\iobit\iobit security 360\is360srv.exe [2010-3-1 311568]

R2 N360;Norton 360;c:\program files (x86)\norton 360\engine\4.2.0.12\ccsvchst.exe [2010-5-25 126392]

R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\intel\intel® management engine components\uns\UNS.exe [2010-1-27 2320920]

R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-12-5 228408]

R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2009-6-29 70656]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-27 132656]

R3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2009-9-17 56344]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2009-10-12 151040]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2009-9-26 233984]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [2010-1-27 200736]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2010-1-27 291328]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\netw5v64.sys [2009-6-10 5434368]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-1-27 232480]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL6.SYS [2009-7-13 292864]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV6.SYS [2009-7-13 1485312]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT6.SYS [2009-7-13 740864]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-20 1255736]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x64.sys [2009-6-10 389120]

=============== Created Last 30 ================

2010-07-05 17:32:24 0 d-----w- c:\users\markdz~1\appdata\roaming\Malwarebytes

2010-07-05 17:32:11 0 d-----w- c:\programdata\Malwarebytes

2010-07-05 17:32:10 24664 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-05 17:32:09 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2010-06-25 16:01:39 99176 ----a-w- c:\windows\syswow64\PresentationHostProxy.dll

2010-06-25 16:01:39 49472 ----a-w- c:\windows\syswow64\netfxperf.dll

2010-06-25 16:01:39 297808 ----a-w- c:\windows\syswow64\mscoree.dll

2010-06-25 16:01:39 295264 ----a-w- c:\windows\syswow64\PresentationHost.exe

2010-06-25 16:01:39 1130824 ----a-w- c:\windows\syswow64\dfshim.dll

2010-06-25 16:01:39 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2010-06-25 16:01:38 48960 ----a-w- c:\windows\system32\netfxperf.dll

2010-06-25 16:01:38 444752 ----a-w- c:\windows\system32\mscoree.dll

2010-06-25 16:01:38 320352 ----a-w- c:\windows\system32\PresentationHost.exe

2010-06-25 16:01:38 1942856 ----a-w- c:\windows\system32\dfshim.dll

2010-06-23 13:43:33 1736608 ----a-w- c:\windows\system32\ntdll.dll

2010-06-23 13:43:32 1289528 ----a-w- c:\windows\syswow64\ntdll.dll

2010-06-23 13:43:24 961024 ----a-w- c:\windows\system32\CPFilters.dll

2010-06-23 13:43:24 641536 ----a-w- c:\windows\syswow64\CPFilters.dll

2010-06-23 13:43:24 258560 ----a-w- c:\windows\system32\mpg2splt.ax

2010-06-23 13:43:23 552960 ----a-w- c:\windows\system32\msdri.dll

2010-06-23 13:43:23 288256 ----a-w- c:\windows\system32\MSNP.ax

2010-06-23 13:43:23 204288 ----a-w- c:\windows\syswow64\MSNP.ax

2010-06-23 13:43:23 199680 ----a-w- c:\windows\syswow64\mpg2splt.ax

2010-06-13 15:52:28 0 d-----w- c:\programdata\NOS

2010-06-11 02:00:46 84992 ----a-w- c:\windows\system32\asycfilt.dll

2010-06-11 02:00:46 67584 ----a-w- c:\windows\syswow64\asycfilt.dll

2010-06-11 02:00:41 46080 ----a-w- c:\windows\system32\atmlib.dll

2010-06-11 02:00:41 366080 ----a-w- c:\windows\system32\atmfd.dll

2010-06-11 02:00:41 34304 ----a-w- c:\windows\syswow64\atmlib.dll

2010-06-11 02:00:41 293888 ----a-w- c:\windows\syswow64\atmfd.dll

2010-06-11 02:00:40 3122176 ----a-w- c:\windows\system32\win32k.sys

==================== Find3M ====================

2010-05-21 05:52:30 1192960 ----a-w- c:\windows\system32\wininet.dll

2010-05-21 05:18:06 977920 ----a-w- c:\windows\syswow64\wininet.dll

2010-05-21 05:14:50 48128 ----a-w- c:\windows\syswow64\jsproxy.dll

2010-05-12 13:08:54 854 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.INF

