TechSpot

Help needed with Google Redirector

By moonbeams116
Sep 5, 2011
  1. Have apparently gotten the Google Redirector and am trying to remove it but am not really finding the typical traces so am asking for help. Have followed the 6 step and the logs follow:

    1. Microsoft Security Essentials is my normal virus protection and is updated and full scan finds nothing

    2. Downloaded and updated MBAM. First scan log follows:

    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7655

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 9.0.8112.16421

    9/5/2011 10:49:56 AM
    mbam-log-2011-09-05 (10-49-56).txt

    Scan type: Quick scan
    Objects scanned: 159034
    Time elapsed: 5 minute(s), 45 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>MBAM end<<<<<<<<<<<<<<<<<<<<<<<

    Second run (after allowing it to remove above item)

    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7655

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 9.0.8112.16421

    9/5/2011 11:17:45 AM
    mbam-log-2011-09-05 (11-17-45).txt

    Scan type: Quick scan
    Objects scanned: 158609
    Time elapsed: 3 minute(s), 18 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    <<<<<<<<<<<<<<<<<<<<<<<<<<MBAM end>>>>>>>>>>>>>>>>>>>>>

    GMER LOG

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-09-05 11:53:05
    Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0
    Running: test.exe; Driver: C:\Users\suzie\AppData\Local\Temp\uglyrpow.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwSaveKey + 13D1 82C8D349 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CC6D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[1916] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75ECFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[1916] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75ECFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[1916] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75ECFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[1916] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75ECFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[1916] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75ECFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[1916] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75ECFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[1916] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [75ECFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74A12437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [749F5600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [749F56BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74A124B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74A08514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74A04CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74A0506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74A05144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [74A06671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74A0826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74A087BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74A0901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74A0E1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74A04BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\System32\rundll32.exe[3452] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75ECFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Windows\System32\rundll32.exe[3452] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75ECFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Windows\System32\rundll32.exe[3452] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75ECFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Windows\System32\rundll32.exe[3452] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75ECFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

    Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----
    <<<<<<<<<<<<<<<<<<<GMER END>>>>>>>>>>>>>>>>>>>>>>>>>

