TechSpot

Google redirect virus

By Katie
Jul 19, 2012
  1. My system is infected with Google redirect virus. Whenever I click on a link listed in Google search it redirects me to random webpage 50% of the time.

    Please help me on this.

    Here are the logs. GMER did not produce any log.

    Malwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org
    Database version: v2012.07.19.11
    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Raji :: RAJI-PC [administrator]
    Protection: Disabled
    7/19/2012 2:02:31 PM
    mbam-log-2012-07-19 (14-02-31).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 257540
    Time elapsed: 4 minute(s), 27 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Raji at 14:34:31 on 2012-07-19
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3998.1485 [GMT -4:00]
    .
    AV: Norton 360 *Enabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton 360 *Enabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\vfsFPService.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
    C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
    C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
    C:\Program Files (x86)\SMINST\BLService.exe
    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
    C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\SysWOW64\DllHost.exe
    C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\DigitalPersona\Bin\DPAgent.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\conime.exe
    c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uWindow Title = Internet Explorer, optimized for Bing and MSN
    uInternet Settings,ProxyServer = http=127.0.0.1:6092
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common
    Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\Program Files
    (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web
    Player\ie\DivXHTML5\DivXHTML5.dll
    BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint
    EX\ewpexbho.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360
    \Engine\5.2.2.3\IPS\IPSBHO.DLL
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12
    \GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google
    Toolbar\GoogleToolbar_32.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet
    Explorer\skypeieplugin.dll
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)
    \MSN\Toolbar\3.0.0541.0\msneshellx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: SimpleAdblock Class: {ffcb3198-32f3-4e8b-9539-4324694ed664} - C:\Program Files (x86)\Common Files\Simple
    Adblock\SimpleAdblock.dll
    TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0
    \msneshellx.dll
    TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint
    EX\ewpexhlp.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coIEPlg.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google
    Toolbar\GoogleToolbar_32.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB: {4DA729A4-684A-4034-A45B-6D56CEAAE92B} - No File
    TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
    {e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
    TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
    EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint
    EX\ewpexhlp.dll
    uRun: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
    uRun: [Google Update] "C:\Users\Raji\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [DownloadAccelerator] "C:\Program Files (x86)\DAP\DAP.EXE" /STARTUP
    uRun: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
    uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    uRun: [1109239105] C:\Users\Raji\AppData\Local\Temp\tmph3771420601565033705.tmp
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
    uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
    uRun: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
    uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    uRun: [DDMSettings] rundll32.exe "C:\Users\Raji\AppData\Local\Deployment\DDMSettings\wvxrj.dll",CreateInstance
    mRun: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
    mRun: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
    mRun: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
    mRun: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"
    mRun: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)
    \Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
    mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)
    \CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)
    \CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    mRun: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
    mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
    mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)
    \CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files
    (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
    mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [SSDMonitor] "C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe"
    mRun: [IJNetworkScanUtility] "C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe"
    mRun: [KiesTrayAgent] "C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRunOnce: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth
    Software\BTTray.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security
    Scan\2.0.181\SSScheduler.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12
    \ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)
    \Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12
    \REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
    hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{1E246836-E100-4655-82EC-41EB1956BE01} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{45836CEF-C2A4-4F3A-B7FA-719B101274B0} : DhcpNameServer = 207.69.188.186 207.69.188.187
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12
    \GrooveSystemServices.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet
    Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft
    Office\Office12\GrooveShellExtensions.dll
    LSA: Notification Packages = scecli DPPWDFLT
    BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO-X64: 0x1 - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common
    Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program
    Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll
    BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus
    Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
    BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint
    EX\ewpexbho.dll
    BHO-X64: Canon Easy-WebPrint EX BHO - No File
    BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3
    \coIEPlg.dll
    BHO-X64: Symantec NCO BHO - No File
    BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360
    \Engine\5.2.2.3\IPS\IPSBHO.DLL
    BHO-X64: Symantec Intrusion Prevention - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft
    Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google
    Toolbar\GoogleToolbar_32.dll
    BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet
    Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)
    \MSN\Toolbar\3.0.0541.0\msneshellx.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6
    \bin\jp2ssv.dll
    BHO-X64: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple
    Adblock\SimpleAdblock.dll
    TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)
    \MSN\Toolbar\3.0.0541.0\msneshellx.dll
    TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint
    EX\ewpexhlp.dll
    TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coIEPlg.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google
    Toolbar\GoogleToolbar_32.dll
    TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB-X64: {4DA729A4-684A-4034-A45B-6D56CEAAE92B} - No File
    TB-X64: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
    TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
    EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
    mRun-x64: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
    mRun-x64: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
    mRun-x64: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
    mRun-x64: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"
    mRun-x64: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files
    (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
    mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files
    (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    mRun-x64: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files
    (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    mRun-x64: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
    mRun-x64: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
    mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files
    (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun-x64: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program
    Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
    mRun-x64: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    mRun-x64: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
    mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun-x64: [SSDMonitor] "C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe"
    mRun-x64: [IJNetworkScanUtility] "C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe"
    mRun-x64: [KiesTrayAgent] "C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRunOnce-x64: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
    IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft
    Office\Office12\GrooveShellExtensions.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS --> C:\Windows\system32
    \drivers\N360x64\0502020.003\SYMDS64.SYS [?]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS -->
    C:\Windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS [?]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29
    \Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-7-12 1161376]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29
    \Definitions\IPSDefs\20120718.001\IDSviA64.sys [2012-7-19 509088]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS --> C:\Windows\system32
    \drivers\N360x64\0502020.003\Ironx64.SYS [?]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\N360x64\0502020.003\SYMTDIV.SYS -->
    C:\Windows\system32\Drivers\N360x64\0502020.003\SYMTDIV.SYS [?]
    R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/04/15 14:08:39];C:\Program Files (x86)\Hewlett-
    Packard\Media\DVD\000.fcl [2008-11-28 146928]
    R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
    R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccsvchst.exe [2012-6-12 130008]
    R2 NSL;Norton Safe Web Lite;C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe [2011-9-17 130000]
    R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC
    Tools\sMonitor\StartManSvc.exe [2012-2-15 793048]
    R2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2009-2-23 365952]
    R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-7-17 2337144]
    R2 TVCapSvc;TV Background Capture Service (TVBCS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
    [2008-11-26 296320]
    R2 TVSched;TV Task Scheduler (TVTS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-11-26 116096]
    R2 vfsFPService;Validity Fingerprint Service;C:\Windows\System32\vfsFPService.exe [2008-11-18 599344]
    R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-2-23 222512]
    R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec
    Shared\EENGINE\EraserUtilRebootDrv.sys [2012-5-30 138912]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32
    \drivers\IntcHdmi.sys [?]
    R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32
    \DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319
    \mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64
    \v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate1ca3d2faec0ab20;Google Update Service (gupdate1ca3d2faec0ab20);C:\Program Files (x86)
    \Google\Update\GoogleUpdate.exe [2009-9-24 133104]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64
    \Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-1 250056]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-9-24 133104]
    S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181
    \McCHSvc.exe [2010-1-15 227232]
    S3 NETw3v64;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw3v64.sys -
    -> C:\Windows\system32\DRIVERS\NETw3v64.sys [?]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319
    \WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
    S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32
    \DRIVERS\WSDPrint.sys [?]
    S3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]
    S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys -->
    C:\Windows\system32\DRIVERS\yk60x64.sys [?]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64
    \v2.0.50727\mscorsvw.exe [2009-12-3 89920]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe
    [2009-7-22 61976]
    S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL
    Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
    .
    =============== File Associations ===============
    .
    JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    2012-07-19 18:00:51 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-07-19 18:00:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-18 02:47:43 302592 ----a-w- C:\Users\Raji\957bhwvz.exe
    2012-07-17 18:11:19 -------- d-----w- C:\Users\Raji\AppData\Local\Threat Expert
    2012-07-17 15:33:51 -------- d-----w- C:\Program Files (x86)\PC Tools
    2012-07-17 15:22:38 251528 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
    2012-07-17 15:21:04 -------- d-----w- C:\ProgramData\PC Tools
    2012-07-17 15:21:03 -------- d-----w- C:\Users\Raji\AppData\Roaming\TestApp
    2012-07-16 16:17:40 2841104 ----a-w- C:\Users\Raji\NPE.exe
    2012-07-16 16:14:33 920096 ----a-w- C:\Users\Raji\Norton_Removal_Tool.exe
    2012-07-15 14:08:09 -------- d-----w- C:\Users\Raji\AppData\Roaming\Malwarebytes
    2012-07-15 14:07:42 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-07-14 20:35:47 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2012-07-14 20:04:14 -------- d--h--w- C:\Windows\msdownld.tmp
    2012-07-14 13:05:05 476976 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
    2012-07-14 13:05:05 472880 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-07-14 03:14:49 -------- d-----w- C:\ProgramData\VS
    2012-07-12 14:03:44 2769408 ----a-w- C:\Windows\System32\win32k.sys
    2012-06-27 20:22:54 -------- d-----w- C:\Users\Raji\AppData\Roaming\Downloaded Installations
    2012-06-23 11:20:01 94208 ----a-r- C:\Users\Raji\AppData\Roaming\Microsoft\Installer\{0A2C5854-557E-48C8-835A-
    3B9F074BDCAA}\python_icon.exe
    2012-06-23 11:19:22 -------- d-----w- C:\Python25
    .
    ==================== Find3M ====================
    .
    2012-07-11 18:44:52 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-11 18:44:52 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-06-05 16:47:28 1401856 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-06-05 16:47:27 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2012-06-05 16:22:47 1797120 ----a-w- C:\Windows\System32\msxml6.dll
    2012-06-05 16:22:46 1869824 ----a-w- C:\Windows\System32\msxml3.dll
    2012-06-04 15:29:59 516480 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-02 22:12:13 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll
    2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-02 19:19:42 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll
    2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-02 19:12:20 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
    2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
    2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-06-02 00:22:56 347136 ----a-w- C:\Windows\System32\schannel.dll
    2012-06-02 00:22:10 254464 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-06-02 00:05:11 77312 ----a-w- C:\Windows\SysWow64\secur32.dll
    2012-06-02 00:04:25 278528 ----a-w- C:\Windows\SysWow64\schannel.dll
    2012-06-02 00:03:42 204288 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-05-29 07:38:50 330240 ----a-w- C:\Windows\MASetupCaller.dll
    2012-05-01 14:29:44 209920 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-04-23 16:25:30 174592 ----a-w- C:\Windows\System32\cryptsvc.dll
    2012-04-23 16:25:30 132096 ----a-w- C:\Windows\System32\cryptnet.dll
    2012-04-23 16:25:30 1267200 ----a-w- C:\Windows\System32\crypt32.dll
    2012-04-23 16:00:53 984064 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2012-04-23 16:00:53 98304 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2012-04-23 16:00:53 133120 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    .
    ============= FINISH: 14:34:59.09 ===============
     