2010-05-12 13:08:54 7440 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.CAT

2010-05-12 13:08:54 173104 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2010-05-06 14:36:38 270208 ------w- c:\windows\system32\MpSigStub.exe

2010-05-06 12:42:05 1225216 ----a-w- c:\windows\syswow64\urlmon.dll

2010-05-06 12:41:55 606208 ----a-w- c:\windows\syswow64\mstime.dll

2010-05-06 12:41:53 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll

2010-05-06 12:41:53 5970944 ----a-w- c:\windows\syswow64\mshtml.dll

2010-05-06 12:41:49 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll

2010-05-06 12:41:49 10984448 ----a-w- c:\windows\syswow64\ieframe.dll

2010-04-23 07:13:36 2048 ----a-w- c:\windows\syswow64\tzres.dll

2010-04-23 07:11:58 2048 ----a-w- c:\windows\system32\tzres.dll

2010-04-12 21:29:27 153376 ----a-w- c:\windows\syswow64\javaws.exe

2010-04-12 21:29:26 145184 ----a-w- c:\windows\syswow64\javaw.exe

2010-04-12 21:29:25 145184 ----a-w- c:\windows\syswow64\java.exe

2010-04-12 21:29:19 411368 ----a-w- c:\windows\syswow64\deployJava1.dll

2010-04-08 17:33:00 95520 ----a-w- c:\windows\system32\dnssd.dll

2010-04-08 17:33:00 119584 ----a-w- c:\windows\system32\dns-sd.exe

2010-04-08 17:20:02 91424 ----a-w- c:\windows\syswow64\dnssd.dll

2010-04-08 17:20:02 107808 ----a-w- c:\windows\syswow64\dns-sd.exe

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini

2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2010-03-02 08:23:45 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 14:40:43.15 ===============

MrCharlie · July 6, 2010

See post below, MrC

Robertodole · July 6, 2010

Hey MrCharlie, I was working with my dad to fix his computer, but I'm not sure I'll be able to now that he's gone to class. My mom is completely insane and doesnt believe that I'm seriously getting rid of viruses for whatever reason, but I should be able to help him again tomorrow or when he comes back from class, depending on if he successfully convinces my mom I'm not making up this infection. Also, my dad has run Norton and MBAM repeatedly since I posted this to try to get rid of the virus, and the google hijacking seems to have stopped, but I'll stll download and run combofix for you ASAP.

MrCharlie · July 6, 2010

OK, take your time...I'm always around, MrC

MrCharlie · July 7, 2010

Robertodole,

Your version of Windows is not compatible with ComboFix, so please don't run it.

Please do this instead....sorry for the mistake:

Please download OTL from one of the following mirrors:
- This is THE Mirror

[*]Save it to your desktop.

[*]Double click on the icon on your desktop.

[*]Under the Custom Scan box paste this in

netsvcs

%SYSTEMDRIVE%\*.exe

/md5start

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

sceclt.dll

ntelogon.dll

logevent.dll

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

/md5stop

%systemroot%\*. /mp /s

CREATERESTOREPOINT

[*]Push the Quick Scan button.

[*]Two reports will open, copy and paste them in a reply here:

OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized

MrC

Robertodole · July 8, 2010

Apparently Staples has a tune-up service where they'll speed your computer up and scan it for viruses for free, however they'll charge for virus removal. My Dad brought his laptop to the tune-up service and if they find anything then we'll run OTL as you instructed, but i could also give you a copy of their logs if you'd prefer. As of right now, the computer is still at Staples, though.