    DDS Logs:
    DDS TXT

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
    Run by suzie at 11:54:25 on 2011-09-05
    Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.2038.1018 [GMT -4:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\RtkAudioService.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Sony\Network Utility\NSUService.exe
    C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Sony\Network Utility\LANUtil.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Synaptics\Scrybe\scrybe.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    BHO: {08a1a2dc-af97-48a4-baf2-4316ccf6e357} - c:\windows\system32\wscui32.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [NSUFloatingUI] "c:\program files\sony\network utility\LANUtil.exe"
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [{E0309EC2-E9F5-4B5E-BB2E-4A118073BD2A}Update] c:\users\suzie\appdata\local\{e0309ec2-e9f5-4b5e-bb2e-4a118073bd2a}\{e0309ec2-e9f5-4b5e-bb2e-4a118073bd2a}update\{E0309EC2-E9F5-4B5E-BB2E-4A118073BD2A}updt32.exe
    uRun: [DirectxServiceVerifier] rundll32.exe "c:\programdata\DirectxServiceVerifier.dll",DllRegisterServer
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [Skytel] Skytel.exe
    mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
    mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
    mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
    mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\scrybe.lnk - c:\windows\installer\{147dfad8-34c3-4de1-9fca-acefde9ef810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    TCP: DhcpNameServer = 192.168.10.8 208.67.222.222 208.67.220.220
    TCP: Interfaces\{87C53C4F-D790-4F45-A120-FBE84E52FF8A} : DhcpNameServer = 192.168.10.8 208.67.222.222 208.67.220.220
    TCP: Interfaces\{87C53C4F-D790-4F45-A120-FBE84E52FF8A}\05861627D61636971212 : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{87C53C4F-D790-4F45-A120-FBE84E52FF8A}\4596473702D436745656 : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{87C53C4F-D790-4F45-A120-FBE84E52FF8A}\E4544574541425 : DhcpNameServer = 10.0.0.1
    TCP: Interfaces\{973D2AF0-99E3-4E39-A034-36175B6EC7F8} : DhcpNameServer = 72.214.195.244 68.105.28.16
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    Notify: VESWinlogon - VESWinlogon.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\suzie\appdata\roaming\mozilla\firefox\profiles\dk4y0l7q.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
    R1 MpKsl9715c13d;MpKsl9715c13d;c:\programdata\microsoft\microsoft antimalware\definition updates\{0f5a9143-73d0-4fe9-8dfc-8bfd8b765ffd}\MpKsl9715c13d.sys [2011-9-5 28752]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-5 366640]
    R2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2010-8-19 299008]
    R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [2010-8-19 104992]
    R2 ScrybeUpdater;Scrybe Updater;c:\program files\synaptics\scrybe\service\ScrybeUpdater.exe [2011-5-27 1300264]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-5 22712]
    R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-7-25 9344]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
    S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
    S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-7-2 15872]
    S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-2 52224]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-23 1343400]
    .
    =============== Created Last 30 ================
    .
    2011-09-05 14:52:10 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{0f5a9143-73d0-4fe9-8dfc-8bfd8b765ffd}\MpKsl9715c13d.sys
    2011-09-05 14:42:43 -------- d-----w- c:\users\suzie\appdata\roaming\Malwarebytes
    2011-09-05 14:42:36 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-09-05 14:42:33 -------- d-----w- c:\programdata\Malwarebytes
    2011-09-05 14:42:29 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-09-05 14:42:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-09-05 12:42:25 7152464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{0f5a9143-73d0-4fe9-8dfc-8bfd8b765ffd}\mpengine.dll
    2011-09-05 12:40:07 1699328 ----a-w- c:\windows\system32\esent.dll
    2011-09-05 12:40:07 148864 ----a-w- c:\windows\system32\drivers\storport.sys
    2011-09-05 12:40:07 1211264 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2011-09-05 12:40:06 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
    2011-09-05 12:40:06 74240 ----a-w- c:\windows\system32\fsutil.exe
    2011-09-05 12:40:06 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
    2011-09-05 12:40:06 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
    2011-09-05 12:40:06 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
    2011-09-05 12:40:06 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
    2011-09-05 12:38:42 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
    2011-09-05 12:37:29 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2011-09-05 01:24:15 -------- d-----w- c:\windows\system32\SPReview
    2011-09-05 01:22:46 -------- d-----w- c:\windows\system32\EventProviders
    2011-09-04 22:54:34 68608 ----a-w- c:\programdata\DirectxServiceVerifier.dll
    2011-08-24 02:27:36 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-08-11 21:38:06 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
    2011-08-11 21:37:56 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{3edf8ec1-484b-4edf-bab2-ed3af075fe56}\gapaengine.dll
    .
    ==================== Find3M ====================
    .
    2011-09-05 01:36:45 152576 ----a-w- c:\windows\system32\msclmd.dll
    2011-07-16 04:27:30 290816 ----a-w- c:\windows\system32\KernelBase.dll
    2011-07-16 02:17:19 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2011-07-16 02:17:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2011-07-16 02:17:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2011-07-16 02:17:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2011-07-09 02:30:00 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-06-24 04:27:01 169984 ----a-w- c:\windows\system32\winsrv.dll
    2011-06-24 04:22:20 271360 ----a-w- c:\windows\system32\conhost.exe
    2011-06-23 04:33:57 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-06-23 04:33:57 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-06-21 05:34:23 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-06-15 08:55:19 86016 ----a-w- c:\windows\system32\odbccu32.dll
    2011-06-15 08:55:19 81920 ----a-w- c:\windows\system32\odbccr32.dll
    2011-06-15 08:55:19 319488 ----a-w- c:\windows\system32\odbcjt32.dll
    2011-06-15 08:55:19 163840 ----a-w- c:\windows\system32\odbctrac.dll
    2011-06-15 08:55:19 122880 ----a-w- c:\windows\system32\odbccp32.dll
    2011-06-11 02:29:25 2334208 ----a-w- c:\windows\system32\win32k.sys
    .
    ============= FINISH: 11:55:40.15 ===============
    <<<<<<<<<<<<<DDS TXT END>>>>>>>>>>>>>>>>>
    <<<<<<<<<<<<<ATTACH.TXT >>>>>>>>>>>>>>>>>>
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Enterprise
    Boot Device: \Device\HarddiskVolume1
    Install Date: 8/19/2010 8:08:56 PM
    System Uptime: 9/5/2011 10:51:45 AM (1 hours ago)
    .
    Motherboard: Sony Corporation | | VAIO
    Processor: Intel(R) Pentium(R) Dual CPU T2310 @ 1.46GHz | N/A | 792/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 233 GiB total, 201.967 GiB free.
    D: is CDROM ()
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description:
    Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_8.07#TYS9MNFB&0#
    Manufacturer:
    Name: E:\
    PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_8.07#TYS9MNFB&0#
    Service: WUDFRd
    .
    Class GUID:
    Description: Mass Storage Controller
    Device ID: PCI\VEN_104C&DEV_803B&SUBSYS_902D104D&REV_00\4&23979A68&0&1AF0
    Manufacturer:
    Name: Mass Storage Controller
    PNP Device ID: PCI\VEN_104C&DEV_803B&SUBSYS_902D104D&REV_00\4&23979A68&0&1AF0
    Service:
    .
    ==== System Restore Points ===================
    .
    RP326: 9/4/2011 9:24:03 PM - Windows 7 Service Pack 1
    RP327: 9/4/2011 10:06:14 PM - Installed Java(TM) 6 Update 26
    RP328: 9/5/2011 8:35:04 AM - Windows Update
    RP329: 9/5/2011 8:40:20 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Apple Application Support
    Apple Software Update
    Canon MP Navigator EX 1.0
    Canon MP470 series
    Canon MP470 series User Registration
    Canon My Printer
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities Solution Menu
    D3DX10
    Foxit Creator
    Foxit Reader
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) TV Wizard
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 26
    Malwarebytes' Anti-Malware version 1.51.1.1800
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Ultimate 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Mozilla Firefox 6.0.1 (x86 en-US)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    OGA Notifier 2.0.0048.0
    QuickTime
    Realtek High Definition Audio Driver
    ScanSoft OmniPage SE 4
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft Office 2007 System (KB2541012)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2541007)
    Security Update for Microsoft Office Groove 2007 (KB2494047)
    Security Update for Microsoft Office InfoPath 2007 (KB2510061)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Sony Download Taxi 1.5.0.0
    Synaptics Gesture Suite featuring SYNAPTICS | Scrybe
    Synaptics Pointing Device Driver
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2509470)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2586924)
    VAIO Event Service
    VAIO Help and Support
    VAIO Smart Network
    Windows Driver Package - Sony Corporation (SFEP) HIDClass (05/21/2009 8.0.1.1)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/5/2011 9:54:49 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    9/5/2011 9:52:08 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{87C53C4F-D790-4F45-A120-FBE84E52FF8A} because another computer on the network has the same name. The server could not start.
    9/5/2011 10:52:33 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    9/5/2011 10:40:13 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    9/5/2011 10:02:11 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    9/5/2011 10:02:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    9/5/2011 10:02:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    9/5/2011 10:02:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    9/5/2011 10:02:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    9/5/2011 10:02:07 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    9/5/2011 10:02:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    9/5/2011 10:01:45 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
    9/5/2011 10:01:45 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    9/5/2011 10:01:45 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    9/5/2011 10:01:45 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    9/5/2011 10:01:45 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    9/5/2011 10:01:45 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    9/5/2011 10:01:45 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    9/5/2011 10:01:45 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    9/5/2011 10:01:45 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    9/5/2011 10:01:45 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    9/5/2011 10:01:45 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    9/4/2011 9:59:41 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    9/4/2011 9:57:14 PM, Error: Microsoft-Windows-WMPNSS-Service [14353] - A media delivery engine with ID '0' was not initialized due to error '0x80070005' when adding the URL 'http://+:10243/WMPNSSv4/3859000047/'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.
    9/4/2011 9:57:14 PM, Error: Microsoft-Windows-WMPNSS-Service [14349] - A new media server was not initialized because the Windows Media Delivery Engine did not initialize due to error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.
    9/4/2011 9:55:19 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    9/4/2011 8:42:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.111.1449.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7604.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    9/4/2011 8:15:38 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.111.1425.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7604.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    9/4/2011 8:15:27 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.111.1425.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7604.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    9/3/2011 8:09:29 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    9/2/2011 4:09:19 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    9/1/2011 2:12:14 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    8/31/2011 6:22:46 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    8/30/2011 12:47:54 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    8/29/2011 12:27:25 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.111.925.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7604.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    .
    ==== End Of File ===========================
    <<<<<<<<<<<<<<<<<<<<<<Attach.txt End>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

    After this I re-enabled MSE and reconnected to the internet. Tried both Firefox and IE9 and both exhibit Google redirect issue.

    HELP and thanks in advance

    S
     
  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =================================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  3. moonbeams116

    moonbeams116 TS Rookie Topic Starter

    Thanks for the warm welcome and the FAST response...appreciate it muchly...

    Here's the log from aswMBR followed by the Combofix.txt file....

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-09-05 13:24:01
    -----------------------------
    13:24:01.580 OS Version: Windows 6.1.7601 Service Pack 1
    13:24:01.581 Number of processors: 2 586 0xF0D
    13:24:01.584 ComputerName: SUZIE-LAPTOP UserName: suzie
    13:24:02.934 Initialize success
    13:27:49.282 AVAST engine defs: 11090500
    13:29:10.248 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
    13:29:10.253 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
    13:29:10.766 Disk 0 MBR read successfully
    13:29:10.770 Disk 0 MBR scan
    13:29:10.778 Disk 0 Windows 7 default MBR code
    13:29:11.173 Disk 0 scanning sectors +488394752
    13:29:11.649 Disk 0 scanning C:\Windows\system32\drivers
    13:30:51.748 Service scanning
    13:30:52.443 Service MpKslc5971504 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1B4DA278-F194-4B1E-9717-B8D2155493BE}\MpKslc5971504.sys **LOCKED** 32
    13:30:52.458 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
    13:30:53.336 Modules scanning
    13:33:28.126 Disk 0 trace - called modules:
    13:33:28.207
    13:33:29.733 AVAST engine scan C:\Windows
    13:35:10.839 AVAST engine scan C:\Windows\system32
    13:44:27.667 AVAST engine scan C:\Windows\system32\drivers
    13:44:55.640 AVAST engine scan C:\Users\suzie
    13:57:24.351 AVAST engine scan C:\ProgramData
    13:58:15.266 Scan finished successfully
    13:59:50.063 Disk 0 MBR has been saved successfully to "C:\Users\suzie\Desktop\MBR.dat"
    13:59:50.275 The log file has been saved successfully to "C:\Users\suzie\Desktop\aswMBR.txt"