  2. Katie

    Katie TS Rookie Topic Starter Posts: 30

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 4/15/2009 4:24:13 PM
    System Uptime: 7/19/2012 9:08:48 AM (5 hours ago)
    .
    Motherboard: Compal | | 30F7
    Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz | CPU | 2000/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 285 GiB total, 106.298 GiB free.
    D: is FIXED (NTFS) - 13 GiB total, 2.053 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0000
    Manufacturer: Microsoft
    Name: isatap.{DECC4845-457B-4BBC-A2E8-01FFDDCA0A02}
    PNP Device ID: ROOT\*ISATAP\0000
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0004
    Manufacturer: Microsoft
    Name: isatap.{DECC4845-457B-4BBC-A2E8-01FFDDCA0A02}
    PNP Device ID: ROOT\*ISATAP\0004
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0005
    Manufacturer: Microsoft
    Name: isatap.{1E246836-E100-4655-82EC-41EB1956BE01}
    PNP Device ID: ROOT\*ISATAP\0005
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0006
    Manufacturer: Microsoft
    Name: isatap.{DECC4845-457B-4BBC-A2E8-01FFDDCA0A02}
    PNP Device ID: ROOT\*ISATAP\0006
    Service: tunnel
    .
    ==== System Restore Points ===================
    .
    RP363: 7/3/2012 4:30:23 PM - Scheduled Checkpoint
    RP364: 7/12/2012 9:57:46 AM - Windows Update
    RP365: 7/13/2012 10:32:10 PM - Windows Update
    RP366: 7/14/2012 9:01:05 AM - Installed Java(TM) 6 Update 33
    RP367: 7/14/2012 3:43:47 PM - Windows Update
    RP368: 7/14/2012 4:34:47 PM - Installed HiJackThis
    RP369: 7/15/2012 6:44:38 PM - Scheduled Checkpoint
    RP370: 7/17/2012 1:45:24 PM - Removed Nitro Reader 2
    RP371: 7/17/2012 2:04:24 PM - Removed NetAssistant
    RP372: 7/17/2012 2:08:27 PM - Removed Juno Preloader
    RP373: 7/17/2012 2:10:30 PM - Removed Music Oasis
    RP374: 7/17/2012 2:16:56 PM - Removed Ask Toolbar.
    RP375: 7/17/2012 2:30:37 PM - Removed NetZero Preloader
    RP376: 7/17/2012 11:21:22 PM - Removed HiJackThis
    RP377: 7/17/2012 11:23:00 PM - Removed HiJackThis
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    µTorrent
    Ace DivX Player v2.1
    Acrobat.com
    Activation Assistant for the 2007 Microsoft Office suites
    ActiveCheck component for HP Active Support Library
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Reader 9.4.7
    Adobe Shockwave Player 11.5
    Apple Application Support
    Apple Software Update
    Canon Camera Window DC_DV 6 for ZoomBrowser EX
    Canon Camera Window MC 6 for ZoomBrowser EX
    Canon Easy-PhotoPrint EX
    Canon Easy-WebPrint EX
    Canon G.726 WMP-Decoder
    Canon IJ Network Scan Utility
    Canon IJ Network Tool
    Canon MovieEdit Task for ZoomBrowser EX
    Canon MP Navigator EX 3.0
    Canon My Printer
    Canon RAW Image Task for ZoomBrowser EX
    Canon RemoteCapture Task for ZoomBrowser EX
    Canon Utilities PhotoStitch
    Canon Utilities Solution Menu
    Canon Utilities ZoomBrowser EX
    Centra Client
    Compatibility Pack for the 2007 Office system
    CyberLink DVD Suite
    DivX Setup
    Download Accelerator Plus (DAP)
    Dziobas Rar Player 0.009.39
    eBay Shortcuts
    Elementals: The Magic Key™
    ESU for Microsoft Vista
    GEAR driver installer for x86 and x64
    Google Chrome
    Google Earth
    Google Talk (remove only)
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
    Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2542054)
    Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2635973)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)
    HP Active Support Library
    HP Common Access Service Library
    HP Customer Experience Enhancements
    HP Doc Viewer
    HP Help and Support
    HP MediaSmart DVD
    HP MediaSmart Music/Photo/Video
    HP MediaSmart SlingPlayer
    HP MediaSmart TV
    HP MediaSmart Webcam
    HP Quick Launch Buttons 6.40 L1
    HP Total Care Advisor
    HP Total Care Setup
    HP Update
    HP User Guides 0125
    HP Wireless Assistant
    HPAsset component for HP Active Support Library
    IBMMAINFRAMES.com Online Browser 1.0
    IDT Audio
    Java Auto Updater
    Java(TM) 6 Update 33
    Java(TM) 6 Update 7
    JMicron JMB38X Flash Media Controller
    Kural Tamil Software 4.0
    LabelPrint
    Malwarebytes Anti-Malware version 1.62.0.1300
    McAfee Security Scan Plus
    MessageViewer Lite
    MessageViewer Pro 3.1.5
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Application Error Reporting
    Microsoft Live Search Toolbar
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Live Meeting 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2008 Browser
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft Visual C++ Compilers 2010 Standard - enu - x86
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
    Microsoft Visual C++ 2010 Express - ENU
    Microsoft Visual J# 2.0 Redistributable Package
    Microsoft Visual Studio 2010 Service Pack 1
    Microsoft Works
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee Reveal
    My HP Games
    Norton 360
    Norton Safe Web Lite
    PC Tools Registry Mechanic 11.0
    Phonico Dialer
    Picasa 3
    Power2Go
    PowerDirector
    Python 2.5
    QuickTime
    RealPlayer
    Realtek 8169 8168 8101E 8102E Ethernet Driver
    Samsung Kies
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Simple Adblock
    Skype Click to Call
    Skype™ 5.10
    Slingbox - Watch Your TV Anywhere
    SlingPlayer
    SPORE Creature Creator Trial Edition
    TeamViewer 6
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update Installer for WildTangent Games App
    VC80CRTRedist - 8.0.50727.6195
    Veoh Web Player
    VLC media player 1.0.2
    wc3270 3.3.12ga7
    WildTangent Games App (HP Games)
    Windows Media Player Firefox Plugin
    Yahoo! Messenger
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/18/2012 10:45:15 AM, Error: PlugPlayManager [12] - The device 'JMB38X xD Host Controller'
    (PCI\VEN_197B&DEV_2384&SUBSYS_30F7103C&REV_00\4&37ba8cc&0&04E4) disappeared from the system
    without first being prepared for removal.
    7/18/2012 10:45:15 AM, Error: PlugPlayManager [12] - The device 'JMB38X SD/MMC Host Controller'
    (PCI\VEN_197B&DEV_2382&SUBSYS_30F7103C&REV_00\4&37ba8cc&0&00E4) disappeared from the system
    without first being prepared for removal.
    7/18/2012 10:45:15 AM, Error: PlugPlayManager [12] - The device 'JMB38X SD Host Controller'
    (PCI\VEN_197B&DEV_2381&SUBSYS_30F7103C&REV_00\4&37ba8cc&0&02E4) disappeared from the system
    without first being prepared for removal.
    7/18/2012 10:45:15 AM, Error: PlugPlayManager [12] - The device 'JMB38X MS Host Controller'
    (PCI\VEN_197B&DEV_2383&SUBSYS_30F7103C&REV_00\4&37ba8cc&0&03E4) disappeared from the system
    without first being prepared for removal.
    7/18/2012 10:41:58 AM, Error: Service Control Manager [7023] - The Computer Browser service
    terminated with the following error: The specified service does not exist as an installed
    service.
    7/18/2012 10:41:58 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service
    depends the following service: BFE. This service might not be installed.
    7/18/2012 10:41:58 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying
    Modules service depends the following service: BFE. This service might not be installed.
    7/17/2012 3:56:47 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default
    permission settings do not grant Local Activation permission for the COM Server application with
    CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Raji-PC\Raji SID (S-1-5-21-879802955-
    300227825-1068062260-1000) from address LocalHost (Using LRPC). This security permission can be
    modified using the Component Services administrative tool.
    7/17/2012 3:41:48 PM, Error: Service Control Manager [7009] - A timeout was reached (30000
    milliseconds) while waiting for the hpqwmiex service to connect.
    7/17/2012 3:41:48 PM, Error: Service Control Manager [7000] - The hpqwmiex service failed to
    start due to the following error: The service did not respond to the start or control request in
    a timely fashion.
    7/17/2012 3:41:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053"
    attempting to start the service hpqwmiex with arguments "" in order to run the server: {F5539356
    -2F02-40D4-999E-FA61F45FE12E}
    7/17/2012 11:48:03 AM, Error: Service Control Manager [7026] - The following boot-start or
    system-start driver(s) failed to load: AFD BHDrvx64 DfsC eeCtrl IDSVia64 NetBIOS netbt nsiproxy
    PCTSD PSched RasAcd rdbss Smb spldr SRTSP SRTSPX SymIRON SYMTDIv tdx Wanarpv6 ws2ifsl
    7/17/2012 11:48:03 AM, Error: Service Control Manager [7001] - The Workstation service depends
    on the Network Store Interface Service service which failed to start because of the following
    error: The dependency service or group failed to start.
    7/17/2012 11:48:03 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector
    Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start
    because of the following error: A device attached to the system is not functioning.
    7/17/2012 11:48:03 AM, Error: Service Control Manager [7001] - The WebClient service depends on
    the WebDav Client Redirector Driver service which failed to start because of the following error:
    The dependency service or group failed to start.
    7/17/2012 11:48:03 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service
    depends on the Ancilliary Function Driver for Winsock service which failed to start because of
    the following error: A device attached to the system is not functioning.
    7/17/2012 11:48:03 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper
    and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start
    because of the following error: A device attached to the system is not functioning.
    7/17/2012 11:48:03 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector
    service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start
    because of the following error: The dependency service or group failed to start.
    7/17/2012 11:48:03 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector
    service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start
    because of the following error: The dependency service or group failed to start.
    7/17/2012 11:48:03 AM, Error: Service Control Manager [7001] - The Network Store Interface
    Service service depends on the NSI proxy service service which failed to start because of the
    following error: A device attached to the system is not functioning.
    7/17/2012 11:48:03 AM, Error: Service Control Manager [7001] - The Network Location Awareness
    service depends on the Network Store Interface Service service which failed to start because of
    the following error: The dependency service or group failed to start.
    7/17/2012 11:48:03 AM, Error: Service Control Manager [7001] - The Network List Service service
    depends on the Network Location Awareness service which failed to start because of the following
    error: The dependency service or group failed to start.
    7/17/2012 11:48:03 AM, Error: Service Control Manager [7001] - The Network Connections service
    depends on the Network Store Interface Service service which failed to start because of the
    following error: The dependency service or group failed to start.
    7/17/2012 11:48:03 AM, Error: Service Control Manager [7001] - The DNS Client service depends on
    the NetIO Legacy TDI Support Driver service which failed to start because of the following error:
    A device attached to the system is not functioning.
    7/17/2012 11:48:03 AM, Error: Service Control Manager [7001] - The DHCP Client service depends
    on the Ancilliary Function Driver for Winsock service which failed to start because of the
    following error: A device attached to the system is not functioning.
    7/17/2012 11:48:03 AM, Error: Service Control Manager [7001] - The Computer Browser service
    depends on the Server service which failed to start because of the following error: The
    dependency service or group failed to start.
    7/17/2012 11:38:13 AM, Error: PCTCore [280] -
    7/17/2012 11:26:06 PM, Error: Service Control Manager [7034] - The PC Tools Security Service
    service terminated unexpectedly. It has done this 1 time(s).
    7/17/2012 10:46:13 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease
    192.168.0.103 for the Network Card with network address 0022FAB505A8 has been denied by the DHCP
    server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
    7/17/2012 10:05:48 AM, Error: Microsoft-Windows-WMPNSS-Service [14325] - Service 'WMPNetworkSvc'
    did not start correctly because QueryService encountered error '0x80070424'. In Windows Media
    Player, turn off media sharing, and then turn it back on.
    7/17/2012 10:05:10 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds)
    was reached while waiting for a transaction response from the SysMain service.
    7/16/2012 12:56:58 PM, Error: Service Control Manager [7026] - The following boot-start or
    system-start driver(s) failed to load: AFD BHDrvx64 DfsC eeCtrl IDSVia64 NetBIOS netbt nsiproxy
    PSched RasAcd rdbss Smb spldr SRTSP SRTSPX SymIRON SYMTDIv tdx Wanarpv6
    7/15/2012 9:08:00 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease
    192.168.0.102 for the Network Card with network address 0022FAB505A8 has been denied by the DHCP
    server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
    7/15/2012 2:37:05 PM, Error: Service Control Manager [7009] - A timeout was reached (30000
    milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to
    connect.
    7/15/2012 2:36:34 PM, Error: Service Control Manager [7009] - A timeout was reached (30000
    milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to
    connect.
    7/14/2012 8:53:59 AM, Error: EventLog [6008] - The previous system shutdown at 8:52:07 AM on
    7/14/2012 was unexpected.
    7/14/2012 4:09:08 PM, Error: Microsoft-Windows-ResourcePublication [1002] - Element
    Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both
    PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there
    were no errors adding the function instance.
    7/14/2012 3:46:56 PM, Error: Service Control Manager [7023] - The WMI Performance Adapter
    service terminated with the following error: Unspecified error
    7/13/2012 10:46:24 PM, Error: Service Control Manager [7009] - A timeout was reached (30000
    milliseconds) while waiting for the Adobe Flash Player Update Service service to connect.
    7/13/2012 10:46:24 PM, Error: Service Control Manager [7000] - The Adobe Flash Player Update
    Service service failed to start due to the following error: The service did not respond to the
    start or control request in a timely fashion.
    7/13/2012 10:10:06 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds)
    was reached while waiting for a transaction response from the TrkWks service.
    7/13/2012 10:09:36 PM, Error: Service Control Manager [7022] - The KtmRm for Distributed
    Transaction Coordinator service hung on starting.
    7/12/2012 7:04:09 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was
    reached while waiting for a transaction response from the ShellHWDetection service.
    7/12/2012 6:56:35 PM, Error: Service Control Manager [7043] - The Windows Modules Installer
    service did not shut down properly after receiving a preshutdown control.
    7/12/2012 10:28:32 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure:
    Windows failed to install the following update with error 0x800f0902: Security Update for Windows
    Vista for x64-based Systems (KB2719985).
    7/12/2012 10:26:25 AM, Error: Service Control Manager [7009] - A timeout was reached (30000
    milliseconds) while waiting for the Windows Search service to connect.
    7/12/2012 10:26:25 AM, Error: Service Control Manager [7000] - The Windows Search service failed
    to start due to the following error: The service did not respond to the start or control request
    in a timely fashion.
    7/12/2012 10:20:36 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to
    complete the process of setting package KB2719985 (Security Update) into Staged(Staged) state
    7/12/2012 10:03:43 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053"
    attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-
    AC08-4F1F-BEB7-5C22C517CE39}
    .
    ==== End Of File ===========================
     