Robertodole · July 12, 2010

So Staples didn't find anything, but my dad doesnt trust that there's no viruses on the computer since it's "acting funny," which includes possibly lagging slightly when he double clicks to start a program, or he's possibly just mis-clicking, but either way, he had me run OTL as you instructed (and I hope its ok that I forgot to addin the custom scan line CREATERESTOREPOINT; it created a restore point anyway if that helps). OTL.txt is first:

OTL logfile created on: 7/12/2010 1:13:30 PM - Run 1

OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\Mark Dziubek\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free

8.00 Gb Paging File | 6.00 Gb Available in Paging File | 76.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 279.03 Gb Total Space | 191.37 Gb Free Space | 68.58% Space Free | Partition Type: NTFS

Drive D: | 18.76 Gb Total Space | 3.03 Gb Free Space | 16.14% Space Free | Partition Type: NTFS

Drive E: | 99.34 Mb Total Space | 92.74 Mb Free Space | 93.36% Space Free | Partition Type: FAT32

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: MARKDZIUBEK-PC

Current User Name: Mark Dziubek

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Include 64bit Scans

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

========== Processes (SafeList) ==========

PRC - File not found -- C:\Windows\SysWow64\spool\drivers\x64\3\WrtProc.exe

PRC - File not found -- C:\Windows\SysWow64\spool\drivers\x64\3\WrtMon.exe

PRC - [2010/07/12 13:12:39 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Mark Dziubek\Desktop\OTL.exe

PRC - [2010/07/02 17:33:10 | 002,347,216 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe

PRC - [2010/06/15 14:22:08 | 000,231,888 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe

PRC - [2010/06/12 14:58:30 | 003,431,256 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Security 360\is360.exe

PRC - [2010/06/11 18:14:24 | 001,280,344 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe

PRC - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe

PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\4.2.0.12\ccsvchst.exe

PRC - [2009/12/01 13:38:47 | 003,951,976 | ---- | M] (AOL LLC) -- C:\Program Files (x86)\AIM\aim.exe

PRC - [2009/10/06 03:08:42 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

PRC - [2009/10/01 00:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2009/10/01 00:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2009/07/08 23:55:26 | 000,323,584 | -H-- | M] (DeviceVM, Inc.) -- C:\SPLASH.SYS\config\DVMExportService.exe

PRC - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

PRC - [2007/02/04 12:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe

========== Modules (SafeList) ==========

MOD - [2010/07/12 13:12:39 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Mark Dziubek\Desktop\OTL.exe

MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx

MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/10/21 03:35:26 | 000,240,640 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\stacsv64.exe -- (STacSV)

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/08 17:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)

SRV:64bit: - [2009/03/03 06:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe -- (AESTFilters)

SRV - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe -- (IS360service)

SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/03/23 21:35:20 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [unknown | Running] -- C:\Program Files (x86)\Norton 360\Engine\4.2.0.12\ccSvcHst.exe -- (N360)

SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2009/10/01 00:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®

SRV - [2009/10/01 00:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®

SRV - [2009/07/08 23:55:26 | 000,323,584 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\SPLASH.SYS\config\DVMExportService.exe -- (DvmMDES)

SRV - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTSTOR.SYS -- (RTSTOR)

DRV:64bit: - [2010/05/12 09:08:54 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2010/05/06 00:01:59 | 000,451,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symtdiv.sys -- (SYMTDIv)

DRV:64bit: - [2010/04/29 01:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\ironx64.sys -- (SymIRON)

DRV:64bit: - [2010/04/21 23:02:20 | 000,221,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symefa64.sys -- (SymEFA)

DRV:64bit: - [2010/04/21 22:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtsp64.sys -- (SRTSP)

DRV:64bit: - [2010/04/21 22:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)

DRV:64bit: - [2010/02/25 20:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\cchpx64.sys -- (ccHP)

DRV:64bit: - [2009/11/12 16:07:18 | 000,200,736 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)

DRV:64bit: - [2009/11/12 16:07:10 | 000,232,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2009/11/06 02:15:40 | 000,291,328 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/10/30 15:23:16 | 007,770,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/10/21 03:35:26 | 000,501,760 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2009/10/12 22:00:52 | 000,151,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)

DRV:64bit: - [2009/10/05 13:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2009/09/26 10:42:58 | 000,233,984 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®

DRV:64bit: - [2009/09/17 16:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®

DRV:64bit: - [2009/08/07 09:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)

DRV:64bit: - [2009/07/13 20:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)

DRV:64bit: - [2009/07/13 19:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2009/07/08 17:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)

DRV:64bit: - [2009/07/08 17:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)

DRV:64bit: - [2009/06/29 14:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)

DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009/06/10 17:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)

DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/12 22:39:00 | 000,239,152 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)

DRV:64bit: - [2009/04/29 12:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV - [2010/05/28 15:33:18 | 000,463,408 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100709.001\IDSviA64.sys -- (IDSVia64)

DRV - [2010/05/27 10:29:35 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2010/05/27 10:29:35 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2010/05/22 14:16:04 | 000,942,640 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100619.001\BHDrvx64.sys -- (BHDrvx64)

DRV - [2010/05/12 09:26:45 | 001,773,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100711.002\EX64.SYS -- (NAVEX15)

DRV - [2010/05/12 09:26:45 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100711.002\ENG64.SYS -- (NAVENG)

DRV - [2009/09/27 17:47:24 | 000,021,624 | -H-- | M] (DeviceVM, Inc.) [Kernel | System | Running] -- C:\SPLASH.SYS\config\dvmio.sys -- (DVMIO)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1

IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "AIM Search"

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100127023632

FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0

FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6

FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?invocationType=bu10aiminstabie7&sredir=2706&query="

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/28 23:20:23 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/05/25 22:49:58 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/05/12 09:09:16 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Users\Mark Dziubek\Mozilla Firefox\components [2010/05/24 12:55:02 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Users\Mark Dziubek\Mozilla Firefox\plugins [2010/06/15 14:14:45 | 000,000,000 | ---D | M]

[2010/03/01 17:45:39 | 000,000,000 | ---D | M] -- C:\Users\Mark Dziubek\AppData\Roaming\Mozilla\Extensions

[2010/03/07 14:07:37 | 000,000,000 | ---D | M] -- C:\Users\Mark Dziubek\AppData\Roaming\Mozilla\Firefox\Profiles\zg6suy16.default\extensions

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\4.2.0.12\ipsbho.dll (Symantec Corporation)

O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)

O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)

O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)

O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)

O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe ()

O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [iObit Security 360] C:\Program Files (x86)\IObit\IObit Security 360\IS360tray.exe (IObit)

O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)

O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [sSBkgdUpdate] C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)

O4 - HKCU..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL LLC)

O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\SysWow64\StikyNot.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-31-0.cab (EPUImageControl Class)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/07/12 13:12:28 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Mark Dziubek\Desktop\OTL.exe

[2010/07/12 13:10:56 | 009,205,688 | ---- | C] (IObit ) -- C:\Users\Mark Dziubek\Desktop\is360setup.exe

[2010/07/12 13:09:05 | 007,848,416 | ---- | C] (IObit ) -- C:\Users\Mark Dziubek\Desktop\asc-setup.exe

[2010/07/09 12:10:08 | 000,000,000 | ---D | C] -- C:\Users\Mark Dziubek\AppData\Roaming\Symantec

[2010/07/05 13:32:24 | 000,000,000 | ---D | C] -- C:\Users\Mark Dziubek\AppData\Roaming\Malwarebytes

[2010/07/05 13:32:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2010/07/05 13:32:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/07/05 13:32:10 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2010/07/05 13:32:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2010/07/05 12:45:07 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Mark Dziubek\Desktop\mbam-setup-1.46.exe

[2010/06/13 11:58:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe

[2010/06/13 11:56:48 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\Adobe Reader 9 Installer

[2010/06/13 11:52:28 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS

[2010/06/07 22:08:37 | 000,000,000 | ---D | C] -- C:\Users\Mark Dziubek\Documents\Dan Malloy

[2010/06/04 09:15:45 | 000,000,000 | ---D | C] -- C:\Users\Mark Dziubek\AppData\Roaming\Apple Computer

[2010/06/04 09:15:45 | 000,000,000 | ---D | C] -- C:\Users\Mark Dziubek\AppData\Local\Apple Computer

[2010/06/04 09:15:14 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2010/06/04 09:15:13 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2010/06/04 09:15:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2010/06/04 09:15:13 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

[2010/06/04 09:13:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime

[2010/06/04 09:13:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer

[2010/06/04 09:13:45 | 000,000,000 | ---D | C] -- C:\Users\Mark Dziubek\AppData\Local\Apple

[2010/06/04 09:13:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update

[2010/06/04 09:13:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple

[2010/06/04 09:13:24 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2010/06/04 09:13:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour

[2010/06/04 09:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple

[2010/06/04 09:13:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple

[2010/05/25 09:54:22 | 000,451,120 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symtdiv.sys

[2010/05/25 09:54:22 | 000,221,232 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symefa64.sys

[2010/05/25 09:54:21 | 000,615,040 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\cchpx64.sys

[2010/05/25 09:54:21 | 000,505,392 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtsp64.sys

[2010/05/25 09:54:21 | 000,433,200 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symds64.sys

[2010/05/25 09:54:21 | 000,150,064 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\ironx64.sys

[2010/05/25 09:54:21 | 000,032,304 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtspx64.sys

[2010/05/25 09:54:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C

[2010/05/24 12:50:28 | 000,000,000 | ---D | C] -- C:\Users\Mark Dziubek\AppData\Roaming\HPAppData

[2010/05/13 16:36:28 | 000,000,000 | ---D | C] -- C:\Users\Mark Dziubek\Citrix

[2010/05/12 22:32:21 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%

[2010/05/12 09:14:54 | 000,000,000 | ---D | C] -- C:\Users\Mark Dziubek\Documents\Symantec

[2010/05/12 09:08:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE

[2010/05/12 09:08:58 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS

[2010/05/12 09:08:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared

[2010/05/12 09:08:54 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec

[2010/05/12 09:07:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64

[2010/05/12 09:07:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360

[2010/05/12 09:05:26 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings

[2010/05/10 09:42:54 | 000,000,000 | ---D | C] -- C:\Users\Mark Dziubek\AppData\Roaming\Webroot

[2010/05/01 23:45:30 | 000,000,000 | ---D | C] -- C:\Users\Mark Dziubek\AppData\Local\IsolatedStorage

[2010/05/01 12:17:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Musicnotes

[2010/04/24 15:18:42 | 000,000,000 | ---D | C] -- C:\Users\Mark Dziubek\Documents\mkt grazilla

[2010/04/20 21:54:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat

[2010/04/20 21:54:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat

[2010/04/20 15:00:26 | 000,000,000 | ---D | C] -- C:\Users\Mark Dziubek\Desktop\Copy

[2010/04/20 14:41:16 | 000,000,000 | ---D | C] -- C:\Users\Mark Dziubek\Documents\CyberLink

[2010/04/20 14:41:13 | 000,000,000 | -H-D | C] -- C:\Users\Mark Dziubek\Documents\ShadowEditFiles

[3 C:\Users\Mark Dziubek\Documents\*.tmp files -> C:\Users\Mark Dziubek\Documents\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/12 13:14:53 | 005,505,024 | -HS- | M] () -- C:\Users\Mark Dziubek\NTUSER.DAT

[2010/07/12 13:14:16 | 001,149,000 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\Cat.DB

[2010/07/12 13:13:48 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx

[2010/07/12 13:12:39 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Mark Dziubek\Desktop\OTL.exe

[2010/07/12 13:12:07 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/07/12 13:12:07 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/07/12 13:11:13 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\IObit Security 360.lnk

[2010/07/12 13:11:01 | 009,205,688 | ---- | M] (IObit ) -- C:\Users\Mark Dziubek\Desktop\is360setup.exe

[2010/07/12 13:10:01 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job

[2010/07/12 13:09:56 | 007,848,416 | ---- | M] (IObit ) -- C:\Users\Mark Dziubek\Desktop\asc-setup.exe

[2010/07/12 13:03:44 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/07/12 13:03:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/07/12 13:03:41 | 3063,025,664 | -HS- | M] () -- C:\hiberfil.sys

[2010/07/12 10:57:52 | 002,265,436 | -H-- | M] () -- C:\Users\Mark Dziubek\AppData\Local\IconCache.db

[2010/07/10 11:09:52 | 000,792,000 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010/07/10 11:09:52 | 000,670,886 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010/07/10 11:09:52 | 000,124,044 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010/07/09 12:30:35 | 000,000,969 | ---- | M] () -- C:\Windows\MARKDZIUBEK-PC0010.ini