    <<<<<<<<<<<<<<<<<<<<END OF aswMBR.TXT>>>>>>>>>>>>>>>>>>

    COMBOFIX.TXT

    ComboFix 11-09-05.04 - suzie 09/05/2011 14:05:48.1.2 - x86
    Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.2038.1112 [GMT -4:00]
    Running from: c:\users\suzie\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\DirectxServiceVerifier.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-08-05 to 2011-09-05 )))))))))))))))))))))))))))))))
    .
    .
    2011-09-05 18:14 . 2011-09-05 18:14 -------- d-----w- c:\users\suzie\AppData\Local\temp
    2011-09-05 18:14 . 2011-09-05 18:14 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-09-05 16:08 . 2011-09-05 16:08 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1B4DA278-F194-4B1E-9717-B8D2155493BE}\MpKslc5971504.sys
    2011-09-05 16:08 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1B4DA278-F194-4B1E-9717-B8D2155493BE}\mpengine.dll
    2011-09-05 14:42 . 2011-09-05 14:42 -------- d-----w- c:\users\suzie\AppData\Roaming\Malwarebytes
    2011-09-05 14:42 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-09-05 14:42 . 2011-09-05 14:42 -------- d-----w- c:\programdata\Malwarebytes
    2011-09-05 14:42 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-09-05 14:42 . 2011-09-05 14:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-09-05 12:40 . 2011-03-11 05:39 148864 ----a-w- c:\windows\system32\drivers\storport.sys
    2011-09-05 12:40 . 2011-03-11 05:39 1211264 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2011-09-05 12:40 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\system32\esent.dll
    2011-09-05 12:40 . 2011-03-11 05:39 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
    2011-09-05 12:40 . 2011-03-11 05:39 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
    2011-09-05 12:40 . 2011-03-11 05:38 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
    2011-09-05 12:40 . 2011-03-11 05:38 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
    2011-09-05 12:40 . 2011-03-11 05:38 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
    2011-09-05 12:40 . 2011-03-11 05:31 74240 ----a-w- c:\windows\system32\fsutil.exe
    2011-09-05 12:38 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
    2011-09-05 12:37 . 2011-02-03 05:54 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2011-09-05 02:08 . 2011-09-05 02:08 -------- d-----w- c:\program files\Common Files\Java
    2011-09-05 01:24 . 2011-09-05 01:24 -------- d-----w- c:\windows\system32\SPReview
    2011-09-05 01:22 . 2011-09-05 01:22 -------- d-----w- c:\windows\system32\EventProviders
    2011-08-24 02:27 . 2011-07-09 04:29 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-08-11 21:38 . 2011-07-04 11:24 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2011-08-11 21:37 . 2011-07-04 11:24 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3EDF8EC1-484B-4EDF-BAB2-ED3AF075FE56}\gapaengine.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-09-05 01:36 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
    2011-08-12 02:44 . 2011-07-06 19:02 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-06-11 02:29 . 2011-07-13 14:27 2334208 ----a-w- c:\windows\system32\win32k.sys
    2011-08-30 22:59 . 2011-09-05 16:07 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-11-05 262144]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [2009-07-23 6295552]
    "Skytel"="Skytel.exe" [2009-07-23 1826816]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-03-31 2221352]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
    "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
    "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Scrybe.lnk - c:\windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe [2011-8-1 45056]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    2009-07-14 15:15 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-23 1343400]
    S1 MpKslc5971504;MpKslc5971504;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1B4DA278-F194-4B1E-9717-B8D2155493BE}\MpKslc5971504.sys [2011-09-05 28752]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
    S2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2008-11-03 299008]
    S2 RtkAudioService;Realtek Audio Service;c:\windows\RtkAudioService.exe [2009-07-23 104992]
    S2 ScrybeUpdater;Scrybe Updater;c:\program files\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-05-27 1300264]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
    S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2010-07-26 9344]
    S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ASWMBR
    *NewlyCreated* - MPKSLC5971504
    *Deregistered* - aswMBR
    *Deregistered* - MBAMSwissArmy
    *Deregistered* - uglyrpow
    .
    .
    ------- Supplementary Scan -------
    .
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.10.8 208.67.222.222 208.67.220.220
    TCP: Interfaces\{87C53C4F-D790-4F45-A120-FBE84E52FF8A}\E4544574541425: DhcpNameServer = 10.0.0.1
    FF - ProfilePath - c:\users\suzie\AppData\Roaming\Mozilla\Firefox\Profiles\dk4y0l7q.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{08A1A2DC-AF97-48A4-BAF2-4316CCF6E357} - c:\windows\system32\wscui32.dll
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    HKCU-Run-{E0309EC2-E9F5-4B5E-BB2E-4A118073BD2A}Update - c:\users\suzie\AppData\Local\{E0309EC2-E9F5-4B5E-BB2E-4A118073BD2A}\{E0309EC2-E9F5-4B5E-BB2E-4A118073BD2A}Update\{E0309EC2-E9F5-4B5E-BB2E-4A118073BD2A}updt32.exe
    HKCU-Run-DirectxServiceVerifier - c:\programdata\DirectxServiceVerifier.dll
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-09-05 14:16:43
    ComboFix-quarantined-files.txt 2011-09-05 18:16
    .
    Pre-Run: 216,696,897,536 bytes free
    Post-Run: 216,464,080,896 bytes free
    .
    - - End Of File - - 3D4B22E7D00B3DBECB5DBE371545D99C

    <<<<<<<<<<<<<<<<<<<<<<<END OF COMBOFIX.TXT>>>>>>>>>>>>>>>>
     
  4. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Looks clean.

    Still redirected?

    If so, which browser?
     
  5. moonbeams116

    moonbeams116 TS Rookie Topic Starter

    WOOHOO....i tried both Firefox 6.0.1 (my default browser) and IE9 which I just upgraded to, and they're both working normally now...It looks like it may be fixed.

    I'll continue to try it and will let you know but for now I think it's fixed...

    By the way...is there any indication where this is coming from? I noticed there are a few new threads on the forum with this same problem starting the end of last week. Is this a new attack/variant that the AVS' have not yet caught up with?

    Thanks so much for your help and I really appreciate it...

    S.
     
  6. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    It's always hard to really pinpoint the culprit, but I'm glad to hear good news.

    We'll run couple more scans, just to make sure...