  3. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===========================================

    Please disable "word wrap" in Notepad as your logs are hard to read.

    Next...

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ===========================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  4. Katie

    Katie TS Rookie Topic Starter Posts: 30

    Thanks for the reply. Do I have to disable my antivirus - Norton 360 while scanning? Do I need to disconnect my system from internet while scanning?
     
  5. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    No and no.
     
  6. Katie

    Katie TS Rookie Topic Starter Posts: 30

    I ran RogueKiller and aswMBR in my system. Here are the logs.

    RogueKiller V7.6.4 [07/17/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
    Started in : Normal mode
    User: Raji [Admin rights]
    Mode: Scan -- Date: 07/20/2012 21:47:01
    ¤¤¤ Bad processes: 0 ¤¤¤
    ¤¤¤ Registry Entries: 10 ¤¤¤
    [SUSP PATH] HKCU\[...]\Run : DW6 ("C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe") -> FOUND
    [SUSP PATH] HKCU\[...]\Run : 1109239105 (C:\Users\Raji\AppData\Local\Temp\tmph3771420601565033705.tmp) -> FOUND
    [BLACKLIST DLL] HKCU\[...]\Run : DDMSettings (rundll32.exe "C:\Users\Raji\AppData\Local\Deployment\DDMSettings\wvxrj.dll",CreateInstance) -> FOUND
    [SUSP PATH] HKUS\S-1-5-21-879802955-300227825-1068062260-1000[...]\Run : DW6 ("C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe") -> FOUND
    [SUSP PATH] HKUS\S-1-5-21-879802955-300227825-1068062260-1000[...]\Run : 1109239105 (C:\Users\Raji\AppData\Local\Temp\tmph3771420601565033705.tmp) -> FOUND
    [BLACKLIST DLL] HKUS\S-1-5-21-879802955-300227825-1068062260-1000[...]\Run : DDMSettings (rundll32.exe "C:\Users\Raji\AppData\Local\Deployment\DDMSettings\wvxrj.dll",CreateInstance) -> FOUND
    [SUSP PATH] 470164f8.job @ : C:\Users\Raji\AppData\Local\Temp\\setup824961016.exe -> FOUND
    [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:6092) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver: [NOT LOADED] ¤¤¤
    ¤¤¤ Infection : ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    127.0.0.1 localhost
    ::1 localhost

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: TOSHIBA MK3252GSX ATA Device +++++
    --- User ---
    [MBR] 3042ac42dd848363e6b07ab6e52bb23e
    [BSP] 2c93af9b09fa4d9245a24461a2f308bd : Toshiba tatooed MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 291682 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 597366784 | Size: 13559 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[1].txt >>
    RKreport[1].txt
     
  7. Katie

    Katie TS Rookie Topic Starter Posts: 30

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-07-20 21:49:35
    -----------------------------
    21:49:35.222 OS Version: Windows x64 6.0.6002 Service Pack 2
    21:49:35.222 Number of processors: 2 586 0x170A
    21:49:35.223 ComputerName: RAJI-PC UserName: Raji
    21:49:37.521 Initialize success
    21:49:52.149 AVAST engine download error: 0
    21:50:02.861 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    21:50:02.864 Disk 0 Vendor: TOSHIBA_MK3252GSX LV011C Size: 305245MB BusType: 3
    21:50:02.885 Disk 0 MBR read successfully
    21:50:02.889 Disk 0 MBR scan
    21:50:02.892 Disk 0 unknown MBR code
    21:50:02.900 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 291682 MB offset 2048
    21:50:02.931 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 13559 MB offset 597366784
    21:50:02.964 Disk 0 scanning C:\Windows\system32\drivers
    21:50:13.542 Service scanning
    21:50:44.194 Modules scanning
    21:50:44.205 Disk 0 trace - called modules:
    21:50:44.231 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
    21:50:44.238 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005f95790]
    21:50:44.246 3 CLASSPNP.SYS[fffffa6000a5bc33] -> nt!IofCallDriver -> [0xfffffa8004daf630]
    21:50:44.253 5 hpdskflt.sys[fffffa6001a020ee] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004c3c590]
    21:50:44.261 Scan finished successfully
    21:52:12.120 Disk 0 MBR has been saved successfully to "C:\Users\Raji\Desktop\MBR.dat"
    21:52:12.126 The log file has been saved successfully to "C:\Users\Raji\Desktop\aswMBR.txt"
     
  8. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  9. Katie

    Katie TS Rookie Topic Starter Posts: 30

    Help! Help! Combofix running for more than 35 minutes.

    I disabled Norton 360 Autoprotect and Firewall, and Malware bytes before starting Combofix. After I started Combofix, I received a warning message saying "Norton 360 is active" and then Combofix Autoscan is running in blue command prompt window. I noticed that the internet was not cutoff for more than half an hour evenafter Combofix started running. Now Combofix is running for 37 minutes. So far, scanning is completed till stage_43.
    I am not sure how to proceed now.
     
  10. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Keep it going.
     
  11. Katie

    Katie TS Rookie Topic Starter Posts: 30

    Since I was not sure what to do at that time, I killed Combofix process. I am running the Combofix now in my system again. Please let me know of this is fine.
     
  12. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    One of my rules says:
    [​IMG]
     
  13. Katie

    Katie TS Rookie Topic Starter Posts: 30

    I apologize for my mistake. I killed Comboowfix because Norton was running even after disabling. There were messages in my system tray saying " Norton background tasks are running".

    Combofix completed now. It took less than half an hour. Before Combofix created the log it restarted my machine and created log after that. Below is the log.

    ComboFix 12-07-21.01 - Raji 07/21/2012 15:40:52.2.2 - x64
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3998.1482 [GMT -4:00]
    Running from: c:\users\Raji\Desktop\ComboFix.exe
    AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\100
    c:\users\Raji\957bhwvz.exe
    c:\users\Raji\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
    c:\users\Raji\AppData\Roaming\Desktopicon
    c:\users\Raji\AppData\Roaming\Desktopicon\config.ini
    c:\users\Raji\AppData\Roaming\Desktopicon\uninstall.exe
    c:\users\Raji\Norton_Removal_Tool.exe
    c:\users\Raji\NPE.exe
    c:\windows\iun6002.exe
    c:\windows\SysWow64\muzapp.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-21 to 2012-07-21 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-21 19:52 . 2012-07-21 19:52 -------- d-----w- c:\users\Nathan\AppData\Local\temp
    2012-07-21 19:52 . 2012-07-21 19:52 -------- d-----w- c:\users\Guest2\AppData\Local\temp
    2012-07-19 18:00 . 2012-07-19 18:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-07-19 18:00 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-17 18:11 . 2012-07-17 18:11 -------- d-----w- c:\users\Raji\AppData\Local\Threat Expert
    2012-07-17 15:33 . 2012-07-18 03:29 -------- d-----w- c:\program files (x86)\PC Tools
    2012-07-17 15:22 . 2012-05-11 15:14 251528 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
    2012-07-17 15:21 . 2012-07-18 03:26 -------- d-----w- c:\programdata\PC Tools
    2012-07-17 15:21 . 2012-07-17 15:21 -------- d-----w- c:\users\Raji\AppData\Roaming\TestApp
    2012-07-15 14:08 . 2012-07-15 14:08 -------- d-----w- c:\users\Raji\AppData\Roaming\Malwarebytes
    2012-07-15 14:07 . 2012-07-15 14:07 -------- d-----w- c:\programdata\Malwarebytes
    2012-07-14 20:35 . 2012-07-14 20:35 -------- d-----w- c:\program files (x86)\Trend Micro
    2012-07-14 20:04 . 2012-07-14 20:04 -------- d--h--w- c:\windows\msdownld.tmp
    2012-07-14 13:05 . 2012-07-14 13:04 476976 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
    2012-07-14 13:05 . 2012-07-14 13:04 472880 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-07-14 03:14 . 2012-07-14 03:14 -------- d-----w- c:\programdata\VS
    2012-07-12 14:03 . 2012-06-13 13:58 2769408 ----a-w- c:\windows\system32\win32k.sys
    2012-06-27 21:45 . 2012-07-09 22:16 -------- d-----w- c:\users\Raji\AppData\Roaming\Nitro PDF
    2012-06-27 21:44 . 2012-06-27 21:44 -------- d-----w- c:\programdata\Nitro PDF
    2012-06-27 20:22 . 2012-06-27 20:22 -------- d-----w- c:\users\Raji\AppData\Roaming\Downloaded Installations
    2012-06-23 11:20 . 2012-06-23 11:20 94208 ----a-r- c:\users\Raji\AppData\Roaming\Microsoft\Installer\{0A2C5854-557E-48C8-835A-3B9F074BDCAA}\python_icon.exe
    2012-06-23 11:19 . 2012-06-24 18:11 -------- d-----w- C:\Python25
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-14 19:54 . 2012-05-31 17:31 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
    2012-07-12 14:09 . 2006-11-02 12:35 59701280 ----a-w- c:\windows\system32\mrt.exe
    2012-07-11 18:44 . 2012-06-01 13:27 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-11 18:44 . 2011-07-15 19:54 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-06-02 22:19 . 2012-06-19 13:51 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-19 13:51 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-19 13:51 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-19 13:51 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-19 13:51 35864 ----a-w- c:\windows\SysWow64\wups.dll
    2012-06-02 22:19 . 2012-06-19 13:51 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:19 . 2012-06-19 13:51 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
    2012-06-02 22:15 . 2012-06-19 13:51 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-19 13:51 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 22:12 . 2012-06-19 13:51 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
    2012-06-02 19:19 . 2012-06-19 13:50 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
    2012-06-02 19:19 . 2012-06-19 13:50 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 19:15 . 2012-06-19 13:50 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 19:12 . 2012-06-19 13:50 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
    2012-05-29 07:38 . 2011-11-29 20:38 330240 ----a-w- c:\windows\MASetupCaller.dll
    2012-05-01 14:29 . 2012-06-13 02:34 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-04-23 16:25 . 2012-06-13 02:32 1267200 ----a-w- c:\windows\system32\crypt32.dll
    2012-04-23 16:25 . 2012-06-13 02:32 174592 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-04-23 16:25 . 2012-06-13 02:32 132096 ----a-w- c:\windows\system32\cryptnet.dll
    2012-04-23 16:00 . 2012-06-13 02:32 984064 ----a-w- c:\windows\SysWow64\crypt32.dll
    2012-04-23 16:00 . 2012-06-13 02:32 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll
    2012-04-23 16:00 . 2012-06-13 02:32 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HPAdvisor"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-11-18 966656]
    "DownloadAccelerator"="c:\program files (x86)\DAP\DAP.EXE" [2009-10-28 2811392]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-27 39408]
    "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-07-03 904080]
    "KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-06-08 21432]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-11-29 1148200]
    "TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-12-25 1316136]
    "CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-12-25 189736]
    "TVAgent"="c:\program files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-01-21 210216]
    "UCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-15 218408]
    "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
    "UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-11-26 210216]
    "DpAgent"="c:\program files (x86)\DigitalPersona\Bin\dpagent.exe" [2008-12-11 842816]
    "QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]
    "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]
    "UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
    "HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
    "WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]
    "TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2009-09-24 198160]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    "SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-01-05 103896]
    "IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-23 206240]
    "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-06-08 3521464]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-19 994856]
    McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 250056]
    .
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    Themes
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-21 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-01 18:44]
    .
    2012-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-24 15:56]
    .
    2012-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-24 15:56]
    .
    2012-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-879802955-300227825-1068062260-1000Core.job
    - c:\users\Raji\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-26 15:19]
    .
    2012-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-879802955-300227825-1068062260-1000UA.job
    - c:\users\Raji\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-26 15:19]
    .
    2012-07-14 c:\windows\Tasks\HPCeeScheduleForRaji.job
    - c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-02-23 19:34]
    .
    2012-07-21 c:\windows\Tasks\User_Feed_Synchronization-{EBC5C322-389B-4D04-B305-CD7CDEC3E5F9}.job
    - c:\windows\system32\msfeedssync.exe [2011-07-08 14:23]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-01-21 246784]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-04 442368]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyServer = http=127.0.0.1:6092
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    TCP: DhcpNameServer = 192.168.0.1
    CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-DW6 - c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe
    Wow6432Node-HKCU-Run-DW7 - c:\program files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe
    Wow6432Node-HKCU-Run-KiesHelper - c:\program files (x86)\Samsung\Kies\KiesHelper.exe
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    WebBrowser-{4DA729A4-684A-4034-A45B-6D56CEAAE92B} - (no file)
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-Offline_Browser_1.0 - c:\windows\iun6002.exe
    AddRemove-eBay Shortcuts - c:\users\Raji\AppData\Roaming\Desktopicon\uninstall.exe
    AddRemove-MessageViewer Pro - c:\program files (x86)\Encryptomatic
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
    "ImagePath"="\"c:\program files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"
    --
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NSL]
    "ImagePath"="\"c:\program files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\diMaster.dll\" /prefetch:1"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
    "ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\DigitalPersona\Bin\DpHostW.exe
    c:\program files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
    c:\program files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
    c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
    c:\program files (x86)\SMINST\BLService.exe
    c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
    c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
    c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
    c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
    c:\windows\SysWOW64\DllHost.exe
    c:\program files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
    c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-21 16:04:20 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-21 20:04
    .
    Pre-Run: 119,794,524,160 bytes free
    Post-Run: 119,455,035,392 bytes free
    .
    - - End Of File - - FCE4BA41D53F75F32FEC493D66AF9B99
     
  14. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Looks good.

    How is redirection?

    =====================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  15. Katie

    Katie TS Rookie Topic Starter Posts: 30

    I donot get redirects now. But, whenever I visit a website it issues a security warning "You are about to view pages over a secure connection".

    I ran OTL. Here are the logs.
     
  16. Katie

    Katie TS Rookie Topic Starter Posts: 30

    OTL logfile created on: 7/21/2012 5:22:57 PM - Run 1
    OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Raji\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.90 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 44.54% Memory free
    8.00 Gb Paging File | 5.98 Gb Available in Paging File | 74.73% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 284.85 Gb Total Space | 109.97 Gb Free Space | 38.61% Space Free | Partition Type: NTFS
    Drive D: | 13.24 Gb Total Space | 2.05 Gb Free Space | 15.50% Space Free | Partition Type: NTFS

    Computer Name: RAJI-PC | User Name: Raji | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/21 17:21:29 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Raji\Desktop\OTL.exe
    PRC - [2012/07/11 14:44:52 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
    PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/06/08 07:02:10 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    PRC - [2012/06/08 07:02:02 | 003,521,464 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    PRC - [2012/01/04 23:24:50 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
    PRC - [2012/01/04 23:24:50 | 000,103,896 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    PRC - [2011/06/01 08:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
    PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccsvchst.exe
    PRC - [2010/11/23 22:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
    PRC - [2010/08/23 09:11:28 | 000,206,240 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
    PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    PRC - [2009/09/24 11:58:52 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
    PRC - [2009/01/21 11:23:16 | 000,210,216 | R--- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
    PRC - [2008/12/25 16:41:20 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    PRC - [2008/12/25 16:41:16 | 001,316,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
    PRC - [2008/12/17 20:11:40 | 000,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
    PRC - [2008/12/10 22:56:36 | 000,842,816 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
    PRC - [2008/12/10 22:56:36 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
    PRC - [2008/11/28 21:04:26 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    PRC - [2008/11/26 20:13:08 | 000,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
    PRC - [2008/11/26 20:13:08 | 000,116,096 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
     
  17. Katie

    Katie TS Rookie Topic Starter Posts: 30

    ========== Modules (No Company Name) ==========

    MOD - [2012/07/21 15:57:32 | 000,115,137 | ---- | M] () -- C:\Users\Raji\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
    MOD - [2012/06/17 19:02:12 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll
    MOD - [2012/06/17 18:48:04 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\63bc6e391de5014965039e100ce1e9d5\System.Runtime.Remoting.ni.dll
    MOD - [2012/06/17 15:22:18 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll
    MOD - [2012/06/17 14:43:30 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll
    MOD - [2012/06/17 14:43:17 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll
    MOD - [2012/06/17 14:42:09 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll
    MOD - [2012/06/17 14:41:46 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll
    MOD - [2012/06/17 14:41:38 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll
    MOD - [2012/06/17 14:40:47 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll
    MOD - [2012/06/17 14:40:34 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll
    MOD - [2012/06/17 14:40:17 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll
    MOD - [2012/06/17 14:40:11 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll
    MOD - [2012/06/17 14:39:16 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll
    MOD - [2012/06/08 07:02:10 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
    MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    MOD - [2008/12/25 16:41:24 | 000,881,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
    MOD - [2008/11/26 20:13:08 | 000,263,560 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLCapEngine.dll
    MOD - [2008/11/26 20:13:08 | 000,124,288 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLSchMgr.dll
    MOD - [2008/11/26 20:13:08 | 000,038,184 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLCapSvcps.dll
    MOD - [2008/11/26 20:13:06 | 000,349,480 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLTinyDB.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2009/06/03 22:43:18 | 000,239,104 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe -- (STacSV)
    SRV:64bit: - [2008/11/18 09:09:46 | 000,721,712 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vfsFPService.exe -- (vfsFPService)
    SRV:64bit: - [2008/03/18 19:25:40 | 000,023,040 | ---- | M] (Hewlett-Packard Corporation) [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
    SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/07/11 14:44:54 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/01/04 23:24:50 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
    SRV - [2011/06/01 08:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
    SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
    SRV - [2010/11/23 22:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe -- (NSL)
    SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
    SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/12/17 20:11:40 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
    SRV - [2008/12/10 22:56:36 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe -- (DpHost) @C:\Program Files (x86)
    SRV - [2008/11/26 20:13:08 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
    SRV - [2008/11/26 20:13:08 | 000,116,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
    SRV - [2008/11/18 09:09:42 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vfsFPService.exe -- (vfsFPService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/09/17 17:19:30 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
    DRV:64bit: - [2011/07/06 12:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2011/04/20 21:37:49 | 000,432,760 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\0502020.003\SYMTDIV.SYS -- (SYMTDIv)
    DRV:64bit: - [2011/03/30 23:00:09 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\0502020.003\SRTSP64.SYS -- (SRTSP)
    DRV:64bit: - [2011/03/30 23:00:09 | 000,040,568 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV:64bit: - [2011/03/14 22:31:23 | 000,912,504 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\SYMEFA64.SYS -- (SymEFA)
    DRV:64bit: - [2011/01/27 02:47:10 | 000,450,680 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\SYMDS64.SYS -- (SymDS)
    DRV:64bit: - [2011/01/27 01:07:06 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\Ironx64.SYS -- (SymIRON)
    DRV:64bit: - [2010/08/25 21:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
    DRV:64bit: - [2009/09/02 05:09:34 | 000,221,696 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
    DRV:64bit: - [2009/06/03 22:43:18 | 000,486,400 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2009/04/11 02:16:39 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDScan.sys -- (WSDScan)
    DRV:64bit: - [2009/03/30 23:56:20 | 005,430,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel(R)
    DRV:64bit: - [2008/09/04 13:48:00 | 000,064,000 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
    DRV:64bit: - [2008/07/21 06:53:04 | 000,145,496 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
    DRV:64bit: - [2008/07/15 04:20:42 | 000,126,464 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
    DRV:64bit: - [2008/06/23 07:54:02 | 000,099,368 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
    DRV:64bit: - [2008/06/23 07:54:02 | 000,091,176 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
    DRV:64bit: - [2008/06/23 07:54:02 | 000,019,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
    DRV:64bit: - [2008/03/27 15:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
    DRV:64bit: - [2008/03/27 15:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
    DRV:64bit: - [2008/01/31 19:23:14 | 000,195,120 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
    DRV:64bit: - [2008/01/20 22:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64) Intel(R)
    DRV:64bit: - [2008/01/20 22:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
    DRV:64bit: - [2008/01/20 22:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
    DRV:64bit: - [2007/06/18 20:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV:64bit: - [2006/10/03 21:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
    DRV - [2012/06/22 18:44:17 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120720.024\ex64.sys -- (NAVEX15)
    DRV - [2012/06/22 18:44:17 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
    DRV - [2012/06/22 18:44:17 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120720.024\eng64.sys -- (NAVENG)
    DRV - [2012/06/18 20:01:13 | 001,161,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120711.002\BHDrvx64.sys -- (BHDrvx64)
    DRV - [2012/06/14 14:39:24 | 000,509,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120720.001\IDSviA64.sys -- (IDSVia64)
    DRV - [2012/05/30 22:44:13 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2008/11/28 21:04:24 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/04/15 14:08:39] [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
     
  18. Katie

    Katie TS Rookie Topic Starter Posts: 30

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{2C284C26-5B06-4DFC-B46C-9D2EA294202A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
    IE:64bit: - HKLM\..\SearchScopes\{3F69DA71-DC06-4D09-BEF6-BC86B2EA700C}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{2C284C26-5B06-4DFC-B46C-9D2EA294202A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
    IE - HKLM\..\SearchScopes\{3F69DA71-DC06-4D09-BEF6-BC86B2EA700C}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

    IE - HKU\S-1-5-21-879802955-300227825-1068062260-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-21-879802955-300227825-1068062260-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    IE - HKU\S-1-5-21-879802955-300227825-1068062260-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.bing.com/search?FORM=UP50DF&PC=UP50&q={searchTerms}&src=IE-SearchBox
    IE - HKU\S-1-5-21-879802955-300227825-1068062260-1000\..\SearchScopes\{3F69DA71-DC06-4D09-BEF6-BC86B2EA700C}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    IE - HKU\S-1-5-21-879802955-300227825-1068062260-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...={outputEncoding}&sourceid=ie7&rlz=1I7SKPB_en
    IE - HKU\S-1-5-21-879802955-300227825-1068062260-1000\..\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}: "URL" = http://www.search-results.com/web?q...dis&prt=BDIE&chn=retail&geo=US&ver=4.0.0.1588
    IE - HKU\S-1-5-21-879802955-300227825-1068062260-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid=...1f8bffdd7&lang=en&ds=ft011&pr=sa&d=2012-05-23 16:22:49&v=11.1.1.7&sap=dsp&q={searchTerms}
    IE - HKU\S-1-5-21-879802955-300227825-1068062260-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={s...ype=W3i_DS,136,0_0,Search,20110626,6901,0,8,0
    IE - HKU\S-1-5-21-879802955-300227825-1068062260-1000\..\SearchScopes\{F71E614C-7B93-4D3D-928B-5DE8301F6362}: "URL" = http://search.babylon.com/?q={searc...SP_ss&mntrId=421da5410000000000000022fab505a8
    IE - HKU\S-1-5-21-879802955-300227825-1068062260-1000\..\SearchScopes\infoaxe_google: "URL" = http://www.infoaxe.com/enhancedsear...-8859-1&q={searchTerms}&sa=Search&dummyRnd=41
    IE - HKU\S-1-5-21-879802955-300227825-1068062260-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-879802955-300227825-1068062260-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Raji\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Raji\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Raji\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Raji\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2009/04/15 17:37:13 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.6\coFFNST\
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2012/02/02 11:31:55 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_10_1 [2012/07/21 15:54:28 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/10 17:13:37 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\firefoxext [2009/04/15 17:37:13 | 000,000,000 | ---D | M]

    [2012/05/22 20:52:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raji\AppData\Roaming\Mozilla\Extensions

    ========== Chrome ==========

    CHR - homepage:
    CHR - default_search_provider: Search the web (Babylon) (Enabled)
    CHR - default_search_provider: search_url = http://search.babylon.com/?q={searchTerms}&babsrc=SP_crm
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Raji\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Download Helper (Enabled) = C:\Users\Raji\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai\1.1.0_0\plugin/download_helper.dll
    CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Raji\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java(TM) Platform SE 6 U12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Raji\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Raji\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll
    CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
    CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
    CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: Adblock Plus (Beta) = C:\Users\Raji\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
    CHR - Extension: Skype Click to Call = C:\Users\Raji\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
    CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Raji\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

    O1 HOSTS File: ([2012/07/21 15:55:32 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll (Simple Adblock)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
    O2 - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
    O3:64bit: - HKU\S-1-5-21-879802955-300227825-1068062260-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKU\S-1-5-21-879802955-300227825-1068062260-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O3 - HKU\S-1-5-21-879802955-300227825-1068062260-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
    O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
    O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKU\S-1-5-21-879802955-300227825-1068062260-1000..\Run: [DownloadAccelerator] C:\Program Files (x86)\DAP\DAP.EXE (SpeedBit Ltd.)
    O4 - HKU\S-1-5-21-879802955-300227825-1068062260-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
    O4 - HKU\S-1-5-21-879802955-300227825-1068062260-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-879802955-300227825-1068062260-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-879802955-300227825-1068062260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E246836-E100-4655-82EC-41EB1956BE01}: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45836CEF-C2A4-4F3A-B7FA-719B101274B0}: DhcpNameServer = 207.69.188.186 207.69.188.187
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Users\Raji\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Raji\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/21 17:21:29 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Raji\Desktop\OTL.exe
    [2012/07/21 16:04:23 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/07/21 15:55:39 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/07/21 15:33:05 | 004,582,474 | R--- | C] (Swearware) -- C:\Users\Raji\Desktop\ComboFix.exe
    [2012/07/21 10:02:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/07/21 10:02:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/07/21 10:02:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/07/21 09:57:53 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/21 09:57:10 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/07/20 21:46:25 | 000,000,000 | ---D | C] -- C:\Users\Raji\Desktop\RK_Quarantine
    [2012/07/20 10:18:33 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Raji\Desktop\aswMBR.exe
    [2012/07/19 14:31:24 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Raji\Desktop\dds.scr
    [2012/07/19 14:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/07/19 14:00:51 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/07/19 14:00:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/07/19 13:59:30 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Raji\Desktop\mbam-setup-1.62.0.1300.exe
    [2012/07/17 14:11:19 | 000,000,000 | ---D | C] -- C:\Users\Raji\AppData\Local\Threat Expert
    [2012/07/17 11:33:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
    [2012/07/17 11:22:38 | 000,251,528 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
    [2012/07/17 11:21:04 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
    [2012/07/17 11:21:03 | 000,000,000 | ---D | C] -- C:\Users\Raji\AppData\Roaming\TestApp
    [2012/07/15 10:08:09 | 000,000,000 | ---D | C] -- C:\Users\Raji\AppData\Roaming\Malwarebytes
    [2012/07/15 10:07:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/07/14 16:35:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
    [2012/07/14 09:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2012/07/13 23:14:49 | 000,000,000 | ---D | C] -- C:\ProgramData\VS
    [2012/06/27 17:45:41 | 000,000,000 | ---D | C] -- C:\Users\Raji\AppData\Roaming\Nitro PDF
    [2012/06/27 17:44:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro PDF
    [2012/06/27 16:22:54 | 000,000,000 | ---D | C] -- C:\Users\Raji\AppData\Roaming\Downloaded Installations
    [2012/06/23 07:20:00 | 000,000,000 | ---D | C] -- C:\Users\Raji\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 2.5
    [2012/06/23 07:19:22 | 000,000,000 | ---D | C] -- C:\Python25
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
     
  19. Katie

    Katie TS Rookie Topic Starter Posts: 30

    ========== Files - Modified Within 30 Days ==========

    [2012/07/21 17:28:00 | 000,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EBC5C322-389B-4D04-B305-CD7CDEC3E5F9}.job
    [2012/07/21 17:21:29 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Raji\Desktop\OTL.exe
    [2012/07/21 16:52:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/07/21 16:52:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/07/21 16:44:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/07/21 16:39:11 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-879802955-300227825-1068062260-1000UA.job
    [2012/07/21 15:55:32 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/07/21 15:53:59 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/21 15:53:59 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/21 15:53:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/07/21 15:52:25 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2012/07/21 15:33:06 | 004,582,474 | R--- | M] (Swearware) -- C:\Users\Raji\Desktop\ComboFix.exe
    [2012/07/21 14:39:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-879802955-300227825-1068062260-1000Core.job
    [2012/07/21 09:38:07 | 000,007,052 | ---- | M] () -- C:\Users\Raji\AppData\Local\d3d9caps.dat
    [2012/07/20 21:52:12 | 000,000,512 | ---- | M] () -- C:\Users\Raji\Desktop\MBR.dat
    [2012/07/20 10:18:47 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Raji\Desktop\aswMBR.exe
    [2012/07/20 10:18:09 | 001,552,384 | ---- | M] () -- C:\Users\Raji\Desktop\RogueKiller.exe
    [2012/07/19 14:31:24 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Raji\Desktop\dds.scr
    [2012/07/19 14:08:57 | 000,302,592 | ---- | M] () -- C:\Users\Raji\Desktop\yibkuwj7.exe
    [2012/07/19 14:00:53 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/19 13:59:48 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Raji\Desktop\mbam-setup-1.62.0.1300.exe
    [2012/07/17 11:23:53 | 003,306,379 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
    [2012/07/14 16:33:01 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/07/13 22:03:57 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForRaji.job
    [2012/07/13 11:21:18 | 000,001,417 | ---- | M] () -- C:\Users\Raji\Desktop\DivX Movies.lnk
    [2012/07/13 11:21:05 | 000,000,947 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
    [2012/07/12 19:00:24 | 000,397,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/07/12 15:43:42 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2012/07/09 18:13:50 | 001,291,030 | ---- | M] () -- C:\Users\Raji\Desktop\Attachments_2012_07_9.zip
    [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/07/21 10:02:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/07/21 10:02:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/07/21 10:02:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/07/21 10:02:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/07/21 10:02:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/07/20 21:52:12 | 000,000,512 | ---- | C] () -- C:\Users\Raji\Desktop\MBR.dat
    [2012/07/20 10:18:09 | 001,552,384 | ---- | C] () -- C:\Users\Raji\Desktop\RogueKiller.exe
    [2012/07/19 14:08:56 | 000,302,592 | ---- | C] () -- C:\Users\Raji\Desktop\yibkuwj7.exe
    [2012/07/19 14:00:53 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/17 11:22:46 | 003,306,379 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
    [2012/07/14 16:33:01 | 000,002,052 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2012/07/13 11:21:18 | 000,001,417 | ---- | C] () -- C:\Users\Raji\Desktop\DivX Movies.lnk
    [2012/07/13 11:21:04 | 000,000,947 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
    [2012/07/13 10:49:06 | 000,000,330 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForRaji.job
    [2012/07/09 18:14:02 | 001,291,030 | ---- | C] () -- C:\Users\Raji\Desktop\Attachments_2012_07_9.zip
    [2011/11/29 16:38:18 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
    [2011/11/29 16:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
    [2011/11/29 16:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
    [2011/11/29 16:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
    [2011/11/29 16:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
    [2011/06/19 22:49:46 | 000,001,940 | ---- | C] () -- C:\Users\Raji\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2010/08/25 21:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
    [2010/08/25 21:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
    [2010/08/25 21:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
    [2010/08/25 20:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
    [2010/08/25 20:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
    [2009/11/30 11:05:28 | 000,115,755 | ---- | C] () -- C:\Users\Raji\Invitation0000.pdf
    [2009/11/30 11:05:17 | 000,129,114 | ---- | C] () -- C:\Users\Raji\Invitation_10000.pdf
    [2009/08/27 13:22:22 | 000,000,732 | ---- | C] () -- C:\Users\Raji\AppData\Local\d3d9caps64.dat
    [2009/07/17 10:54:51 | 000,007,052 | ---- | C] () -- C:\Users\Raji\AppData\Local\d3d9caps.dat
    [2009/05/25 18:41:52 | 000,142,848 | ---- | C] () -- C:\Users\Raji\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== LOP Check ==========

    [2010/06/02 19:27:10 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\DigitalPersona
    [2010/06/02 19:29:57 | 000,000,000 | ---D | M] -- C:\Users\Guest2\AppData\Roaming\DigitalPersona
    [2009/08/28 14:16:37 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\DigitalPersona
    [2012/02/10 17:07:16 | 000,000,000 | ---D | M] -- C:\Users\Raji\AppData\Roaming\Babylon
    [2010/05/03 23:09:12 | 000,000,000 | ---D | M] -- C:\Users\Raji\AppData\Roaming\Big Fish Games
    [2011/07/24 18:54:49 | 000,000,000 | ---D | M] -- C:\Users\Raji\AppData\Roaming\Canon
    [2012/03/07 19:44:58 | 000,000,000 | ---D | M] -- C:\Users\Raji\AppData\Roaming\Centra
    [2010/01/13 12:40:34 | 000,000,000 | ---D | M] -- C:\Users\Raji\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2009/04/24 21:11:23 | 000,000,000 | ---D | M] -- C:\Users\Raji\AppData\Roaming\DigitalPersona
    [2012/06/27 16:22:54 | 000,000,000 | ---D | M] -- C:\Users\Raji\AppData\Roaming\Downloaded Installations
    [2010/05/06 14:46:29 | 000,000,000 | ---D | M] -- C:\Users\Raji\AppData\Roaming\ElementalsTheMagicKey
    [2009/07/06 19:48:40 | 000,000,000 | ---D | M] -- C:\Users\Raji\AppData\Roaming\Encryptomatic, LLC
    [2012/01/24 18:20:03 | 000,000,000 | ---D | M] -- C:\Users\Raji\AppData\Roaming\FloodLightGames
    [2012/01/25 17:13:36 | 000,000,000 | ---D | M] -- C:\Users\Raji\AppData\Roaming\Gamelab
    [2012/05/04 14:42:34 | 000,000,000 | ---D | M] -- C:\Users\Raji\AppData\Roaming\GrabPro
    [2009/07/06 19:48:48 | 000,000,000 | ---D | M] -- C:\Users\Raji\AppData\Roaming\MessageViewer
    [2009/07/06 20:06:20 | 000,000,000 | ---D | M] -- C:\Users\Raji\AppData\Roaming\MessageViewerPro
    [2012/05/06 23:44:38 | 000,000,000 | ---D | M] -- C:\Users\Raji\AppData\Roaming\MiniDm
    [2009/07/07 01:35:24 | 000,000,000 | ---D | M] -- C:\Users\Raji\AppData\Roaming\MSGView
    [2012/07/09 18:16:11 | 000,000,000 | ---D | M] -- C:\Users\Raji\AppData\Roaming\Nitro PDF
    [2011/11/28 21:49:46 | 000,000,000 | ---D | M] -- C:\Users\Raji\AppData\Roaming\passport_photo
    [2012/01/29 23:11:23 | 000,000,000 | ---D | M] -- C:\Users\Raji\AppData\Roaming\PlayFirst
    [2012/03/07 19:46:22 | 000,000,000 | ---D | M] -- C:\Users\Raji\AppData\Roaming\Saba
    [2012/06/17 14:05:08 | 000,000,000 | ---D | M] -- C:\Users\Raji\AppData\Roaming\Samsung
    [2012/05/13 21:42:19 | 000,000,000 | ---D | M] -- C:\Users\Raji\AppData\Roaming\SuperPump
    [2012/07/17 11:21:03 | 000,000,000 | ---D | M] -- C:\Users\Raji\AppData\Roaming\TestApp
    [2012/07/21 16:53:42 | 000,000,000 | ---D | M] -- C:\Users\Raji\AppData\Roaming\uTorrent
    [2012/04/06 17:52:35 | 000,000,000 | ---D | M] -- C:\Users\Raji\AppData\Roaming\wc3270
    [2012/07/21 15:52:26 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2012/07/21 17:28:00 | 000,000,432 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{EBC5C322-389B-4D04-B305-CD7CDEC3E5F9}.job

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 178 bytes -> C:\ProgramData\Temp:29159220
    @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:404D80C3
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:D7B5C4CF
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:A9662AE0
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1
    @Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:DFC5A2B2
    < End of report >
     
  20. Katie

    Katie TS Rookie Topic Starter Posts: 30

    OTL Extras logfile created on: 7/21/2012 5:22:57 PM - Run 1
    OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Raji\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.90 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 44.54% Memory free
    8.00 Gb Paging File | 5.98 Gb Available in Paging File | 74.73% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 284.85 Gb Total Space | 109.97 Gb Free Space | 38.61% Space Free | Partition Type: NTFS
    Drive D: | 13.24 Gb Total Space | 2.05 Gb Free Space | 15.50% Space Free | Partition Type: NTFS

    Computer Name: RAJI-PC | User Name: Raji | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    [HKEY_USERS\S-1-5-21-879802955-300227825-1068062260-1000\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
    "VistaSp2" = A7 BC D7 12 7C EA CA 01 [binary data]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
     
  21. Katie

    Katie TS Rookie Topic Starter Posts: 30

    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{214D949C-82F6-47DC-9A3B-06C8690FDCE4}" = rport=445 | protocol=6 | dir=out | app=system |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{287E9E9C-E1B8-4347-BBAB-94263631197B}" = rport=138 | protocol=17 | dir=out | app=system |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2D0160FE-01CD-4FC1-837B-9B0AAF6BC2D3}" = lport=138 | protocol=17 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{3414572D-27C2-485D-97F3-691FB5DB8489}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4152C4B9-09CF-4D04-B348-3C93D9408F5D}" = rport=137 | protocol=17 | dir=out | app=system |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{8E2E7ABF-26C6-4C77-8738-76A290638DE8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{8FE9B963-1B99-4E91-B32E-8D0BB45A4B4C}" = lport=137 | protocol=17 | dir=in | app=system |
    "{90583CE4-DC6E-41C5-85FC-888CBD057896}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
    "{956BC9FA-D0E8-49A1-97E9-C8EC0361AA5C}" = lport=445 | protocol=6 | dir=in | app=system |
    "{9FC76FA5-17D7-4A94-A94E-A5BF0FEFD40D}" = rport=139 | protocol=6 | dir=out | app=system |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{D538F9DF-8C18-4F64-B43F-741669EFCD24}" = lport=139 | protocol=6 | dir=in | app=system |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{15BFAA47-27DC-497A-A84E-11BA713E232C}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
    "{1E3E1F5D-EC77-4843-B60D-6C4FDE4C22C7}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
    "{24DEE24E-1EF0-495A-AA97-83942E82C88B}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
    "{266668CC-CEB3-4631-A9CF-D6BA290C2727}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
    "{2FE85BBE-3DAB-4983-9BC4-F72372CC0DF4}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "{33F25B80-4D79-4A25-8656-488FC9DF6176}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
    "{39AAB840-CE72-4C9B-B9DF-85198DC9E692}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
    "{3A3F17E2-E561-48B6-8105-EE6A11655BA3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{3DFB82D6-5854-4179-832E-21A2189C1B85}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
    "{43BF6015-0E72-4C41-985D-2D9F71727147}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
    "{4565835D-94A6-4C2D-B188-965F0F7DAFF6}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{4C1D311C-2200-4732-ADF1-FFA74ECDA443}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{546D8844-874E-4B01-9735-4CD8B12E9E67}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62776E55-9918-4829-B506-BFC5827E05CE}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{69DA9F39-DD90-4C40-95CF-07E2322C1EEC}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{95578EA3-8D0F-4CAB-94A0-B85649422852}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{97A16636-155B-4321-9D5B-55C24A04163B}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "{99881390-228D-480F-9EF1-C3ED26A8D3EA}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{9ECF24A4-6143-426A-9C9E-987FE963EF31}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{ADD640B1-6908-4CBC-BD03-60544779DFB2}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
    "{B1029E5B-389A-483C-A063-D4F943D5712A}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
    "{B37C801F-836C-4676-B71E-BFCFD4FFDFD1}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{C3E9F6F0-C259-4D5F-A1EB-55E032978824}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
    "{C41AD297-B324-474E-9E83-1F9945E78E3E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{C6EC8F78-A38C-4C62-9BCF-96B25F151CAB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{C7AAA9F1-2F63-40FB-AEAE-79A101D3BBC0}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{CFC3F906-6606-43C2-818A-416D0199CED8}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{D450E295-149B-48A5-AC2E-009C51E2988B}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
    "{D97B625D-E0FD-4944-8253-94A7E36DAE4D}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
    "{DA111B2B-23EE-452D-8B35-2FED53A780B7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{DB257588-07B2-497F-8910-75EE30022D74}" = protocol=6 | dir=in | app=c:\windows\temp\~os93d6.tmp\rlvknlg.exe |
    "{DC4A4BE9-5F7C-4B6B-9981-D94778E130FA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{E78DA84F-6854-46EC-B3BB-AEDE68CD5A48}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F4F37300-CAE0-46C6-9B48-1BE3BCCB3A24}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe |
    "{F648834F-223D-4DA6-A264-6CFEC276D34B}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "TCP Query User{430D7EE8-29D0-401D-8107-28A0E700D78D}C:\program files (x86)\dap\dap.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dap\dap.exe |
    "TCP Query User{9A211F21-0BA8-4DCF-83B0-F8A16ACE58DC}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
    "TCP Query User{AE38F17A-617D-4D0B-81D7-53E75010960D}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
    "TCP Query User{E5FE0AE1-D529-4BEB-A2B8-5346C32FE6FC}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "UDP Query User{14BA4D9F-3A61-42A5-AB75-701BB0063959}C:\program files (x86)\dap\dap.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dap\dap.exe |
    "UDP Query User{5B2CE61C-51A8-4BE8-91EA-D051BC3C5844}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
    "UDP Query User{778F15B1-A830-4410-8CFF-E69CD6A2B460}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "UDP Query User{D7C82FE1-0597-4FC6-A1BF-839B868DCE4F}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6204
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers
    "{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
    "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
    "{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
    "{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
    "{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
    "{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
    "{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
    "{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    "{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
    "{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{F1568AA6-5982-4AFB-A871-C68E4328BC3B}" = HP MediaSmart SmartMenu
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F65B8208-5221-43D9-AA12-DDEA64EC4AF6}" = Validity Sensors software
    "{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
    "{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
    "{FC930DA2-760E-4996-B4DA-4BD6560FA666}" = DigitalPersona Personal 4.0
    "07B260955637F1FF7587ED2AA87459040DD09BF7" = Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)
    "CutePDF Writer Installation" = CutePDF Writer 2.8
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
    "Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
    "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
    "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
    "{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
    "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
    "{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
    "{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{23E46721-2BD9-4F5B-876E-FC4EEB07019A}" = MessageViewer Lite
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
    "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
    "{2EA45803-BEB7-46C4-9ADC-46A5F9E7BB77}" = GEAR driver installer for x86 and x64
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
    "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 L1
    "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
    "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
    "{3F15E203-BC3E-3597-84CD-EDF99546C917}" = Google Talk Plugin
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU
    "{4916DFBD-403B-4707-AA64-294DC082B99F}" = HP Total Care Setup
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
    "{59308225-510C-4492-A7E4-71625FAD545E}" = Simple Adblock
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
    "{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
    "{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar
    "{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
    "{6F119385-3E06-4C14-ACAB-51312E78BF72}" = Phonico Dialer
    "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
    "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7B798B31-2F33-4DC8-BDA4-D36488E86636}" = Slingbox - Watch Your TV Anywhere
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.7
    "{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{C4CF43CE-94AE-498E-9EB1-C804E05CB3CA}" = HP User Guides 0125
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
    "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
    "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
    "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "{E30E7561-A466-4393-B8BF-FD93E733EF3C}" = Microsoft Office Live Meeting 2007
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{E5E29403-3D25-40C6-892B-F9FEE2A95585}" = HP Wireless Assistant
    "{E8020EC7-5DD8-80C9-7237-7B2E9BDA8CC6}" = muvee Reveal
    "{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "Ace DivX Player_is1" = Ace DivX Player v2.1
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
    "CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
    "Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
    "Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
    "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
    "CanonMyPrinter" = Canon My Printer
    "CanonSolutionMenu" = Canon Utilities Solution Menu
    "CentraClient" = Centra Client
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "DivX Setup" = DivX Setup
    "Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
    "Dziobas Rar Player_is1" = Dziobas Rar Player 0.009.39
    "Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
    "Easy-WebPrint EX" = Canon Easy-WebPrint EX
    "Elementals: The Magic Key™" = Elementals: The Magic Key™
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "Google Chrome" = Google Chrome
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "HP.MediaSmartSlingPlayer_is1" = HP MediaSmart SlingPlayer
    "InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
    "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "Kural4.0" = Kural Tamil Software 4.0
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "McAfee Security Scan" = McAfee Security Scan Plus
    "Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU
    "Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
    "Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
    "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
    "MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
    "N360" = Norton 360
    "NST" = Norton Safe Web Lite
    "Offline_Browser_1.0" = IBMMAINFRAMES.com Online Browser 1.0
    "PhotoStitch" = Canon Utilities PhotoStitch
    "Picasa 3" = Picasa 3
    "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
    "RealPlayer 12.0" = RealPlayer
    "Registry Mechanic_is1" = PC Tools Registry Mechanic 11.0
    "RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
    "TeamViewer 6" = TeamViewer 6
    "uTorrent" = µTorrent
    "Veoh Web Player Beta" = Veoh Web Player
    "VLC media player" = VLC media player 1.0.2
    "wc3270_is1" = wc3270 3.3.12ga7
    "WildTangent hp Master Uninstall" = My HP Games
    "Yahoo! Messenger" = Yahoo! Messenger
    "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
     
  22. Katie

    Katie TS Rookie Topic Starter Posts: 30

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-879802955-300227825-1068062260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 10/21/2011 8:27:36 AM | Computer Name = Raji-PC | Source = HP AdvisorUpdate | ID = 0
    Description = Could not find a part of the path 'C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd'.
    at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String
    path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare
    share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share, Int32 bufferSize) at System.Xml.XmlDownloadManager.GetStream(Uri
    uri, ICredentials credentials) at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri,
    String role, Type ofObjectToReturn) at System.Xml.XmlReader.Create(String inputUri,
    XmlReaderSettings settings, XmlParserContext inputContext) at System.Xml.Schema.XmlSchemaSet.Add(String
    targetNamespace, String schemaUri) at HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String
    path) ValidateDocument failed Business\SearchTargets.xml

    Error - 10/22/2011 11:09:58 AM | Computer Name = Raji-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 10/22/2011 11:11:43 AM | Computer Name = Raji-PC | Source = HP AdvisorUpdate | ID = 0
    Description = Could not find a part of the path 'C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd'.
    at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String
    path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare
    share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share, Int32 bufferSize) at System.Xml.XmlDownloadManager.GetStream(Uri
    uri, ICredentials credentials) at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri,
    String role, Type ofObjectToReturn) at System.Xml.XmlReader.Create(String inputUri,
    XmlReaderSettings settings, XmlParserContext inputContext) at System.Xml.Schema.XmlSchemaSet.Add(String
    targetNamespace, String schemaUri) at HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String
    path) ValidateDocument failed Business\SearchTargets.xml

    Error - 10/23/2011 8:41:08 AM | Computer Name = Raji-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 10/23/2011 8:41:46 AM | Computer Name = Raji-PC | Source = Application Hang | ID = 1002
    Description = The program CNSLMAIN.EXE version 1.4.3.0 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Problem Reports and Solutions control panel. Process
    ID: 3e0 Start Time: 01cc918101fc8c30 Termination Time: 187

    Error - 10/23/2011 8:43:05 AM | Computer Name = Raji-PC | Source = HP AdvisorUpdate | ID = 0
    Description = Could not find a part of the path 'C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd'.
    at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String
    path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare
    share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share, Int32 bufferSize) at System.Xml.XmlDownloadManager.GetStream(Uri
    uri, ICredentials credentials) at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri,
    String role, Type ofObjectToReturn) at System.Xml.XmlReader.Create(String inputUri,
    XmlReaderSettings settings, XmlParserContext inputContext) at System.Xml.Schema.XmlSchemaSet.Add(String
    targetNamespace, String schemaUri) at HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String
    path) ValidateDocument failed Business\SearchTargets.xml

    Error - 10/24/2011 10:09:40 AM | Computer Name = Raji-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 10/24/2011 10:11:44 AM | Computer Name = Raji-PC | Source = HP AdvisorUpdate | ID = 0
    Description = Could not find a part of the path 'C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd'.
    at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String
    path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare
    share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share, Int32 bufferSize) at System.Xml.XmlDownloadManager.GetStream(Uri
    uri, ICredentials credentials) at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri,
    String role, Type ofObjectToReturn) at System.Xml.XmlReader.Create(String inputUri,
    XmlReaderSettings settings, XmlParserContext inputContext) at System.Xml.Schema.XmlSchemaSet.Add(String
    targetNamespace, String schemaUri) at HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String
    path) ValidateDocument failed Business\SearchTargets.xml

    Error - 11/1/2011 11:32:40 AM | Computer Name = Raji-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 11/1/2011 11:34:57 AM | Computer Name = Raji-PC | Source = HP AdvisorUpdate | ID = 0
    Description = Could not find a part of the path 'C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd'.
    at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String
    path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare
    share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share, Int32 bufferSize) at System.Xml.XmlDownloadManager.GetStream(Uri
    uri, ICredentials credentials) at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri,
    String role, Type ofObjectToReturn) at System.Xml.XmlReader.Create(String inputUri,
    XmlReaderSettings settings, XmlParserContext inputContext) at System.Xml.Schema.XmlSchemaSet.Add(String
    targetNamespace, String schemaUri) at HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String
    path) ValidateDocument failed Business\SearchTargets.xml

    [ DigitalPersona Pro Events ]
    Error - 8/28/2009 1:03:07 PM | Computer Name = Raji-PC | Source = DigitalPersona Pro | ID = 17827841
    Description = One-to-one fingerprint match failed.

    Error - 6/2/2010 7:44:45 PM | Computer Name = Raji-PC | Source = DigitalPersona Pro | ID = 17827841
    Description = One-to-one fingerprint match failed.

    Error - 8/10/2010 10:19:55 AM | Computer Name = Raji-PC | Source = DigitalPersona Pro | ID = 17827841
    Description = One-to-one fingerprint match failed.

    Error - 8/11/2010 11:02:50 AM | Computer Name = Raji-PC | Source = DigitalPersona Pro | ID = 17827841
    Description = One-to-one fingerprint match failed.

    Error - 10/7/2010 8:23:55 PM | Computer Name = Raji-PC | Source = DigitalPersona Pro | ID = 17827841
    Description = One-to-one fingerprint match failed.

    Error - 5/5/2012 10:21:02 AM | Computer Name = Raji-PC | Source = DigitalPersona Pro | ID = 17827841
    Description = One-to-one fingerprint match failed.

    [ OSession Events ]
    Error - 6/7/2009 3:59:32 PM | Computer Name = Raji-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 5/15/2012 12:13:28 PM | Computer Name = Raji-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 71641
    seconds with 240 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 7/21/2012 3:51:08 PM | Computer Name = Raji-PC | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 7/21/2012 3:52:10 PM | Computer Name = Raji-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 7/21/2012 3:55:11 PM | Computer Name = Raji-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 7/21/2012 3:57:21 PM | Computer Name = Raji-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 7/21/2012 3:58:02 PM | Computer Name = Raji-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 7/21/2012 3:58:27 PM | Computer Name = Raji-PC | Source = PlugPlayManager | ID = 12
    Description = The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_30F7103C&REV_00\4&37ba8cc&0&00E4)
    disappeared from the system without first being prepared for removal.

    Error - 7/21/2012 3:58:27 PM | Computer Name = Raji-PC | Source = PlugPlayManager | ID = 12
    Description = The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_30F7103C&REV_00\4&37ba8cc&0&02E4)
    disappeared from the system without first being prepared for removal.

    Error - 7/21/2012 3:58:27 PM | Computer Name = Raji-PC | Source = PlugPlayManager | ID = 12
    Description = The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_30F7103C&REV_00\4&37ba8cc&0&03E4)
    disappeared from the system without first being prepared for removal.

    Error - 7/21/2012 3:58:27 PM | Computer Name = Raji-PC | Source = PlugPlayManager | ID = 12
    Description = The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_30F7103C&REV_00\4&37ba8cc&0&04E4)
    disappeared from the system without first being prepared for removal.

    Error - 7/21/2012 3:58:59 PM | Computer Name = Raji-PC | Source = Service Control Manager | ID = 7011
    Description =


    < End of report >
     
  23. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Good news :)

    See here: http://forums.techguy.org/general-security/975873-solved-security-alert-when-starting.html

    ==========================================

    Uninstall McAfee Security Scan, typical foistware.

    ========================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
      O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      @Alternate Data Stream - 178 bytes -> C:\ProgramData\Temp:29159220
      @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:404D80C3
      @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:D7B5C4CF
      @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
      @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:A9662AE0
      @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1
      @Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:DFC5A2B2
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===========================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  24. Katie

    Katie TS Rookie Topic Starter Posts: 30

    I turned off the security alert. I uninstalled McAfee Security Scan.
    Here are the OTL, Security Check, FSS logs. I couldnot complete Eset Online Scanner. It says Unexpected error 2002.
     
  25. Katie

    Katie TS Rookie Topic Starter Posts: 30

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully.
    Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http not found.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\Windows\Downloaded Program Files\erma.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    ADS C:\ProgramData\Temp:29159220 deleted successfully.
    ADS C:\ProgramData\Temp:404D80C3 deleted successfully.
    ADS C:\ProgramData\Temp:D7B5C4CF deleted successfully.
    ADS C:\ProgramData\Temp:430C6D84 deleted successfully.
    ADS C:\ProgramData\Temp:A9662AE0 deleted successfully.
    ADS C:\ProgramData\Temp:D1B5B4F1 deleted successfully.
    ADS C:\ProgramData\Temp:DFC5A2B2 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 402 bytes

    User: Guest2
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 804 bytes
    ->Java cache emptied: 11440404 bytes
    ->Google Chrome cache emptied: 357711620 bytes
    ->Flash cache emptied: 16017 bytes

    User: Nathan
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 804 bytes
    ->Flash cache emptied: 731 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Raji
    ->Temp folder emptied: 1011718 bytes
    ->Temporary Internet Files folder emptied: 73038696 bytes
    ->Java cache emptied: 218318 bytes
    ->Google Chrome cache emptied: 355027278 bytes
    ->Flash cache emptied: 36430 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 762.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Guest

    User: Guest2
    ->Java cache emptied: 0 bytes

    User: Nathan

    User: Public

    User: Raji
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Guest

    User: Guest2
    ->Flash cache emptied: 0 bytes

    User: Nathan
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Raji
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.54.0 log created on 07222012_112938
    Files\Folders moved on Reboot...
    C:\Users\Raji\AppData\Local\Temp\ehmsas.txt moved successfully.
    PendingFileRenameOperations files...
    File C:\Users\Raji\AppData\Local\Temp\ehmsas.txt not found!
    Registry entries deleted on Reboot...
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...