[2010/07/05 14:42:05 | 000,293,376 | ---- | M] () -- C:\Users\Mark Dziubek\Desktop\iigcdziu.exe

[2010/07/05 14:40:01 | 000,525,824 | ---- | M] () -- C:\Users\Mark Dziubek\Desktop\dds.scr

[2010/07/05 13:32:15 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/07/05 13:31:41 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Mark Dziubek\Desktop\mbam-setup-1.46.exe

[2010/06/13 11:58:38 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2010/06/10 22:39:25 | 000,524,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2010/06/04 09:15:40 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010/06/04 09:14:03 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2010/05/25 22:39:26 | 000,002,388 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk

[2010/05/24 12:54:04 | 000,001,813 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2010/05/24 12:54:04 | 000,001,805 | ---- | M] () -- C:\Users\Mark Dziubek\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/05/20 23:35:46 | 000,019,453 | ---- | M] () -- C:\Users\Mark Dziubek\Documents\mohegan sun bus trip.docx

[2010/05/19 22:32:03 | 004,727,166 | ---- | M] () -- C:\Users\Mark Dziubek\Desktop\Molly_Hatchet_-_5_Of_The_Best[1].pdf

[2010/05/19 18:24:36 | 016,818,690 | ---- | M] () -- C:\Users\Mark Dziubek\Documents\dept health 2.tif

[2010/05/19 18:23:59 | 016,818,690 | ---- | M] () -- C:\Users\Mark Dziubek\Documents\Dept health 1.tif

[2010/05/16 12:11:40 | 000,157,520 | ---- | M] () -- C:\Users\Mark Dziubek\AppData\Local\GDIPFONTCACHEV1.DAT

[2010/05/14 02:40:03 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\isolate.ini

[2010/05/12 09:08:54 | 000,173,104 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS

[2010/05/12 09:08:54 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT

[2010/05/12 09:08:54 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF

[2010/05/06 00:01:59 | 000,451,120 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symtdiv.sys

[2010/05/06 00:01:43 | 000,001,473 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symnetv.inf

[2010/05/06 00:01:43 | 000,001,445 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symnet.inf

[2010/05/02 11:16:58 | 000,011,906 | ---- | M] () -- C:\Users\Mark Dziubek\Documents\self_evaluation[1].docx

[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2010/04/29 01:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\ironx64.sys

[2010/04/29 01:03:51 | 000,007,402 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\iron.cat

[2010/04/29 01:03:51 | 000,000,771 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\iron.inf

[2010/04/26 04:18:45 | 000,007,829 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symefa64.cat

[2010/04/24 15:22:15 | 003,255,439 | ---- | M] () -- C:\Users\Mark Dziubek\Documents\home depot auito save.pptm

[2010/04/24 07:31:04 | 000,003,373 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symefa.inf

[2010/04/21 23:02:20 | 000,221,232 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symefa64.sys

[2010/04/21 22:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtsp64.sys

[2010/04/21 22:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtspx64.sys

[2010/04/21 22:29:51 | 000,007,414 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtspx64.cat

[2010/04/21 22:29:51 | 000,001,421 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtspx64.inf

[2010/04/21 22:29:50 | 000,007,410 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtsp64.cat

[2010/04/21 22:29:50 | 000,001,437 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtsp64.inf

[2010/04/16 18:36:37 | 000,006,144 | ---- | M] () -- C:\Users\Mark Dziubek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[3 C:\Users\Mark Dziubek\Documents\*.tmp files -> C:\Users\Mark Dziubek\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/12 13:11:13 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\IObit Security 360.lnk

[2010/07/06 15:11:52 | 000,000,969 | ---- | C] () -- C:\Windows\MARKDZIUBEK-PC0010.ini

[2010/07/05 14:41:55 | 000,293,376 | ---- | C] () -- C:\Users\Mark Dziubek\Desktop\iigcdziu.exe

[2010/07/05 14:39:54 | 000,525,824 | ---- | C] () -- C:\Users\Mark Dziubek\Desktop\dds.scr

[2010/07/05 13:32:15 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/06/13 11:58:36 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2010/06/04 09:15:40 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010/06/04 09:14:03 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2010/05/25 22:39:00 | 001,149,000 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\Cat.DB