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  7. moonbeams116

    moonbeams116 TS Rookie Topic Starter

    OTL.TXT content:

    OTL logfile created on: 9/5/2011 3:49:26 PM - Run 1
    OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\suzie\Desktop
    Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 64.26% Memory free
    3.98 Gb Paging File | 3.04 Gb Available in Paging File | 76.33% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 232.79 Gb Total Space | 201.23 Gb Free Space | 86.45% Space Free | Partition Type: NTFS

    Computer Name: SUZIE-LAPTOP | User Name: Suzie-ADMIN | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/09/05 15:46:29 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\suzie\Desktop\OTL.exe
    PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2011/05/27 16:23:00 | 004,999,976 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\Scrybe\scrybe.exe
    PRC - [2011/05/27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
    PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2009/07/23 14:42:52 | 000,104,992 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RTKAUDIOSERVICE.EXE
    PRC - [2009/07/14 11:15:10 | 000,204,648 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    PRC - [2009/07/14 11:15:08 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
    PRC - [2008/11/05 08:32:40 | 000,262,144 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\LANUtil.exe
    PRC - [2008/11/03 16:01:44 | 000,299,008 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\NSUService.exe
    PRC - [2007/04/03 21:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    PRC - [2007/02/04 12:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/03/31 19:31:02 | 000,066,856 | ---- | M] () -- C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
    MOD - [2010/08/10 01:01:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/05/27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [Auto | Running] -- C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater)
    SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
    SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV - [2010/08/23 11:32:33 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2009/07/23 14:42:52 | 000,104,992 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Windows\RTKAUDIOSERVICE.EXE -- (RtkAudioService)
    SRV - [2009/07/14 11:15:10 | 000,204,648 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
    SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
    SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2008/11/03 16:01:44 | 000,299,008 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/09/05 15:39:28 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{254A42A6-42EC-4CBE-88AB-3F94A3CCA553}\MpKsld7c0c8f2.sys -- (MpKsld7c0c8f2)
    DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
    DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
    DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
    DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
    DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/11/20 06:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
    DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
    DRV - [2010/07/25 22:20:50 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
    DRV - [2010/05/28 20:24:32 | 001,870,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
    DRV - [2009/07/13 18:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = DC A2 A1 08 97 AF A4 48 BA F2 43 16 CC F6 E3 57 [binary data]

    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = DC A2 A1 08 97 AF A4 48 BA F2 43 16 CC F6 E3 57 [binary data]

    IE - HKU\S-1-5-21-2650750833-1674276335-2823952790-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKU\S-1-5-21-2650750833-1674276335-2823952790-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    IE - HKU\S-1-5-21-2650750833-1674276335-2823952790-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 56 D8 60 F8 FF 6B CC 01 [binary data]
    IE - HKU\S-1-5-21-2650750833-1674276335-2823952790-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = DC A2 A1 08 97 AF A4 48 BA F2 43 16 CC F6 E3 57 [binary data]
    IE - HKU\S-1-5-21-2650750833-1674276335-2823952790-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.google.com"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/05 12:07:58 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/14 09:58:02 | 000,000,000 | ---D | M]

    [2011/09/05 12:07:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/08/26 00:03:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/09/12 11:12:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2011/09/04 22:08:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    [2011/08/30 18:59:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2010/08/23 19:39:18 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
    [2011/08/30 15:41:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

    O1 HOSTS File: ([2011/09/05 14:14:42 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
    O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKU\S-1-5-21-2650750833-1674276335-2823952790-1000..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
    O4 - HKU\S-1-5-21-2650750833-1674276335-2823952790-1003..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
    O4 - HKU\S-1-5-21-2650750833-1674276335-2823952790-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O4 - Startup: C:\Users\All Users\Apple [2010/11/08 11:29:28 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Apple Computer [2011/04/10 13:05:00 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Application Data [2009/07/14 00:53:55 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\All Users\CanonBJ [2010/08/23 11:13:52 | 000,000,000 | -H-D | M]
    O4 - Startup: C:\Users\All Users\Desktop [2009/07/14 00:53:55 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\All Users\Documents [2009/07/14 00:53:55 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\All Users\ezsidmv.dat ()
    O4 - Startup: C:\Users\All Users\Favorites [2009/07/14 00:53:55 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\All Users\Hewlett-Packard [2010/09/11 16:08:17 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\InstallShield [2010/10/10 18:33:05 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Malwarebytes [2011/09/05 10:42:33 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Microsoft [2011/09/04 23:27:31 | 000,000,000 | --SD | M]
    O4 - Startup: C:\Users\All Users\Microsoft Help [2011/09/05 08:44:27 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Office Genuine Advantage [2010/10/09 14:21:40 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\ScanSoft [2010/10/10 18:32:57 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Skype [2011/07/23 07:56:02 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Start Menu [2009/07/14 00:53:55 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\All Users\Sun [2010/08/26 00:03:44 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Synaptics [2011/08/01 14:00:48 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\TEMP [2010/08/31 18:13:16 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Templates [2009/07/14 00:53:55 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\All Users\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010/11/08 11:32:44 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\Default\AppData [2009/07/13 22:37:05 | 000,000,000 | -H-D | M]
    O4 - Startup: C:\Users\Default\Application Data [2009/07/14 00:53:55 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Default\Desktop [2009/07/13 22:04:25 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Default\Documents [2009/07/14 00:53:55 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Default\Downloads [2009/07/13 22:04:25 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Default\Favorites [2009/07/13 22:04:25 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Default\Links [2009/07/13 22:04:25 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Default\Local Settings [2009/07/14 00:53:55 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Default\Music [2009/07/13 22:04:25 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Default\My Documents [2009/07/14 00:53:55 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Default\NetHood [2009/07/14 00:53:55 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Default\NTUSER.DAT ()
    O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG ()
    O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG1 ()
    O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG2 ()
    O4 - Startup: C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf ()
    O4 - Startup: C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms ()
    O4 - Startup: C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms ()
    O4 - Startup: C:\Users\Default\Pictures [2009/07/13 22:04:25 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Default\PrintHood [2009/07/14 00:53:55 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Default\Recent [2009/07/14 00:53:55 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Default\Saved Games [2009/07/13 22:04:25 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\Default\SendTo [2009/07/14 00:53:55 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Default\Start Menu [2009/07/14 00:53:55 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Default\Templates [2009/07/14 00:53:55 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Default\Videos [2009/07/13 22:04:25 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Public\AppData [2011/09/05 14:16:46 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\Public\Desktop [2011/09/05 15:28:09 | 000,000,000 | RH-D | M]
    O4 - Startup: C:\Users\Public\Documents [2009/07/14 00:53:55 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Public\Downloads [2009/07/14 00:41:57 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Public\Favorites [2009/07/13 22:04:25 | 000,000,000 | RH-D | M]
    O4 - Startup: C:\Users\Public\Libraries [2010/08/19 21:45:07 | 000,000,000 | RH-D | M]
    O4 - Startup: C:\Users\Public\Music [2009/07/14 00:41:57 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Public\Pictures [2009/07/14 00:41:57 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Public\Recorded TV [2010/09/19 20:13:31 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Public\Videos [2009/07/14 00:41:57 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\suzie\.recently-used.xbel ()
    O4 - Startup: C:\Users\suzie\AppData [2010/08/19 20:09:04 | 000,000,000 | -H-D | M]
    O4 - Startup: C:\Users\suzie\Application Data [2010/08/19 20:09:04 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\suzie\Contacts [2011/09/04 22:00:07 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\suzie\Cookies [2010/08/19 20:09:04 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\suzie\Desktop [2011/09/05 15:46:24 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\suzie\My Documents [2010/08/19 20:09:04 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\suzie\Downloads [2011/09/05 14:00:31 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\suzie\Favorites [2011/09/04 22:00:07 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\suzie\Links [2011/09/04 22:00:07 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\suzie\Local Settings [2010/08/19 20:09:04 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\suzie\Music [2011/09/04 22:00:07 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\suzie\My Documents [2010/08/19 20:09:04 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\suzie\NetHood [2010/08/19 20:09:04 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\suzie\NTUSER.DAT ()
    O4 - Startup: C:\Users\suzie\ntuser.dat.LOG1 ()
    O4 - Startup: C:\Users\suzie\ntuser.dat.LOG2 ()
    O4 - Startup: C:\Users\suzie\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf ()
    O4 - Startup: C:\Users\suzie\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms ()
    O4 - Startup: C:\Users\suzie\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms ()
    O4 - Startup: C:\Users\suzie\NTUSER.DAT{8e3c1a66-880e-11e0-b948-001a801ec62d}.TM.blf ()
    O4 - Startup: C:\Users\suzie\NTUSER.DAT{8e3c1a66-880e-11e0-b948-001a801ec62d}.TMContainer00000000000000000001.regtrans-ms ()
    O4 - Startup: C:\Users\suzie\NTUSER.DAT{8e3c1a66-880e-11e0-b948-001a801ec62d}.TMContainer00000000000000000002.regtrans-ms ()
    O4 - Startup: C:\Users\suzie\ntuser.ini ()
    O4 - Startup: C:\Users\suzie\Office Genuine Advantage [2010/10/09 14:21:39 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\suzie\Pictures [2011/09/04 22:00:07 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\suzie\PrintHood [2010/08/19 20:09:04 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\suzie\Recent [2010/08/19 20:09:04 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\suzie\Saved Games [2011/09/04 22:00:07 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\suzie\Searches [2011/09/04 22:00:07 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\suzie\SendTo [2010/08/19 20:09:04 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\suzie\Start Menu [2010/08/19 20:09:04 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\suzie\Templates [2010/08/19 20:09:04 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\suzie\Videos [2011/09/04 22:00:07 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Suzie-ADMIN\AppData [2011/09/05 15:38:08 | 000,000,000 | -H-D | M]
    O4 - Startup: C:\Users\Suzie-ADMIN\Application Data [2011/09/05 15:38:07 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Suzie-ADMIN\Cookies [2011/09/05 15:38:07 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Suzie-ADMIN\Desktop [2009/07/13 22:04:25 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Suzie-ADMIN\Documents [2011/09/05 15:38:07 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Suzie-ADMIN\Downloads [2009/07/13 22:04:25 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Suzie-ADMIN\Favorites [2009/07/13 22:04:25 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Suzie-ADMIN\Links [2009/07/13 22:04:25 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Suzie-ADMIN\Local Settings [2011/09/05 15:38:07 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Suzie-ADMIN\Music [2009/07/13 22:04:25 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Suzie-ADMIN\My Documents [2011/09/05 15:38:07 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Suzie-ADMIN\NetHood [2011/09/05 15:38:07 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Suzie-ADMIN\NTUSER.DAT ()
    O4 - Startup: C:\Users\Suzie-ADMIN\ntuser.dat.LOG1 ()
    O4 - Startup: C:\Users\Suzie-ADMIN\ntuser.dat.LOG2 ()
    O4 - Startup: C:\Users\Suzie-ADMIN\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf ()
    O4 - Startup: C:\Users\Suzie-ADMIN\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms ()
    O4 - Startup: C:\Users\Suzie-ADMIN\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms ()
    O4 - Startup: C:\Users\Suzie-ADMIN\ntuser.ini ()
    O4 - Startup: C:\Users\Suzie-ADMIN\Pictures [2009/07/13 22:04:25 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Suzie-ADMIN\PrintHood [2011/09/05 15:38:07 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Suzie-ADMIN\Recent [2011/09/05 15:38:07 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Suzie-ADMIN\Saved Games [2009/07/13 22:04:25 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\Suzie-ADMIN\SendTo [2011/09/05 15:38:07 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Suzie-ADMIN\Start Menu [2011/09/05 15:38:07 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Suzie-ADMIN\Templates [2011/09/05 15:38:07 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Suzie-ADMIN\Videos [2009/07/13 22:04:25 | 000,000,000 | R--D | M]
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\S-1-5-21-2650750833-1674276335-2823952790-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.8 208.67.222.222 208.67.220.220
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87C53C4F-D790-4F45-A120-FBE84E52FF8A}: DhcpNameServer = 192.168.10.8 208.67.222.222 208.67.220.220
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{973D2AF0-99E3-4E39-A034-36175B6EC7F8}: DhcpNameServer = 72.214.195.244 68.105.28.16
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/09/05 15:38:07 | 000,000,000 | R--D | C] -- C:\Users\Suzie-ADMIN\Videos
    [2011/09/05 15:38:07 | 000,000,000 | R--D | C] -- C:\Users\Suzie-ADMIN\Pictures
    [2011/09/05 15:38:07 | 000,000,000 | R--D | C] -- C:\Users\Suzie-ADMIN\Music
    [2011/09/05 15:38:07 | 000,000,000 | R--D | C] -- C:\Users\Suzie-ADMIN\Links
    [2011/09/05 15:38:07 | 000,000,000 | R--D | C] -- C:\Users\Suzie-ADMIN\Favorites
    [2011/09/05 15:38:07 | 000,000,000 | R--D | C] -- C:\Users\Suzie-ADMIN\Downloads
    [2011/09/05 15:38:07 | 000,000,000 | R--D | C] -- C:\Users\Suzie-ADMIN\Documents
    [2011/09/05 15:38:07 | 000,000,000 | R--D | C] -- C:\Users\Suzie-ADMIN\Desktop
    [2011/09/05 15:38:07 | 000,000,000 | -HSD | C] -- C:\Users\Suzie-ADMIN\Templates
    [2011/09/05 15:38:07 | 000,000,000 | -HSD | C] -- C:\Users\Suzie-ADMIN\Start Menu
    [2011/09/05 15:38:07 | 000,000,000 | -HSD | C] -- C:\Users\Suzie-ADMIN\SendTo
    [2011/09/05 15:38:07 | 000,000,000 | -HSD | C] -- C:\Users\Suzie-ADMIN\Recent
    [2011/09/05 15:38:07 | 000,000,000 | -HSD | C] -- C:\Users\Suzie-ADMIN\PrintHood
    [2011/09/05 15:38:07 | 000,000,000 | -HSD | C] -- C:\Users\Suzie-ADMIN\NetHood
    [2011/09/05 15:38:07 | 000,000,000 | -HSD | C] -- C:\Users\Suzie-ADMIN\My Documents
    [2011/09/05 15:38:07 | 000,000,000 | -HSD | C] -- C:\Users\Suzie-ADMIN\Local Settings
    [2011/09/05 15:38:07 | 000,000,000 | -HSD | C] -- C:\Users\Suzie-ADMIN\Cookies
    [2011/09/05 15:38:07 | 000,000,000 | -HSD | C] -- C:\Users\Suzie-ADMIN\Application Data
    [2011/09/05 15:38:07 | 000,000,000 | -H-D | C] -- C:\Users\Suzie-ADMIN\AppData
    [2011/09/05 15:38:07 | 000,000,000 | ---D | C] -- C:\Users\Suzie-ADMIN\Saved Games
    [2011/09/05 14:16:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/09/05 14:16:54 | 000,000,000 | -HSD | C] -- \$RECYCLE.BIN
    [2011/09/05 14:04:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/09/05 14:04:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/09/05 14:04:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/09/05 14:04:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/09/05 14:04:00 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/09/05 14:04:00 | 000,000,000 | ---D | C] -- \Qoobox
    [2011/09/05 10:42:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/09/04 22:08:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2011/09/04 21:24:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
    [2011/09/04 21:22:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders

    ========== Files - Modified Within 30 Days ==========

    [2011/09/05 15:46:41 | 000,015,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/09/05 15:46:41 | 000,015,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/09/05 15:43:47 | 000,617,460 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/09/05 15:43:47 | 000,104,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/09/05 15:39:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/09/05 15:39:18 | 1603,084,288 | -HS- | M] () -- C:\hiberfil.sys
    [2011/09/05 14:14:42 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/09/05 12:08:00 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2011/09/05 09:54:19 | 000,409,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011/09/04 21:46:49 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf

    ========== Files Created - No Company Name ==========

    [2011/09/05 15:38:07 | 000,000,290 | ---- | C] () -- C:\Users\Suzie-ADMIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
    [2011/09/05 15:38:07 | 000,000,272 | ---- | C] () -- C:\Users\Suzie-ADMIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
    [2011/09/05 14:04:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/09/05 14:04:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/09/05 14:04:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/09/05 14:04:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/09/05 14:04:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/09/05 12:08:00 | 000,001,112 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2011/09/05 12:08:00 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2011/09/04 21:46:49 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
    [2011/07/02 11:56:32 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
    [2011/07/02 11:56:27 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
    [2011/05/13 16:51:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/10/10 18:33:07 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
    [2010/08/19 23:03:38 | 1603,084,288 | -HS- | C] () -- \hiberfil.sys
    [2010/08/19 21:55:58 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
    [2010/08/19 20:17:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2009/09/23 19:16:08 | 002,050,952 | ---- | C] () -- C:\Windows\System32\igkrng400.bin
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
    [2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/14 00:33:53 | 000,409,752 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2009/07/13 22:05:48 | 000,617,460 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2009/07/13 22:05:48 | 000,104,702 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2009/07/13 22:04:04 | 000,000,024 | ---- | C] () -- \autoexec.bat
    [2009/07/13 22:04:04 | 000,000,010 | ---- | C] () -- \config.sys
    [2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
    [2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
    [2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

    ========== LOP Check ==========

    [2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data
    [2010/08/23 11:13:52 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonBJ
    [2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop
    [2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents
    [2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites
    [2010/10/10 18:32:57 | 000,000,000 | ---D | M] -- C:\Users\All Users\ScanSoft
    [2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu
    [2011/08/01 14:00:48 | 000,000,000 | ---D | M] -- C:\Users\All Users\Synaptics
    [2010/08/31 18:13:16 | 000,000,000 | ---D | M] -- C:\Users\All Users\TEMP
    [2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates
    [2010/11/08 11:32:44 | 000,000,000 | ---D | M] -- C:\Users\All Users\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/07/13 22:37:05 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
    [2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data
    [2009/07/13 22:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop
    [2009/07/14 00:53:55 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents
    [2009/07/13 22:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads
    [2009/07/13 22:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites
    [2009/07/13 22:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Links
    [2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings
    [2009/07/13 22:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Music
    [2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents
    [2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood
    [2009/07/13 22:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures
    [2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood
    [2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent
    [2009/07/13 22:04:25 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games
    [2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo
    [2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu
    [2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates
    [2009/07/13 22:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos
    [2011/09/05 14:16:46 | 000,000,000 | ---D | M] -- C:\Users\Public\AppData
    [2011/09/05 15:28:09 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
    [2009/07/14 00:53:55 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents
    [2009/07/14 00:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads
    [2009/07/13 22:04:25 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
    [2010/08/19 21:45:07 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
    [2009/07/14 00:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Music
    [2009/07/14 00:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures
    [2010/09/19 20:13:31 | 000,000,000 | R--D | M] -- C:\Users\Public\Recorded TV
    [2009/07/14 00:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos
    [2010/08/19 20:09:04 | 000,000,000 | -H-D | M] -- C:\Users\suzie\AppData
    [2010/08/19 20:09:04 | 000,000,000 | -HSD | M] -- C:\Users\suzie\Application Data
    [2011/09/04 22:00:07 | 000,000,000 | R--D | M] -- C:\Users\suzie\Contacts
    [2010/08/19 20:09:04 | 000,000,000 | -HSD | M] -- C:\Users\suzie\Cookies
    [2011/09/05 15:46:24 | 000,000,000 | R--D | M] -- C:\Users\suzie\Desktop
    [2011/09/04 22:00:07 | 000,000,000 | R--D | M] -- C:\Users\suzie\Documents
    [2011/09/05 14:00:31 | 000,000,000 | R--D | M] -- C:\Users\suzie\Downloads
    [2011/09/04 22:00:07 | 000,000,000 | R--D | M] -- C:\Users\suzie\Favorites
    [2011/09/04 22:00:07 | 000,000,000 | R--D | M] -- C:\Users\suzie\Links
    [2010/08/19 20:09:04 | 000,000,000 | -HSD | M] -- C:\Users\suzie\Local Settings
    [2011/09/04 22:00:07 | 000,000,000 | R--D | M] -- C:\Users\suzie\Music
    [2010/08/19 20:09:04 | 000,000,000 | -HSD | M] -- C:\Users\suzie\My Documents
    [2010/08/19 20:09:04 | 000,000,000 | -HSD | M] -- C:\Users\suzie\NetHood
    [2011/09/04 22:00:07 | 000,000,000 | R--D | M] -- C:\Users\suzie\Pictures
    [2010/08/19 20:09:04 | 000,000,000 | -HSD | M] -- C:\Users\suzie\PrintHood
    [2010/08/19 20:09:04 | 000,000,000 | -HSD | M] -- C:\Users\suzie\Recent
    [2011/09/04 22:00:07 | 000,000,000 | R--D | M] -- C:\Users\suzie\Saved Games
    [2011/09/04 22:00:07 | 000,000,000 | R--D | M] -- C:\Users\suzie\Searches
    [2010/08/19 20:09:04 | 000,000,000 | -HSD | M] -- C:\Users\suzie\SendTo
    [2010/08/19 20:09:04 | 000,000,000 | -HSD | M] -- C:\Users\suzie\Start Menu
    [2010/08/19 20:09:04 | 000,000,000 | -HSD | M] -- C:\Users\suzie\Templates
    [2011/09/04 22:00:07 | 000,000,000 | R--D | M] -- C:\Users\suzie\Videos
    [2011/09/05 15:38:08 | 000,000,000 | -H-D | M] -- C:\Users\Suzie-ADMIN\AppData
    [2011/09/05 15:38:07 | 000,000,000 | -HSD | M] -- C:\Users\Suzie-ADMIN\Application Data
    [2011/09/05 15:38:07 | 000,000,000 | -HSD | M] -- C:\Users\Suzie-ADMIN\Cookies
    [2009/07/13 22:04:25 | 000,000,000 | R--D | M] -- C:\Users\Suzie-ADMIN\Desktop
    [2011/09/05 15:38:07 | 000,000,000 | R--D | M] -- C:\Users\Suzie-ADMIN\Documents
    [2009/07/13 22:04:25 | 000,000,000 | R--D | M] -- C:\Users\Suzie-ADMIN\Downloads
    [2009/07/13 22:04:25 | 000,000,000 | R--D | M] -- C:\Users\Suzie-ADMIN\Favorites
    [2009/07/13 22:04:25 | 000,000,000 | R--D | M] -- C:\Users\Suzie-ADMIN\Links
    [2011/09/05 15:38:07 | 000,000,000 | -HSD | M] -- C:\Users\Suzie-ADMIN\Local Settings
    [2009/07/13 22:04:25 | 000,000,000 | R--D | M] -- C:\Users\Suzie-ADMIN\Music
    [2011/09/05 15:38:07 | 000,000,000 | -HSD | M] -- C:\Users\Suzie-ADMIN\My Documents
    [2011/09/05 15:38:07 | 000,000,000 | -HSD | M] -- C:\Users\Suzie-ADMIN\NetHood
    [2009/07/13 22:04:25 | 000,000,000 | R--D | M] -- C:\Users\Suzie-ADMIN\Pictures
    [2011/09/05 15:38:07 | 000,000,000 | -HSD | M] -- C:\Users\Suzie-ADMIN\PrintHood
    [2011/09/05 15:38:07 | 000,000,000 | -HSD | M] -- C:\Users\Suzie-ADMIN\Recent
    [2009/07/13 22:04:25 | 000,000,000 | ---D | M] -- C:\Users\Suzie-ADMIN\Saved Games
    [2011/09/05 15:38:07 | 000,000,000 | -HSD | M] -- C:\Users\Suzie-ADMIN\SendTo
    [2011/09/05 15:38:07 | 000,000,000 | -HSD | M] -- C:\Users\Suzie-ADMIN\Start Menu
    [2011/09/05 15:38:07 | 000,000,000 | -HSD | M] -- C:\Users\Suzie-ADMIN\Templates
    [2009/07/13 22:04:25 | 000,000,000 | R--D | M] -- C:\Users\Suzie-ADMIN\Videos
    [2011/07/26 09:47:17 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2011/09/05 14:16:44 | 000,010,456 | ---- | M] () -- C:\ComboFix.txt
    [2009/06/10 17:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2011/09/05 15:39:18 | 1603,084,288 | -HS- | M] () -- C:\hiberfil.sys
    [2011/09/05 15:39:21 | 2137,448,448 | -HS- | M] () -- C:\pagefile.sys
    [2010/08/19 20:17:04 | 000,000,520 | ---- | M] () -- C:\RHDSetup.log
    [2011/09/04 23:20:33 | 000,132,846 | ---- | M] () -- C:\TDSSKiller.2.5.17.0_04.09.2011_23.15.11_log.txt
    [2011/09/05 00:26:36 | 000,067,496 | ---- | M] () -- C:\TDSSKiller.2.5.17.0_05.09.2011_00.21.29_log.txt
    [2011/09/05 10:03:11 | 000,067,082 | ---- | M] () -- C:\TDSSKiller.2.5.17.0_05.09.2011_10.02.47_log.txt

    < %systemroot%\Fonts\*.com >
    [2009/07/14 00:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 00:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 00:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 00:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 17:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2009/07/13 21:15:05 | 000,071,168 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNBPP4.DLL
    [2007/04/02 01:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPD8U.DLL
    [2007/04/02 01:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPP8U.DLL
    [2009/07/13 21:15:26 | 000,280,064 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzppw71.dll
    [2009/07/13 21:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
    [2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll
    [2010/11/20 08:21:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\winprint.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/11/10 03:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 00:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/07/14 00:37:42 | 000,000,146 | -HS- | M] () -- C:\Users\Suzie-ADMIN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2011/09/04 21:56:42 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
    [2011/09/04 21:56:42 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
    [2011/09/04 21:56:42 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
    [2011/09/04 21:56:42 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
    [2011/09/04 21:56:42 | 000,786,432 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
    [2011/09/04 21:56:42 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 141 bytes -> C:\Users\All Users\TEMP:4220A65C
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:4220A65C

    < End of report >

    <<<<<<<<<<<<<<<<<<<<<<<<END of OTL.TXT>>>>>>>>>>>>>>>>>>>>>>>>>>>


    Extras.txt will follow in next message:

    Thanks
     
  8. moonbeams116

    moonbeams116 TS Rookie Topic Starter

    Extras.TXT contents:

    OTL Extras logfile created on: 9/5/2011 3:49:26 PM - Run 1
    OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\suzie\Desktop
    Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 64.26% Memory free
    3.98 Gb Paging File | 3.04 Gb Available in Paging File | 76.33% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 232.79 Gb Total Space | 201.23 Gb Free Space | 86.45% Space Free | Partition Type: NTFS

    Computer Name: SUZIE-LAPTOP | User Name: Suzie-ADMIN | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-2650750833-1674276335-2823952790-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP470_series" = Canon MP470 series
    "{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}" = Synaptics Gesture Suite featuring SYNAPTICS | Scrybe
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
    "{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
    "{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
    "{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B2B30EC0-FB6A-43BB-9B38-0C3B32D75B40}_is1" = Sony Download Taxi 1.5.0.0
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DB1C9CB7-DF65-4991-BD17-71BF9CD15BA0}" = VAIO Help and Support
    "{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "14405F5FB42536F84680E6382D018B93D673233A" = Windows Driver Package - Sony Corporation (SFEP) HIDClass (05/21/2009 8.0.1.1)
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Canon MP470 series User Registration" = Canon MP470 series User Registration
    "CanonMyPrinter" = Canon My Printer
    "CanonSolutionMenu" = Canon Utilities Solution Menu
    "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
    "Foxit Creator" = Foxit Creator
    "Foxit Reader" = Foxit Reader
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "Microsoft Security Client" = Microsoft Security Essentials
    "Mozilla Firefox 6.0.1 (x86 en-US)" = Mozilla Firefox 6.0.1 (x86 en-US)
    "MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "TVWiz" = Intel(R) TV Wizard
    "ULTIMATER" = Microsoft Office Ultimate 2007
    "WinLiveSuite" = Windows Live Essentials

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 9/5/2011 10:05:30 AM | Computer Name = suzie-laptop | Source = PerfNet | ID = 2002
    Description =

    Error - 9/5/2011 10:31:09 AM | Computer Name = suzie-laptop | Source = PerfNet | ID = 2004
    Description =

    Error - 9/5/2011 10:31:09 AM | Computer Name = suzie-laptop | Source = PerfNet | ID = 2002
    Description =

    Error - 9/5/2011 10:43:55 AM | Computer Name = suzie-laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 9/5/2011 10:43:56 AM | Computer Name = suzie-laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 9/5/2011 2:44:30 PM | Computer Name = suzie-laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 9/5/2011 2:47:50 PM | Computer Name = suzie-laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 9/5/2011 2:47:50 PM | Computer Name = suzie-laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 9/5/2011 2:48:29 PM | Computer Name = suzie-laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 9/5/2011 2:48:32 PM | Computer Name = suzie-laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    [ Media Center Events ]
    Error - 12/2/2010 12:45:39 AM | Computer Name = suzie-laptop | Source = MCUpdate | ID = 0
    Description = 11:45:38 PM - Error connecting to the internet. 11:45:38 PM - Unable
    to contact server..

    Error - 1/21/2011 2:34:19 PM | Computer Name = suzie-laptop | Source = MCUpdate | ID = 0
    Description = 1:34:18 PM - Error connecting to the internet. 1:34:18 PM - Unable
    to contact server..

    Error - 3/30/2011 8:27:24 AM | Computer Name = suzie-laptop | Source = MCUpdate | ID = 0
    Description = 8:27:24 AM - Error connecting to the internet. 8:27:24 AM - Unable
    to contact server..

    Error - 3/30/2011 8:27:31 AM | Computer Name = suzie-laptop | Source = MCUpdate | ID = 0
    Description = 8:27:29 AM - Error connecting to the internet. 8:27:29 AM - Unable
    to contact server..

    Error - 4/10/2011 12:49:24 PM | Computer Name = suzie-laptop | Source = MCUpdate | ID = 0
    Description = 12:49:24 PM - Error connecting to the internet. 12:49:24 PM - Unable
    to contact server..

    Error - 5/8/2011 10:42:58 AM | Computer Name = suzie-laptop | Source = MCUpdate | ID = 0
    Description = 10:42:49 AM - Error connecting to the internet. 10:42:57 AM - Unable
    to contact server..

    Error - 7/13/2011 4:06:12 PM | Computer Name = suzie-laptop | Source = MCUpdate | ID = 0
    Description = 4:06:12 PM - Error connecting to the internet. 4:06:12 PM - Unable
    to contact server..

    Error - 7/13/2011 4:06:20 PM | Computer Name = suzie-laptop | Source = MCUpdate | ID = 0
    Description = 4:06:17 PM - Error connecting to the internet. 4:06:17 PM - Unable
    to contact server..

    Error - 7/28/2011 10:38:35 AM | Computer Name = suzie-laptop | Source = MCUpdate | ID = 0
    Description = 10:38:35 AM - Error connecting to the internet. 10:38:35 AM - Unable
    to contact server..

    Error - 8/19/2011 7:25:14 AM | Computer Name = suzie-laptop | Source = MCUpdate | ID = 0
    Description = 7:25:14 AM - Error connecting to the internet. 7:25:14 AM - Unable
    to contact server..

    [ OSession Events ]
    Error - 2/22/2011 8:48:25 PM | Computer Name = suzie-laptop | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 26321
    seconds with 8880 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 5/23/2011 5:07:34 PM | Computer Name = suzie-laptop | Source = DCOM | ID = 10010
    Description =

    Error - 5/25/2011 6:02:41 PM | Computer Name = suzie-laptop | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.105.394.0 Update Source: %%859 Update Stage:
    %%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

    User:
    NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6903.0 Error
    code: 0x8024402c Error description: An unexpected problem occurred while checking
    for updates. For information on installing or troubleshooting updates, see Help
    and Support.

    Error - 5/26/2011 11:08:24 PM | Computer Name = suzie-laptop | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 10:03:14 PM on ?5/?26/?2011 was unexpected.

    Error - 5/30/2011 2:04:26 PM | Computer Name = suzie-laptop | Source = DCOM | ID = 10010
    Description =

    Error - 5/31/2011 7:39:26 PM | Computer Name = suzie-laptop | Source = DCOM | ID = 10010
    Description =

    Error - 5/31/2011 8:22:08 PM | Computer Name = suzie-laptop | Source = ACPI | ID = 327693
    Description = : The embedded controller (EC) did not respond within the specified
    timeout period. This may indicate that there is an error in the EC hardware or
    firmware or that the BIOS is accessing the EC incorrectly. You should check with
    your computer manufacturer for an upgraded BIOS. In some situations, this error
    may cause the computer to function incorrectly.

    Error - 6/1/2011 11:48:32 PM | Computer Name = suzie-laptop | Source = DCOM | ID = 10010
    Description =

    Error - 6/1/2011 11:49:06 PM | Computer Name = suzie-laptop | Source = DCOM | ID = 10010
    Description =

    Error - 6/1/2011 11:49:06 PM | Computer Name = suzie-laptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80080005: Update for Windows 7 (KB2534366).

    Error - 6/2/2011 10:41:07 AM | Computer Name = suzie-laptop | Source = Service Control Manager | ID = 7034
    Description = The Bonjour Service service terminated unexpectedly. It has done
    this 1 time(s).


    < End of report >


    Thanks Again...

    S
     
  9. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    ==============================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      @Alternate Data Stream - 141 bytes -> C:\Users\All Users\TEMP:4220A65C
      @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:4220A65C
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =========================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  10. moonbeams116

    moonbeams116 TS Rookie Topic Starter

    OTL Log

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
    ADS C:\Users\All Users\TEMP:4220A65C deleted successfully.
    Unable to delete ADS C:\ProgramData\TEMP:4220A65C .
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: suzie
    ->Temp folder emptied: 116017 bytes
    ->Temporary Internet Files folder emptied: 83581988 bytes
    ->Java cache emptied: 2135375 bytes
    ->FireFox cache emptied: 68504858 bytes
    ->Flash cache emptied: 167643 bytes

    User: Suzie-ADMIN
    ->Temp folder emptied: 190317 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->FireFox cache emptied: 13209090 bytes
    ->Flash cache emptied: 456 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 540250 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 161.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: suzie
    ->Flash cache emptied: 0 bytes

    User: Suzie-ADMIN
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.27.0 log created on 09052011_174024

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
    <<<<<<<<<<<<<<<<<<<<<end of OTL Log>>>>>>>>>>>>>>>>>>>>>>>>>>


    Security Check Log:

    Results of screen317's Security Check version 0.99.7
    Windows 7 Service Pack 1 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Microsoft Security Essentials
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Java(TM) 6 Update 27
    Out of date Java installed!
    Adobe Flash Player 10.1.82.76
    Mozilla Firefox (x86 en-US..) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    Microsoft Security Client Antimalware NisSrv.exe
    Microsoft Security Client Antimalware MsMpEng.exe
    ``````````End of Log````````````


    <<<<<<<<<<<<<<<<end of Security Check log>>>>>>>>>>>>>>>>>>>>>;

    ESET found nothing and did not produce a log.

    Will be rebooting and off-line until later ... Traveling back to School.

    Thanks Again

    S
     
  11. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  12. moonbeams116

    moonbeams116 TS Rookie Topic Starter

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: suzie
    ->Temp folder emptied: 1906 bytes
    ->Temporary Internet Files folder emptied: 43107 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 23010544 bytes
    ->Flash cache emptied: 456 bytes

    User: Suzie-ADMIN
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 28958429 bytes
    ->Flash cache emptied: 456 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 3314 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 50.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: suzie
    ->Flash cache emptied: 0 bytes

    User: Suzie-ADMIN
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb



    OTL by OldTimer - Version 3.2.27.0 log created on 09062011_173032

    Files\Folders moved on Reboot...
    File\Folder C:\Users\suzie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{6376C49B-E07D-4F67-9FED-BA6F7D9FB60A}.tmp not found!
    File\Folder C:\Users\suzie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{8CF47183-84A9-4E86-BF37-BDEF338757E3}.tmp not found!

    Registry entries deleted on Reboot...
     
  13. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Whenever ready....
     
  14. moonbeams116

    moonbeams116 TS Rookie Topic Starter

    Sorry, it's been hectic here the past two days, the computer seems to be doing fine, nothing strange is occurring.

    Thanks again for the help, I appreciate it!
    S.
     
  15. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Way to go!! [​IMG]
    Good luck and stay safe :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...