[2010/05/25 09:54:22 | 000,007,829 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symefa64.cat

[2010/05/25 09:54:22 | 000,007,787 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symnetv64.cat

[2010/05/25 09:54:22 | 000,007,368 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symnet64.cat

[2010/05/25 09:54:22 | 000,001,473 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symnetv.inf

[2010/05/25 09:54:22 | 000,001,445 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symnet.inf

[2010/05/25 09:54:21 | 000,007,414 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtspx64.cat

[2010/05/25 09:54:21 | 000,007,410 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtsp64.cat

[2010/05/25 09:54:21 | 000,007,406 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symds64.cat

[2010/05/25 09:54:21 | 000,007,402 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\iron.cat

[2010/05/25 09:54:21 | 000,007,358 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\cchpx64.cat

[2010/05/25 09:54:21 | 000,003,373 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symefa.inf

[2010/05/25 09:54:21 | 000,002,793 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symds.inf

[2010/05/25 09:54:21 | 000,001,838 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\cchpx64.inf

[2010/05/25 09:54:21 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtsp64.inf

[2010/05/25 09:54:21 | 000,001,421 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtspx64.inf

[2010/05/25 09:54:21 | 000,000,771 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\iron.inf

[2010/05/25 09:54:04 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\isolate.ini

[2010/05/24 12:54:04 | 000,001,805 | ---- | C] () -- C:\Users\Mark Dziubek\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/05/24 12:54:03 | 000,001,813 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2010/05/19 22:32:03 | 004,727,166 | ---- | C] () -- C:\Users\Mark Dziubek\Desktop\Molly_Hatchet_-_5_Of_The_Best[1].pdf

[2010/05/19 18:24:35 | 016,818,690 | ---- | C] () -- C:\Users\Mark Dziubek\Documents\dept health 2.tif

[2010/05/19 18:23:59 | 016,818,690 | ---- | C] () -- C:\Users\Mark Dziubek\Documents\Dept health 1.tif

[2010/05/12 09:08:58 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT

[2010/05/12 09:08:58 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF

[2010/05/12 09:08:52 | 000,002,388 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk

[2010/05/02 11:16:58 | 000,011,906 | ---- | C] () -- C:\Users\Mark Dziubek\Documents\self_evaluation[1].docx

[2010/04/24 15:22:15 | 003,255,439 | ---- | C] () -- C:\Users\Mark Dziubek\Documents\home depot auito save.pptm

[2010/04/18 23:25:50 | 000,019,453 | ---- | C] () -- C:\Users\Mark Dziubek\Documents\mohegan sun bus trip.docx

[2010/03/30 21:21:08 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll

[2010/03/30 21:19:04 | 000,000,424 | ---- | C] () -- C:\Windows\MAXLINK.INI

[2010/02/28 19:45:54 | 000,731,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010/01/27 23:45:48 | 000,000,283 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini

[2010/01/27 23:45:48 | 000,000,224 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini

[2009/10/30 14:06:24 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll

[2009/10/30 14:06:24 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll

[2009/09/29 19:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL

[2009/09/27 17:49:50 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll

[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/03/02 00:52:45 | 000,000,000 | ---D | M] -- C:\Users\Mark Dziubek\AppData\Roaming\acccore

[2010/03/30 21:33:11 | 000,000,000 | ---D | M] -- C:\Users\Mark Dziubek\AppData\Roaming\Canon

[2010/04/09 22:05:46 | 000,000,000 | ---D | M] -- C:\Users\Mark Dziubek\AppData\Roaming\gtk-2.0

[2010/03/14 18:54:23 | 000,000,000 | ---D | M] -- C:\Users\Mark Dziubek\AppData\Roaming\Individual Software

[2010/05/08 18:58:43 | 000,000,000 | ---D | M] -- C:\Users\Mark Dziubek\AppData\Roaming\IObit

[2010/03/30 21:18:54 | 000,000,000 | ---D | M] -- C:\Users\Mark Dziubek\AppData\Roaming\ScanSoft

[2010/04/06 20:28:54 | 000,000,000 | ---D | M] -- C:\Users\Mark Dziubek\AppData\Roaming\Tific

[2010/03/01 00:03:53 | 000,000,000 | ---D | M] -- C:\Users\Mark Dziubek\AppData\Roaming\uTorrent

[2010/04/10 20:00:38 | 000,000,000 | ---D | M] -- C:\Users\Mark Dziubek\AppData\Roaming\VCOM

[2010/03/19 21:47:40 | 000,000,000 | ---D | M] -- C:\Users\Mark Dziubek\AppData\Roaming\WildTangent

[2010/03/17 12:16:56 | 000,000,000 | ---D | M] -- C:\Users\Mark Dziubek\AppData\Roaming\WinWay

[2010/07/12 13:10:01 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job

[2010/07/01 11:04:00 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >

[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys

[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >

[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys

[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >

[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: EVENTLOG.DLL >

[2007/05/18 01:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll

< MD5 for: IASTOR.SYS >

[2009/08/07 09:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys

[2009/08/07 09:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\SwSetup\Drivers\IMSM\Winall\Driver\IaStor.sys

[2009/08/07 09:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys

[2009/08/07 09:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\SwSetup\Drivers\IMSM\Winall\Driver64\IaStor.sys

[2009/08/07 09:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Windows\SysWow64\DriverStore\FileRepository\iaahci.inf_amd64_neutral_4fa22a1c88c09097\iaStor.sys

< MD5 for: IASTORV.SYS >

[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys

[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >

[2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll

[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll

[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >

[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys

[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >

[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll

[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll

[2009/07/13 21:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< %systemroot%\*. /mp /s >

< End of report >

OTL Extras logfile created on: 7/12/2010 1:13:30 PM - Run 1

OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\Mark Dziubek\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free

8.00 Gb Paging File | 6.00 Gb Available in Paging File | 76.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 279.03 Gb Total Space | 191.37 Gb Free Space | 68.58% Space Free | Partition Type: NTFS

Drive D: | 18.76 Gb Total Space | 3.03 Gb Free Space | 16.14% Space Free | Partition Type: NTFS

Drive E: | 99.34 Mb Total Space | 92.74 Mb Free Space | 93.36% Space Free | Partition Type: FAT32

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: MARKDZIUBEK-PC

Current User Name: Mark Dziubek

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Include 64bit Scans

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX700_series" = Canon MX700 series

"{26A24AE4-039D-4CA4-87B4-2F86416015FF}" = Java 6 Update 15 (64-bit)

"{404BB1FF-A84F-432F-B77B-301E88E8D1C7}" = Apple Mobile Device Support

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{64A3A4F4-B792-11D6-A78A-00B0D0160150}" = Java SE Development Kit 6 Update 15 (64-bit)

"{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client

"{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}" = HP 3D DriveGuard

"{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer

"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel

MrCharlie · July 12, 2010

Please do this:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
:Commands
[emptytemp]

Then click the Run Fix button at the top
Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

=============================================

This scan can take several to many hours to complete so be prepare!

Please download Dr.Web CureIt . Save it to your desktop:

Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in the pop-up window to allow the scan.
This will scan the files currently running in memory and if something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, select Complete scan.
Click the green arrow at the right, and the scan will start.
Click Yes to all if it asks if you want to cure/move the file.
When the scan has finished, in the menu, click File and choose Save report list
Save the report to your desktop. The report will be called DrWeb.csv
Note:this report may need to be renamed to Dr.Web.txt in order to post it on the forum.
Please post the Dr.Web.txt report in your next reply
Close Dr.Web Cureit.
Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on the X in the upper right corner.

MrC

screen317 · July 24, 2010

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

screen317 · August 3, 2010

Topic re-opened at request of topic starter.

Robertodole · August 4, 2010

Hi again! Sorry about my absence...

Anyway, I believe this log is the one from the second time I ran OTL, if it isn't, then I don't have it for some reason. Because of my dad doing schoolwork on the computer (it's his laptop I'm fixing btw) I wasn't able to get drwebcureit to run its complete scan until a couple days ago: because drweb had been updated, I downloaded the newest version before scanning, however it wouldn't save a logfile afterward. Here's the only OTL log I have: