IE pop-up ads when using firefox

Solved
By BobDylan
Oct 18, 2010
Topic Status:
Not open for further replies.
  1. Hi there,

    I have searched the world wide web about this problem. It seems that it has also happened to others, but I haven't really found a solution that works!

    Basically, when I am using the internet (I always use firefox) ads in Internet Explorer pop up. It's very annoying and I'm guessing it's a bug. I've noticed that my computer is acting a little strangely now too.

    I have Windows 7 and also have Norton 360 which I paid for when I got my laptop (an HP Pavilion Entertainment PC) (SD.MA/Pro.MMC.XD).

    Norton found a few things wrong with it. Since I have had these problems, I have also done scans with 'SuperAntiSpyware Free Edition', 'Spybot Search and Destroy', 'Spyware Terminator'. All of which found two or three things which they have now removed (I think).

    I have just this second done a McAfee Security Plus Scan and it says it found:

    "One dangerous website. These websites put your computer and personal identity at rick:

    (then a bullet point here:) licenseaquisition.org."

    I have no idea what that means or what that website is. I have clicked on 'Fix Now' but it's not responding.

    As add-on extentions I have are: 'Adblock Plus 1.2.2', 'Adobe DLM 1.6.2.91', 'Crawler toolbar 1.3', 'Java console 6.0.21', 'Java console 6.0.20', 'Norton IPS 1.0', 'Norton Toolbar 3.7.2', 'No Script 2.0.3.3', 'Vshare plugin 1.0.0', 'vuze remote toolbar 2.7.2.0'.

    That bad news is that I'm pretty clueless with computers, so most of the stuff I said above I barely understand!

    Another thing I have noticed is that on youtube it says: "Hello, you seem to have JavaScript turned off. Please enable it to see search results properly." But when I go to 'Tools', 'options', 'content', 'Enable JavaScript' has it's box ticked, which surely would mean it is turned on?! This has only happened since my computer has been acting weirdly.

    Any help really would be hugely appreaciated. Please please please!
  2. BobDylan

    BobDylan TechSpot Enthusiast Topic Starter Posts: 114

    Hi, me again. I have read about this 'HijjackThis' thing, so have done a scan and will post the results below.

    When I did a HijackThis scan it instantly said:
    "For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, HijackThis may NOT be able to fix this. If this happens you need to edit the file yourself. To do this...." etc etc

    Then it opened Notepad saying:
    "Cannot find the C:\ProgrameFiles (x86)\TrendMicro\HijackThis\hyjackthis.log.file
    Do you want to create a new file?"

    I clicked on Yes, which didn't seem to do anything.

    Below is the scan (I think)


    * Trend Micro HijackThis v2.0.4 *


    See bottom for version history.

    The different sections of hijacking possibilities have been separated into the following groups.
    You can get more detailed information about an item by selecting it from the list of found items OR highlighting the relevant line below, and clicking 'Info on selected item'.

    R - Registry, StartPage/SearchPage changes
    R0 - Changed registry value
    R1 - Created registry value
    R2 - Created registry key
    R3 - Created extra registry value where only one should be
    F - IniFiles, autoloading entries
    F0 - Changed inifile value
    F1 - Created inifile value
    F2 - Changed inifile value, mapped to Registry
    F3 - Created inifile value, mapped to Registry
    N - Netscape/Mozilla StartPage/SearchPage changes
    N1 - Change in prefs.js of Netscape 4.x
    N2 - Change in prefs.js of Netscape 6
    N3 - Change in prefs.js of Netscape 7
    N4 - Change in prefs.js of Mozilla
    O - Other, several sections which represent:
    O1 - Hijack of auto.search.msn.com with Hosts file
    O2 - Enumeration of existing MSIE BHO's
    O3 - Enumeration of existing MSIE toolbars
    O4 - Enumeration of suspicious autoloading Registry entries
    O5 - Blocking of loading Internet Options in Control Panel
    O6 - Disabling of 'Internet Options' Main tab with Policies
    O7 - Disabling of Regedit with Policies
    O8 - Extra MSIE context menu items
    O9 - Extra 'Tools' menuitems and buttons
    O10 - Breaking of Internet access by New.Net or WebHancer
    O11 - Extra options in MSIE 'Advanced' settings tab
    O12 - MSIE plugins for file extensions or MIME types
    O13 - Hijack of default URL prefixes
    O14 - Changing of IERESET.INF
    O15 - Trusted Zone Autoadd
    O16 - Download Program Files item
    O17 - Domain hijack
    O18 - Enumeration of existing protocols and filters
    O19 - User stylesheet hijack
    O20 - AppInit_DLLs autorun Registry value, Winlogon Notify Registry keys
    O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key
    O22 - SharedTaskScheduler autorun Registry key
    O23 - Enumeration of NT Services
    O24 - Enumeration of ActiveX Desktop Components

    Command-line parameters:
    * /autolog - automatically scan the system, save a logfile and open it
    * /ihatewhitelists - ignore all internal whitelists
    * /uninstall - remove all HijackThis Registry entries, backups and quit
    * /silentautuolog - the same as /autolog, except with no required user intervention

    * Version history *

    [v2.0.4]
    * Fixed parser issues on winlogon notify
    * Fixed issues to handle certain environment variables
    * Rename HJT generates complete scan log
    [v2.00.0]
    * AnalyzeThis added for log file statistics
    * Recognizes Windows Vista and IE7
    * Fixed a few bugs in the O23 method
    * Fixed a bug in the O22 method (SharedTaskScheduler)
    * Did a few tweaks on the log format
    * Fixed and improved ADS Spy
    * Improved Itty Bitty Procman (processes are frozen before they are killed)
    * Added listing of O4 autoruns from other users
    * Added listing of the Policies Run items in O4 method, used by SmitFraud trojan
    * Added /silentautolog parameter for system admins
    * Added /deleteonreboot [file] parameter for system admins
    * Added O24 - ActiveX Desktop Components enumeration
    * Added Enhanced Security Confirguration (ESC) Zones to O15 Trusted Sites check
    [v1.99.1]
    * Added Winlogon Notify keys to O20 listing
    * Fixed crashing bug on certain Win2000 and WinXP systems at O23 listing
    * Fixed lots and lots of 'unexpected error' bugs
    * Fixed lots of inproper functioning bugs (i.e. stuff that didn't work)
    * Added 'Delete NT Service' function in Misc Tools section
    * Added ProtocolDefaults to O15 listing
    * Fixed MD5 hashing not working
    * Fixed 'ISTSVC' autorun entries with garbage data not being fixed
    * Fixed HijackThis uninstall entry not being updated/created on new versions
    * Added Uninstall Manager in Misc Tools to manage 'Add/Remove Software' list
    * Added option to scan the system at startup, then show results or quit if nothing found
    [v1.99]
    * Added O23 (NT Services) in light of newer trojans
    * Integrated ADS Spy into Misc Tools section
    * Added 'Action taken' to info in 'More info on this item'
    [v1.98]
    * Definitive support for Japanese/Chinese/Korean systems
    * Added O20 (AppInit_DLLs) in light of newer trojans
    * Added O21 (ShellServiceObjectDelayLoad, SSODL) in light of newer trojans
    * Added O22 (SharedTaskScheduler) in light of newer trojans
    * Backups of fixed items are now saved in separate folder
    * HijackThis now checks if it was started from a temp folder
    * Added a small process manager (Misc Tools section)
    [v1.96]
    * Lots of bugfixes and small enhancements! Among others:
    * Fix for Japanese IE toolbars
    * Fix for searchwww.com fake CLSID trick in IE toolbars and BHO's
    * Attributes on Hosts file will now be restored when scanning/fixing/restoring it.
    * Added several files to the LSP whitelist
    * Fixed some issues with incorrectly re-encrypting data, making R0/R1 go undetected until a restart
    * All sites in the Trusted Zone are now shown, with the exception of those on the nonstandard but safe domain list
    [v1.95]
    * Added a new regval to check for from Whazit hijack (Start Page_bak).
    * Excluded IE logo change tweak from toolbar detection (BrandBitmap and SmBrandBitmap).
    * New in logfile: Running processes at time of scan.
    * Checkmarks for running StartupList with /full and /complete in HijackThis UI.
    * New O19 method to check for Datanotary hijack of user stylesheet.
    * Google.com IP added to whitelist for Hosts file check.
    [v1.94]
    * Fixed a bug in the Check for Updates function that could cause corrupt downloads on certain systems.
    * Fixed a bug in enumeration of toolbars (Lop toolbars are now listed!).
    * Added imon.dll, drwhook.dll and wspirda.dll to LSP safelist.
    * Fixed a bug where DPF could not be deleted.
    * Fixed a stupid bug in enumeration of autostarting shortcuts.
    * Fixed info on Netscape 6/7 and Mozilla saying '%shitbrowser%' (oops).
    * Fixed bug where logfile would not auto-open on systems that don't have .log filetype registered.
    * Added support for backing up F0 and F1 items (d'oh!).
    [v1.93]
    * Added mclsp.dll (McAfee), WPS.DLL (Sygate Firewall), zklspr.dll (Zero Knowledge) and mxavlsp.dll (OnTrack) to LSP safelist.
    * Fixed a bug in LSP routine for Win95.
    * Made taborder nicer.
    * Fixed a bug in backup/restore of IE plugins.
    * Added UltimateSearch hijack in O17 method (I think).
    * Fixed a bug with detecting/removing BHO's disabled by BHODemon.
    * Also fixed a bug in StartupList (now version 1.52.1).
    [v1.92]
    * Fixed two stupid bugs in backup restore function.
    * Added DiamondCS file to LSP files safelist.
    * Added a few more items to the protocol safelist.
    * Log is now opened immediately after saving.
    * Removed rd.yahoo.com from NSBSD list (spammers are starting to use this, no doubt spyware authors will follow).
    * Updated integrated StartupList to v1.52.
    * In light of SpywareNuker/BPS Spyware Remover, any strings relevant to reverse-engineers are now encrypted.
    * Rudimentary proxy support for the Check for Updates function.
    [v1.91]
    * Added rd.yahoo.com to the Nonstandard But Safe Domains list.
    * Added 8 new protocols to the protocol check safelist, as well as showing the file that handles the protocol in the log (O18).
    * Added listing of programs/links in Startup folders (O4).
    * Fixed 'Check for Update' not detecting new versions.
    [v1.9]
    * Added check for Lop.com 'Domain' hijack (O17).
    * Bugfix in URLSearchHook (R3) fix.
    * Improved O1 (Hosts file) check.
    * Rewrote code to delete BHO's, fixing a really nasty bug with orphaned BHO keys.
    * Added AutoConfigURL and proxyserver checks (R1).
    * IE Extensions (Button/Tools menuitem) in HKEY_CURRENT_USER are now also detected.
    * Added check for extra protocols (O18).
    [v1.81]
    * Added 'ignore non-standard but safe domains' option.
    * Improved Winsock LSP hijackers detection.
    * Integrated StartupList updated to v1.4.
    [v1.8]
    * Fixed a few bugs.
    * Adds detecting of free.aol.com in Trusted Zone.
    * Adds checking of URLSearchHooks key, which should have only one value.
    * Adds listing/deleting of Download Program Files.
    * Integrated StartupList into the new 'Misc Tools' section of the Config screen!
    [v1.71]
    * Improves detecting of O6.
    * Some internal changes/improvements.
    [v1.7]
    * Adds backup function! Yay!
    * Added check for default URL prefix
    * Added check for changing of IERESET.INF
    * Added check for changing of Netscape/Mozilla homepage and default search engine.
    [v1.61]
    * Fixes Runtime Error when Hosts file is empty.
    [v1.6]
    * Added enumerating of MSIE plugins
    * Added check for extra options in 'Advanced' tab of 'Internet Options'.
    [v1.5]
    * Adds 'Uninstall & Exit' and 'Check for update online' functions.
    * Expands enumeration of autoloading Registry entries (now also scans for .vbs, .js, .dll, rundll32 and service)
    [v1.4]
    * Adds repairing of broken Internet access (aka Winsock or LSP fix) by New.Net/WebHancer
    * A few bugfixes/enhancements
    [v1.3]
    * Adds detecting of extra MSIE context menu items
    * Added detecting of extra 'Tools' menu items and extra buttons
    * Added 'Confirm deleting/ignoring items' checkbox
    [v1.2]
    * Adds 'Ignorelist' and 'Info' functions
    [v1.1]
    * Supports BHO's, some default URL changes
    [v1.0]
    * Original release

    A good thing to do after version updates is clear your Ignore list and re-add them, as the format of detected items sometimes changes.
  3. BobDylan

    BobDylan TechSpot Enthusiast Topic Starter Posts: 114

    I am up to Step 3.

    I can't download 'Malwarebytes Anti-Malware' as when I click to download it, it directs me automatically to a blank white page which says "Files.Crunch.com will be here soon" "Windows and Mac0S Downloads and Drivers"
  4. BobDylan

    BobDylan TechSpot Enthusiast Topic Starter Posts: 114

    Okay, I have done step 5 'DDS'.

    I am not sure how to show you guys the Notepad files without just copy and pasting what is in them?
  5. BobDylan

    BobDylan TechSpot Enthusiast Topic Starter Posts: 114

    DDS (Ver_10-10-10.03) - NTFS_AMD64
    Run by owner at 17:07:33.93 on 18/10/2010
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2812.1627 [GMT 1:00]

    SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
    SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\SysWOW64\svchost.exe -k netsvcs
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
    C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\system32\taskeng.exe
    c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files (x86)\ClickPotatoLite\bin\10.0.530.0\ClickPotatoLiteSA.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\PROGRA~2\Crawler\Toolbar\CToolbar.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\owner\Downloads\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cnnb
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cnnb
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cnnb
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cnnb
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
    mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\IPSBHO.DLL
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
    BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\coIEPlg.dll
    TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll
    uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    uRun: [SpywareTerminatorUpdate] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe"
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
    mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
    mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [ClickPotatoLiteSA] "C:\Program Files (x86)\ClickPotatoLite\bin\10.0.530.0\ClickPotatoLiteSA.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    uPolicies-system: WallpaperStyle = 2
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: HideFastUserSwitching = 0 (0x0)
    dPolicies-system: WallpaperStyle = 2
    IE: Crawler Search - tbr:iemenu
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
    IE: {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} - {7A3D6D17-9DD5-4C60-8076-D1784DABAF8C} - C:\Program Files (x86)\ClickPotatoLite\bin\10.0.530.0\ClickPotatoLiteSABHO.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\CoIEPlg.dll
    Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll
    SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    TB-X64: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
    TB-X64: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
    mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    mRun-x64: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

    ================= FIREFOX ===================

    FF - ProfilePath - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\tjsh4d9s.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Web Search...
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&q=
    FF - component: C:\Program Files (x86)\Crawler\Toolbar\firefox\components\xcomm.dll
    FF - component: C:\Program Files (x86)\Crawler\Toolbar\firefox\components\xshared.dll
    FF - component: C:\Program Files (x86)\Crawler\Toolbar\firefox\components\xsupport.dll
    FF - component: C:\Program Files (x86)\Crawler\Toolbar\firefox\components\xwsg.dll
    FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
    FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
    FF - component: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\tjsh4d9s.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
    FF - component: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\tjsh4d9s.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

    ============= SERVICES / DRIVERS ===============

    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0308000.029\SymEFA64.sys [2010-2-3 402992]
    R1 BHDrvx64;Symantec Heuristics Driver;C:\Windows\System32\drivers\N360x64\0308000.029\BHDrvx64.sys [2010-2-3 334384]
    R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\N360x64\0308000.029\cchpx64.sys [2010-2-3 583296]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20101015.003\IDSviA64.sys [2010-10-13 476720]
    R1 RapportKE64;RapportKE64;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportKE64.sys [2010-10-3 63472]
    R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportPG64.sys [2010-10-3 56816]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
    R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-10-16 89600]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-7-2 203264]
    R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 27136]
    R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2009-7-8 30520]
    R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2010-2-3 117640]
    R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-10-3 767208]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-10-17 1153368]
    R2 sp_rsdrv2;Spyware Terminator Driver Filter;C:\Windows\System32\drivers\stflt.sys [2010-7-7 50696]
    R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-15 227896]
    R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2009-6-29 70656]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-5-26 132656]
    R3 RapportLaunService;Rapport Launching Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe [2010-10-3 526320]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-10-16 215040]
    R3 SYMNDISV;Symantec Network Filter Driver;C:\Windows\System32\drivers\N360x64\0308000.029\symndisv.sys [2010-2-3 56880]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2009-10-16 36408]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-24 135664]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-30 1255736]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]

    =============== Created Last 30 ================

    2010-10-18 14:58:12 -------- d-----w- C:\PROGRA~3\McAfee Security Scan
    2010-10-18 14:58:09 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
    2010-10-18 14:39:24 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
    2010-10-18 14:39:22 286768 ----a-w- C:\Windows\System32\drivers\SynTP.sys
    2010-10-18 14:39:22 107816 ----a-w- C:\Windows\SysWow64\SynTPCOM.dll
    2010-10-18 14:39:21 261928 ----a-w- C:\Windows\System32\SynCtrl.dll
    2010-10-18 14:39:21 206120 ----a-w- C:\Windows\SysWow64\SynCtrl.dll
    2010-10-18 14:39:21 169256 ----a-w- C:\Windows\SysWow64\SynCOM.dll
    2010-10-17 21:14:28 -------- d-----w- C:\Program Files (x86)\Crawler
    2010-10-17 21:14:24 -------- d-----w- C:\Users\owner\AppData\Roaming\Spyware Terminator
    2010-10-17 21:14:23 -------- d-----w- C:\PROGRA~3\Spyware Terminator
    2010-10-17 21:14:22 -------- d-----w- C:\Program Files (x86)\Spyware Terminator
    2010-10-17 20:38:58 388096 ----a-r- C:\Users\owner\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-10-17 20:38:58 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2010-10-17 19:57:02 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2010-10-17 19:57:02 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
    2010-10-13 19:12:26 -------- d-----w- C:\Users\owner\AppData\Roaming\SUPERAntiSpyware.com
    2010-10-13 19:12:26 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com
    2010-10-13 19:12:20 -------- d-----w- C:\PROGRA~3\!SASCORE
    2010-10-13 19:12:18 -------- d-----w- C:\Program Files\SUPERAntiSpyware
    2010-10-13 17:18:10 -------- d-----w- C:\Users\owner\AppData\Roaming\Registry Mechanic
    2010-10-10 20:12:56 815104 ----a-w- C:\Windows\SysWow64\xvidcore.dll
    2010-10-10 20:12:56 77824 ----a-w- C:\Windows\SysWow64\xvid.ax
    2010-10-10 20:12:56 180224 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
    2010-10-10 20:12:56 -------- d-----w- C:\Program Files (x86)\Xvid
    2010-10-10 20:12:07 87344 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll
    2010-10-10 20:12:05 -------- d-----w- C:\PROGRA~3\ClickPotatoLiteSA
    2010-10-10 20:12:03 -------- d-----w- C:\Users\owner\AppData\Roaming\ClickPotatoLite
    2010-10-10 20:12:03 -------- d-----w- C:\Program Files (x86)\ClickPotatoLite
    2010-09-29 09:43:03 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
    2010-09-29 09:43:03 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
    2010-09-29 08:50:15 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2010-09-29 08:50:15 2048 ----a-w- C:\Windows\System32\tzres.dll
    2010-09-29 08:49:47 13312 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
    2010-09-29 08:49:47 13312 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
    2010-09-19 14:56:55 -------- d-----w- C:\PROGRA~3\LightScribe

    ==================== Find3M ====================

    2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
    2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
    2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
    2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
    2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
    2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
    2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
    2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
    2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll
    2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
    2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
    2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
    2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll
    2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
    2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
    2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll
    2010-08-21 06:31:06 633856 ----a-w- C:\Windows\System32\comctl32.dll
    2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe
    2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
    2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
    2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
    2010-07-29 06:30:34 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll

    ============= FINISH: 17:08:17.09 ===============
  6. BobDylan

    BobDylan TechSpot Enthusiast Topic Starter Posts: 114

    DDS (Ver_10-10-10.03)

    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 22/12/2009 16:10:07
    System Uptime: 18/10/2010 16:50:42 (1 hours ago)

    Motherboard: Quanta | | 3635
    Processor: AMD Athlon(tm) II Dual-Core M320 | Socket S1G3 | 2100/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 219 GiB total, 129.989 GiB free.
    D: is FIXED (NTFS) - 13 GiB total, 2.224 GiB free.
    E: is CDROM (UDF)

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP115: 19/09/2010 19:27:18 - Windows Backup
    RP116: 26/09/2010 19:00:04 - Windows Backup
    RP117: 29/09/2010 10:42:45 - Windows Update
    RP118: 03/10/2010 19:00:04 - Windows Backup
    RP119: 08/10/2010 13:02:31 - Windows Update
    RP120: 10/10/2010 21:06:37 - Windows Backup
    RP121: 13/10/2010 09:45:24 - Windows Update
    RP122: 13/10/2010 20:05:18 - Installed Rapport
    RP123: 17/10/2010 20:42:49 - Windows Backup
    RP124: 17/10/2010 21:38:29 - Installed HiJackThis
    RP125: 18/10/2010 11:20:25 - Spyware Terminator - restore point
    RP126: 18/10/2010 15:23:07 - HPSF Applying updates

    ==== Installed Programs ======================

    Acrobat.com
    Activate Norton Online Backup
    ActiveCheck component for HP Active Support Library
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.3.4 MUI
    AMD USB Filter Driver
    Apple Application Support
    Apple Software Update
    Atheros Driver Installation Program
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    ClickPotato
    Compatibility Pack for the 2007 Office system
    Crawler Toolbar with Web Security Guard
    CyberLink DVD Suite
    Efficient WMA MP3 Converter v0.99.7
    Football Manager 2010
    Google Chrome
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    HiJackThis
    HP Advisor
    HP Customer Experience Enhancements
    HP Games
    HP MediaSmart DVD
    HP MediaSmart Internet TV
    HP MediaSmart Live TV
    HP MediaSmart Movie Themes
    HP MediaSmart Music/Photo/Video
    HP MediaSmart Software Notebook Demo
    HP MediaSmart Webcam
    HP Quick Launch Buttons
    HP Setup
    HP Support Assistant
    HP Update
    HP User Guides 0154
    HP Wireless Assistant
    HPAsset component for HP Active Support Library
    IDT Audio
    Java Auto Updater
    Java(TM) 6 Update 21
    LabelPrint
    LightScribe System Software
    Magic Desktop
    McAfee Security Scan Plus
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Works
    Mozilla Firefox (3.6.10)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Norton 360
    PCFriendly
    Power2Go
    PowerDirector
    PowerRecover
    QLBCASL
    QuickTime
    Rapport
    Realtek 8136 8168 8169 Ethernet Driver
    Realtek USB 2.0 Card Reader
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for 2007 Microsoft Office System (KB982312)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Spotify
    Spybot - Search & Destroy
    Spyware Terminator
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Vuze
    Vuze_Remote Toolbar
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Media Player Firefox Plugin
    WinRAR archiver
    Xvid 1.2.1 final uninstall

    ==== Event Viewer Messages From Past Week ========

    13/10/2010 21:16:52, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
    12/10/2010 22:01:43, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the hpqwmiex service to connect.
    12/10/2010 22:01:43, Error: Service Control Manager [7000] - The hpqwmiex service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/10/2010 22:01:43, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service hpqwmiex with arguments "" in order to run the server: {F5539356-2F02-40D4-999E-FA61F45FE12E}

    ==== End Of File ===========================
  7. BobDylan

    BobDylan TechSpot Enthusiast Topic Starter Posts: 114

    Okay, here is the results from Step 3:

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4874

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    18/10/2010 17:31:09
    mbam-log-2010-10-18 (17-31-09).txt

    Scan type: Quick scan
    Objects scanned: 141332
    Time elapsed: 5 minute(s), 33 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 1
    Registry Keys Infected: 23
    Registry Values Infected: 2
    Registry Data Items Infected: 0
    Folders Infected: 9
    Files Infected: 17

    Memory Processes Infected:
    C:\Program Files (x86)\ClickPotatoLite\bin\10.0.530.0\ClickPotatoLiteSA.exe (Adware.ClickPotato) -> Unloaded process successfully.

    Memory Modules Infected:
    c:\program files (x86)\clickpotatolite\bin\10.0.530.0\clickpotatolitesahook.dll (Adware.ClickPotato) -> Delete on reboot.

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\clickpotatoliteax.info (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{c55ca95c-324b-451c-b2d2-6e895aa75fec} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{1602f07d-8bf3-4c08-bdd6-dddb1c48aedc} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602f07d-8bf3-4c08-bdd6-dddb1c48aedc} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{ac6d819e-aa8f-4418-a3bb-d165c1b18bb5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ac6d819e-aa8f-4418-a3bb-d165c1b18bb5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\clickpotatoliteax.info.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\clickpotatoliteax.userprofiles (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\clickpotatoliteax.userprofiles.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\menubuttonie.buttonie (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{814baa91-dc22-4350-87d6-0c86e93f7f08} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{419eda30-6dff-432c-b534-e15d899abee4} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7a3d6d17-9dd5-4c60-8076-d1784dabaf8c} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\menubuttonie.buttonie.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{11c27351-716b-4052-9361-e3b0a3f8221c} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{b58926d6-cfb0-45d2-9c28-4b5a0f0368ae} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a078f691-9c07-4af2-bf43-35e79eecf8b7} (Adware.Softomate) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{b58926d6-cfb0-45d2-9c28-4b5a0f0368ae} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-cd68-4f36-8d02-8c43722ee5da} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\clickpotatolite@clickpotatolite.com (Adware.ClickPotato) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\ProgramData\ClickPotatoLiteSA (Adware.ClickPotato) -> Quarantined and deleted successfully.
    C:\Users\owner\AppData\Roaming\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\ClickPotatoLite (Adware.ClickPotato) -> Delete on reboot.
    C:\Program Files (x86)\ClickPotatoLite\bin (Adware.ClickPotato) -> Delete on reboot.
    C:\Program Files (x86)\ClickPotatoLite\bin\10.0.530.0 (Adware.ClickPotato) -> Delete on reboot.
    C:\Program Files (x86)\ClickPotatoLite\bin\10.0.530.0\firefox (Adware.ClickPotato) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\ClickPotatoLite\bin\10.0.530.0\firefox\extensions (Adware.ClickPotato) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\ClickPotatoLite\bin\10.0.530.0\firefox\extensions\plugins (Adware.ClickPotato) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato (Adware.ClickPotato) -> Quarantined and deleted successfully.

    Files Infected:
    C:\Program Files (x86)\ClickPotatoLite\bin\10.0.530.0\ClickPotatoLiteSA.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files (x86)\clickpotatolite\bin\10.0.530.0\clickpotatolitesahook.dll (Adware.ClickPotato) -> Delete on reboot.
    C:\Program Files (x86)\ClickPotatoLite\bin\10.0.530.0\ClickPotatoLiteSAAX.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\ClickPotatoLite\bin\10.0.530.0\ClickPotatoLiteSABHO.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
    C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
    C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAAbout.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
    C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAau.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
    C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAEULA.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
    C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA_kyf.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\ClickPotatoLite\bin\10.0.530.0\ClickPotatoLiteUninstaller.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\ClickPotatoLite\bin\10.0.530.0\firefox\extensions\chrome.manifest (Adware.ClickPotato) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\ClickPotatoLite\bin\10.0.530.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\ClickPotatoLite\bin\10.0.530.0\firefox\extensions\plugins\npclntax_ClickPotatoLiteSA.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\About Us.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Customer Support.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Uninstall Instructions.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
  8. BobDylan

    BobDylan TechSpot Enthusiast Topic Starter Posts: 114

    I haven't done 'Step 4: GMER' as I have Windows 7... although don't know if my computer is 64-bit!?
  9. BobDylan

    BobDylan TechSpot Enthusiast Topic Starter Posts: 114


    I have realised that I can't watch youtube video's when 'No Script 2.0.3.3' is enabled. When it is disabled I can watch. Is this normal?

    PS:

    I hope people don't mind that this thread is one whole conversation with myself! :haha: I'm hoping someone will come to save me at some point! ha
  10. Broni

    Broni Malware Annihilator Posts: 46,131   +251

    Welcome aboard [​IMG]

    Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/


    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    • Close SUPERAntiSpyware.
    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    • Open SUPERAntiSpyware.
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Copy and paste the Scan Log results in your next reply with a new HijackThis log.
    • Click Close to exit the program.

    Post SUPERAntiSpyware log.

    ====================================================================

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.
  11. BobDylan

    BobDylan TechSpot Enthusiast Topic Starter Posts: 114

    Okay I just did everything you said concerning the SuperAntiSpyware. When it finished the scan it said my computer had no harmful viruses... so then I couldn't do what you said.

    Will do the next stage (MRB) now. I'm presuming I have to do back out of safe mode?!


    PS; Thanks so much for your help, it's much apprecieated.
     
  12. BobDylan

    BobDylan TechSpot Enthusiast Topic Starter Posts: 114

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: Quanta
    BIOS Manufacturer: Hewlett-Packard
    System Manufacturer: Hewlett-Packard
    System Product Name: HP Pavilion dv6 Notebook PC
    Logical Drives Mask: 0x0000001c

    Kernel Drivers (total 253):
    0x02C5B000 \SystemRoot\system32\ntoskrnl.exe
    0x02C12000 \SystemRoot\system32\hal.dll
    0x00BAE000 \SystemRoot\system32\kdcom.dll
    0x00CE0000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    0x00CED000 \SystemRoot\system32\PSHED.dll
    0x00D01000 \SystemRoot\system32\CLFS.SYS
    0x00C00000 \SystemRoot\system32\CI.dll
    0x00E6D000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00F11000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00F20000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x00F77000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x00F80000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x00F8A000 \SystemRoot\system32\DRIVERS\pci.sys
    0x00FBD000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x00FCA000 \SystemRoot\system32\DRIVERS\isapnp.sys
    0x00FD3000 \SystemRoot\system32\DRIVERS\mpio.sys
    0x00E00000 \SystemRoot\System32\drivers\partmgr.sys
    0x00E15000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x00E1E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x00E2A000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x00D5F000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00E3F000 \SystemRoot\system32\DRIVERS\intelide.sys
    0x00E47000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x00E57000 \SystemRoot\system32\DRIVERS\aliide.sys
    0x00E5E000 \SystemRoot\system32\DRIVERS\amdide.sys
    0x00E65000 \SystemRoot\system32\DRIVERS\cmdide.sys
    0x00DBB000 \SystemRoot\System32\drivers\mountmgr.sys
    0x00DD5000 \SystemRoot\system32\DRIVERS\msdsm.sys
    0x0109E000 \SystemRoot\system32\DRIVERS\nvraid.sys
    0x010C7000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x010F7000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x010FE000 \SystemRoot\system32\DRIVERS\viaide.sys
    0x0124E000 \SystemRoot\system32\DRIVERS\iaStorV.sys
    0x0136C000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x01375000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x0139F000 \SystemRoot\system32\DRIVERS\lsi_sas.sys
    0x01106000 \SystemRoot\system32\DRIVERS\storport.sys
    0x013BC000 \SystemRoot\system32\DRIVERS\msahci.sys
    0x013C7000 \SystemRoot\system32\DRIVERS\HpSAMD.sys
    0x01168000 \SystemRoot\system32\DRIVERS\adp94xx.sys
    0x01000000 \SystemRoot\system32\DRIVERS\adpahci.sys
    0x01200000 \SystemRoot\system32\DRIVERS\adpu320.sys
    0x0122F000 \SystemRoot\system32\DRIVERS\amdsata.sys
    0x01056000 \SystemRoot\system32\DRIVERS\amdsbs.sys
    0x013DE000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x011E3000 \SystemRoot\system32\DRIVERS\arc.sys
    0x00CC0000 \SystemRoot\system32\DRIVERS\arcsas.sys
    0x0148D000 \SystemRoot\system32\DRIVERS\elxstor.sys
    0x01514000 \SystemRoot\system32\DRIVERS\iirsp.sys
    0x01525000 \SystemRoot\system32\DRIVERS\lsi_fc.sys
    0x01544000 \SystemRoot\system32\DRIVERS\lsi_sas2.sys
    0x01557000 \SystemRoot\system32\DRIVERS\lsi_scsi.sys
    0x01576000 \SystemRoot\system32\DRIVERS\megasas.sys
    0x01672000 \SystemRoot\system32\DRIVERS\MegaSR.sys
    0x01716000 \SystemRoot\system32\DRIVERS\nfrd960.sys
    0x01726000 \SystemRoot\system32\DRIVERS\nvstor.sys
    0x0184A000 \SystemRoot\system32\DRIVERS\ql2300.sys
    0x01751000 \SystemRoot\system32\DRIVERS\ql40xx.sys
    0x019EE000 \SystemRoot\system32\DRIVERS\SiSRaid2.sys
    0x01800000 \SystemRoot\system32\DRIVERS\sisraid4.sys
    0x01818000 \SystemRoot\system32\DRIVERS\stexstor.sys
    0x017B0000 \SystemRoot\system32\DRIVERS\vsmraid.sys
    0x01600000 \SystemRoot\system32\drivers\fltmgr.sys
    0x01822000 \SystemRoot\system32\drivers\fileinfo.sys
    0x01582000 \SystemRoot\system32\drivers\N360x64\0308000.029\SYMEFA64.SYS
    0x01A38000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x01400000 \SystemRoot\System32\Drivers\msrpc.sys
    0x01BDB000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x01C44000 \SystemRoot\System32\Drivers\cng.sys
    0x01CB7000 \SystemRoot\System32\drivers\pcw.sys
    0x01CC8000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x01CD2000 \SystemRoot\system32\drivers\ndis.sys
    0x01ED1000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01F31000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x02002000 \SystemRoot\System32\drivers\tcpip.sys
    0x01F5C000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01FA6000 \SystemRoot\system32\DRIVERS\wd.sys
    0x01FAE000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x01E00000 \SystemRoot\System32\Drivers\spldr.sys
    0x01E08000 \SystemRoot\system32\DRIVERS\sbp2port.sys
    0x01E25000 \SystemRoot\System32\drivers\rdyboost.sys
    0x01E5F000 \SystemRoot\System32\Drivers\mup.sys
    0x01E71000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x01E7A000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
    0x01E84000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x01DC4000 \SystemRoot\system32\DRIVERS\disk.sys
    0x01EBE000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
    0x01C13000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x01A00000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\RapportPG64.sys
    0x01DF4000 \SystemRoot\System32\Drivers\Null.SYS
    0x01C3D000 \SystemRoot\System32\Drivers\Beep.SYS
    0x01A12000 \SystemRoot\System32\drivers\vga.sys
    0x0164C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x01A20000 \SystemRoot\System32\drivers\watchdog.sys
    0x01BF5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x01836000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x0183F000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x017DA000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x017E5000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x0145E000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x0147C000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x034CC000 \SystemRoot\System32\Drivers\N360x64\0308000.029\SYMTDI.SYS
    0x03518000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    0x0354E000 \SystemRoot\System32\Drivers\N360x64\0308000.029\SYMNDISV.SYS
    0x0355E000 \SystemRoot\System32\Drivers\N360x64\0308000.029\SYMFW.SYS
    0x03400000 \SystemRoot\system32\drivers\afd.sys
    0x03580000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x035C5000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x035CE000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x0348A000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x034A0000 \SystemRoot\system32\DRIVERS\SymIMv.sys
    0x034AB000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x0442E000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x04449000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x0445D000 \SystemRoot\system32\drivers\N360x64\0308000.029\SRTSPX64.SYS
    0x04471000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    0x0447B000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    0x04485000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x044D6000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\RapportKE64.sys
    0x044E9000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x044F5000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x04500000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101015.005\IDSvia64.sys
    0x0457B000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    0x04400000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    0x045F1000 \SystemRoot\System32\drivers\discache.sys
    0x042D8000 \SystemRoot\System32\Drivers\dfsc.sys
    0x042F6000 \SystemRoot\System32\Drivers\N360x64\0308000.029\ccHPx64.sys
    0x04389000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x0439A000 \SystemRoot\System32\Drivers\N360x64\0308000.029\BHDrvx64.sys
    0x04200000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x04226000 \SystemRoot\system32\DRIVERS\amdppm.sys
    0x05045000 \SystemRoot\system32\DRIVERS\atikmdag.sys
    0x0565C000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x05692000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x05786000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x057CC000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x04857000 \SystemRoot\system32\DRIVERS\athrx.sys
    0x049E0000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x04800000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
    0x04839000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x04846000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x0423B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x049ED000 \SystemRoot\system32\DRIVERS\usbfilter.sys
    0x049FA000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x05000000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x05011000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x0502F000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
    0x057F0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x04C91000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x04CDD000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x04CEC000 \SystemRoot\system32\DRIVERS\enecir.sys
    0x04D09000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x04D0E000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x04D17000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
    0x04D23000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x04D33000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x04D49000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x04D6D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x04D79000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x04DA8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x04DC3000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x04DE4000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x04DFE000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x04C00000 \SystemRoot\system32\DRIVERS\ks.sys
    0x04C43000 \SystemRoot\system32\DRIVERS\circlass.sys
    0x04C55000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x0581B000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x05875000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x0588A000 \SystemRoot\system32\drivers\AtiHdmi.sys
    0x058AA000 \SystemRoot\system32\drivers\portcls.sys
    0x058E7000 \SystemRoot\system32\drivers\drmk.sys
    0x05909000 \SystemRoot\system32\drivers\ksthunk.sys
    0x0590F000 \SystemRoot\system32\DRIVERS\stwrt64.sys
    0x0598A000 \SystemRoot\system32\DRIVERS\hidir.sys
    0x0599B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x059B4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x059BD000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x059CB000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x000A0000 \SystemRoot\System32\win32k.sys
    0x059D8000 \SystemRoot\System32\drivers\Dxapi.sys
    0x059E4000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x059F2000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x05800000 \SystemRoot\System32\Drivers\dump_msahci.sys
    0x04C67000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x04291000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x02C24000 \SystemRoot\System32\Drivers\usbvideo.sys
    0x02C52000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x00480000 \SystemRoot\System32\TSDDD.dll
    0x00680000 \SystemRoot\System32\cdd.dll
    0x00940000 \SystemRoot\System32\ATMFD.DLL
    0x02C60000 \SystemRoot\system32\drivers\luafv.sys
    0x02C83000 \SystemRoot\system32\DRIVERS\stflt.sys
    0x02CAF000 \SystemRoot\system32\drivers\WudfPf.sys
    0x02CD0000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x02CE5000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x02D38000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x02D4B000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x040DA000 \SystemRoot\system32\drivers\HTTP.sys
    0x041A2000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x041C0000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x04000000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x0402D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x0407B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x06837000 \SystemRoot\system32\drivers\peauth.sys
    0x068DD000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x068E8000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x06915000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x06927000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x02D63000 \SystemRoot\System32\DRIVERS\srv.sys
    0x094FB000 \SystemRoot\System32\Drivers\N360x64\0308000.029\SRTSP64.SYS
    0x09641000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101019.004\EX64.SYS
    0x09600000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101019.004\ENG64.SYS
    0x09579000 \SystemRoot\system32\drivers\spsys.sys
    0x77810000 \Windows\System32\ntdll.dll
    0x47AD0000 \Windows\System32\smss.exe
    0xFFB30000 \Windows\System32\apisetschema.dll
    0xFFFD0000 \Windows\System32\autochk.exe
    0xFFA50000 \Windows\System32\usp10.dll
    0xFFA40000 \Windows\System32\lpk.dll
    0xFF7E0000 \Windows\System32\iertutil.dll
    0xFF600000 \Windows\System32\setupapi.dll
    0x776F0000 \Windows\System32\kernel32.dll
    0xFF590000 \Windows\System32\gdi32.dll
    0xFF580000 \Windows\System32\nsi.dll
    0xFF450000 \Windows\System32\wininet.dll
    0xFF320000 \Windows\System32\rpcrt4.dll
    0xFF240000 \Windows\System32\oleaut32.dll
    0x775F0000 \Windows\System32\user32.dll
    0xFF1C0000 \Windows\System32\shlwapi.dll
    0xFF0E0000 \Windows\System32\advapi32.dll
    0xFF090000 \Windows\System32\Wldap32.dll
    0xFF070000 \Windows\System32\sechost.dll
    0xFE2E0000 \Windows\System32\shell32.dll
    0xFE240000 \Windows\System32\comdlg32.dll
    0xFE0C0000 \Windows\System32\urlmon.dll
    0xFDFB0000 \Windows\System32\msctf.dll
    0xFDF80000 \Windows\System32\imm32.dll
    0x779E0000 \Windows\System32\psapi.dll
    0xFDF60000 \Windows\System32\imagehlp.dll
    0xFDEE0000 \Windows\System32\difxapi.dll
    0x779D0000 \Windows\System32\normaliz.dll
    0xFDE40000 \Windows\System32\clbcatq.dll
    0xFDC30000 \Windows\System32\ole32.dll
    0xFDBE0000 \Windows\System32\ws2_32.dll
    0xFDB40000 \Windows\System32\msvcrt.dll
    0xFD9D0000 \Windows\System32\crypt32.dll
    0xFD990000 \Windows\System32\cfgmgr32.dll
    0xFD950000 \Windows\System32\wintrust.dll
    0xFD8B0000 \Windows\System32\comctl32.dll
    0xFD890000 \Windows\System32\devobj.dll
    0xFD820000 \Windows\System32\KernelBase.dll
    0xFD810000 \Windows\System32\msasn1.dll
    0x76D50000 \Windows\SysWOW64\normaliz.dll

    Processes (total 87):
    0 System Idle Process
    4 System
    272 C:\Windows\System32\smss.exe
    384 csrss.exe
    452 C:\Windows\System32\wininit.exe
    484 csrss.exe
    516 C:\Windows\System32\services.exe
    532 C:\Windows\System32\lsass.exe
    540 C:\Windows\System32\lsm.exe
    576 C:\Windows\System32\winlogon.exe
    688 C:\Windows\System32\svchost.exe
    768 C:\Windows\System32\svchost.exe
    816 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
    932 C:\Windows\System32\atiesrxx.exe
    964 C:\Windows\System32\svchost.exe
    1000 C:\Windows\System32\svchost.exe
    292 C:\Windows\System32\svchost.exe
    404 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe
    900 C:\Windows\System32\audiodg.exe
    1076 C:\Windows\System32\svchost.exe
    1120 C:\Windows\System32\hpservice.exe
    1176 C:\Windows\System32\atieclxx.exe
    1208 C:\Windows\System32\svchost.exe
    1352 C:\Windows\System32\wlanext.exe
    1360 C:\Windows\System32\conhost.exe
    1448 C:\Windows\System32\spoolsv.exe
    1484 C:\Windows\System32\svchost.exe
    1624 C:\Windows\System32\taskhost.exe
    1688 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    1700 C:\Windows\System32\dwm.exe
    1736 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
    1772 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1812 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    1856 C:\Windows\SysWOW64\svchost.exe
    1868 C:\Windows\explorer.exe
    1920 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    1236 C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
    1952 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    2000 C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe
    2228 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    2896 C:\Program Files\IDT\WDM\sttray64.exe
    2908 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    2964 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe
    3048 C:\Windows\System32\svchost.exe
    2044 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
    924 C:\Windows\System32\SearchIndexer.exe
    3348 C:\Windows\System32\SearchProtocolHost.exe
    3460 C:\Windows\System32\svchost.exe
    3560 C:\Program Files\Java\jre6\bin\jusched.exe
    3584 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    3592 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    3688 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    3696 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    3704 C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
    3712 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    3752 C:\Program Files\Windows Media Player\wmpnetwk.exe
    3828 C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    3844 WmiPrvSE.exe
    3104 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    3216 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    2256 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    2640 C:\Windows\System32\taskeng.exe
    1936 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    4216 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    4380 C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
    4728 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
    4744 C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    4760 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    4800 C:\Program Files (x86)\iTunes\iTunesHelper.exe
    4836 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    4852 C:\Windows\System32\svchost.exe
    4976 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    4180 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    3268 C:\Program Files\iPod\bin\iPodService.exe
    5048 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    4872 C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
    3304 C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
    5712 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    5796 C:\Windows\System32\sppsvc.exe
    3224 C:\Windows\servicing\TrustedInstaller.exe
    5816 C:\Windows\System32\SearchFilterHost.exe
    628 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    5316 C:\PROGRA~2\Crawler\Toolbar\CToolbar.exe
    6040 C:\Users\owner\Downloads\MBRCheck.exe
    6048 C:\Windows\System32\conhost.exe
    2608 C:\Windows\System32\dllhost.exe
    5996 C:\Windows\System32\sdclt.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000036`db600000 (NTFS)

    PhysicalDrive0 Model Number: WDCWD2500BEKT-60F3T1, Rev: 12.01A12

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: B413909AEAB23B59509582F416A5863C3D438127


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!
  13. Broni

    Broni Malware Annihilator Posts: 46,131   +251

    Your MBR seems to be infected.

    Please download NTBR by noahdfear and save it to your Desktop.
    File size: 2.44 MB (2,565,432 bytes)

    • Place a blank CD in your CD drive.
    • Double click on NTBR_CD.exe file and a folder of the same name will appear.
    • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
    • Follow the prompts to burn the CD.
    • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
    • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
    • Insert the newly created CD into your infected PC and reboot your computer.
    • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
    • Read the warning and then continue as prompted.
    • You first need to select your keyboard layout - press Enter for English.
    • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
    • On the following screen enter 5 to select Install Standard MBR code.
    • Enter 2 to overwrite the infected MBR Code with the Windows 7 MBR code.
    • When asked to confirm please do so.
    • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
    • Eject the disc and then press ctrl+alt+del to reboot the PC.
    Once rebooted, run MBRCheck again and post its log.
  14. BobDylan

    BobDylan TechSpot Enthusiast Topic Starter Posts: 114

    Ok, I hope I have done this right. Wasn't entirely sure about the whole BIOS stuff, but think I did it!


    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: Quanta
    BIOS Manufacturer: Hewlett-Packard
    System Manufacturer: Hewlett-Packard
    System Product Name: HP Pavilion dv6 Notebook PC
    Logical Drives Mask: 0x0000001c

    Kernel Drivers (total 253):
    0x02C05000 \SystemRoot\system32\ntoskrnl.exe
    0x031E1000 \SystemRoot\system32\hal.dll
    0x00B96000 \SystemRoot\system32\kdcom.dll
    0x00CCC000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    0x00CD9000 \SystemRoot\system32\PSHED.dll
    0x00CED000 \SystemRoot\system32\CLFS.SYS
    0x00C00000 \SystemRoot\system32\CI.dll
    0x00D4B000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00DEF000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00E56000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x00EAD000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x00EB6000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x00EC0000 \SystemRoot\system32\DRIVERS\pci.sys
    0x00EF3000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x00F00000 \SystemRoot\system32\DRIVERS\isapnp.sys
    0x00F09000 \SystemRoot\system32\DRIVERS\mpio.sys
    0x00F33000 \SystemRoot\System32\drivers\partmgr.sys
    0x00F48000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x00F51000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x00F5D000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x00F72000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00FCE000 \SystemRoot\system32\DRIVERS\intelide.sys
    0x00FD6000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x00FE6000 \SystemRoot\system32\DRIVERS\aliide.sys
    0x00FED000 \SystemRoot\system32\DRIVERS\amdide.sys
    0x00FF4000 \SystemRoot\system32\DRIVERS\cmdide.sys
    0x00E00000 \SystemRoot\System32\drivers\mountmgr.sys
    0x00E1A000 \SystemRoot\system32\DRIVERS\msdsm.sys
    0x01075000 \SystemRoot\system32\DRIVERS\nvraid.sys
    0x0109E000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x010CE000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x010D5000 \SystemRoot\system32\DRIVERS\viaide.sys
    0x010DD000 \SystemRoot\system32\DRIVERS\iaStorV.sys
    0x01000000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x01009000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x01033000 \SystemRoot\system32\DRIVERS\lsi_sas.sys
    0x012EC000 \SystemRoot\system32\DRIVERS\storport.sys
    0x0134E000 \SystemRoot\system32\DRIVERS\msahci.sys
    0x01359000 \SystemRoot\system32\DRIVERS\HpSAMD.sys
    0x01370000 \SystemRoot\system32\DRIVERS\adp94xx.sys
    0x01200000 \SystemRoot\system32\DRIVERS\adpahci.sys
    0x01256000 \SystemRoot\system32\DRIVERS\adpu320.sys
    0x01285000 \SystemRoot\system32\DRIVERS\amdsata.sys
    0x012A3000 \SystemRoot\system32\DRIVERS\amdsbs.sys
    0x013EB000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x01050000 \SystemRoot\system32\DRIVERS\arc.sys
    0x014E1000 \SystemRoot\system32\DRIVERS\arcsas.sys
    0x014FC000 \SystemRoot\system32\DRIVERS\elxstor.sys
    0x01583000 \SystemRoot\system32\DRIVERS\iirsp.sys
    0x01594000 \SystemRoot\system32\DRIVERS\lsi_fc.sys
    0x015B3000 \SystemRoot\system32\DRIVERS\lsi_sas2.sys
    0x015C6000 \SystemRoot\system32\DRIVERS\lsi_scsi.sys
    0x015E5000 \SystemRoot\system32\DRIVERS\megasas.sys
    0x01400000 \SystemRoot\system32\DRIVERS\MegaSR.sys
    0x014A4000 \SystemRoot\system32\DRIVERS\nfrd960.sys
    0x014B4000 \SystemRoot\system32\DRIVERS\nvstor.sys
    0x01621000 \SystemRoot\system32\DRIVERS\ql2300.sys
    0x0186E000 \SystemRoot\system32\DRIVERS\ql40xx.sys
    0x018CD000 \SystemRoot\system32\DRIVERS\SiSRaid2.sys
    0x018DB000 \SystemRoot\system32\DRIVERS\sisraid4.sys
    0x018F3000 \SystemRoot\system32\DRIVERS\stexstor.sys
    0x018FD000 \SystemRoot\system32\DRIVERS\vsmraid.sys
    0x01927000 \SystemRoot\system32\drivers\fltmgr.sys
    0x01973000 \SystemRoot\system32\drivers\fileinfo.sys
    0x01987000 \SystemRoot\system32\drivers\N360x64\0308000.029\SYMEFA64.SYS
    0x01A25000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x01800000 \SystemRoot\System32\Drivers\msrpc.sys
    0x01BC8000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x01C55000 \SystemRoot\System32\Drivers\cng.sys
    0x01CC8000 \SystemRoot\System32\drivers\pcw.sys
    0x01CD9000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x01CE3000 \SystemRoot\system32\drivers\ndis.sys
    0x01E75000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01ED5000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x02003000 \SystemRoot\System32\drivers\tcpip.sys
    0x01F00000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01F4A000 \SystemRoot\system32\DRIVERS\wd.sys
    0x01F52000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x01F9E000 \SystemRoot\System32\Drivers\spldr.sys
    0x01FA6000 \SystemRoot\system32\DRIVERS\sbp2port.sys
    0x01FC3000 \SystemRoot\System32\drivers\rdyboost.sys
    0x01E00000 \SystemRoot\System32\Drivers\mup.sys
    0x01E12000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x01E1B000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
    0x01E25000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x01E5F000 \SystemRoot\system32\DRIVERS\disk.sys
    0x01DD5000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
    0x01C1E000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x01BE2000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\RapportPG64.sys
    0x01C48000 \SystemRoot\System32\Drivers\Null.SYS
    0x01DF7000 \SystemRoot\System32\Drivers\Beep.SYS
    0x01A00000 \SystemRoot\System32\drivers\vga.sys
    0x017C5000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x01A0E000 \SystemRoot\System32\drivers\watchdog.sys
    0x01BF4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x0185E000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x019EE000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x017EA000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x01600000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x03496000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x034B4000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x034C1000 \SystemRoot\System32\Drivers\N360x64\0308000.029\SYMTDI.SYS
    0x0350D000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    0x03543000 \SystemRoot\System32\Drivers\N360x64\0308000.029\SYMNDISV.SYS
    0x03553000 \SystemRoot\System32\Drivers\N360x64\0308000.029\SYMFW.SYS
    0x03575000 \SystemRoot\system32\drivers\afd.sys
    0x03400000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x03445000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x0344E000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x03474000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x0348A000 \SystemRoot\system32\DRIVERS\SymIMv.sys
    0x01611000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x042B8000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x042D3000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x042E7000 \SystemRoot\system32\drivers\N360x64\0308000.029\SRTSPX64.SYS
    0x042FB000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    0x04305000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    0x0430F000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x04360000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\RapportKE64.sys
    0x04373000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x0437F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x04200000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101019.001\IDSvia64.sys
    0x0438A000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    0x0427B000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    0x042A0000 \SystemRoot\System32\drivers\discache.sys
    0x0483F000 \SystemRoot\System32\Drivers\dfsc.sys
    0x0485D000 \SystemRoot\System32\Drivers\N360x64\0308000.029\ccHPx64.sys
    0x048F0000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x04901000 \SystemRoot\System32\Drivers\N360x64\0308000.029\BHDrvx64.sys
    0x04958000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x0497E000 \SystemRoot\system32\DRIVERS\amdppm.sys
    0x05026000 \SystemRoot\system32\DRIVERS\atikmdag.sys
    0x0563D000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x05673000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x05767000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x057AD000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x0440C000 \SystemRoot\system32\DRIVERS\athrx.sys
    0x04595000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x045A2000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
    0x045DB000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x045E8000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x04993000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x045F3000 \SystemRoot\system32\DRIVERS\usbfilter.sys
    0x04400000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x057D1000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x057E2000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x05000000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
    0x0500C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x04A67000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x04AB3000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x04AC2000 \SystemRoot\system32\DRIVERS\enecir.sys
    0x04ADF000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x04AE4000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x04AED000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
    0x04AF9000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x04B09000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x04B1F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x04B43000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x04B4F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x04B7E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x04B99000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x04BBA000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x04BD4000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x04A00000 \SystemRoot\system32\DRIVERS\ks.sys
    0x04A43000 \SystemRoot\system32\DRIVERS\circlass.sys
    0x04A55000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x05831000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x0588B000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x058A0000 \SystemRoot\system32\drivers\AtiHdmi.sys
    0x058C0000 \SystemRoot\system32\drivers\portcls.sys
    0x058FD000 \SystemRoot\system32\drivers\drmk.sys
    0x0591F000 \SystemRoot\system32\drivers\ksthunk.sys
    0x05925000 \SystemRoot\system32\DRIVERS\stwrt64.sys
    0x059A0000 \SystemRoot\system32\DRIVERS\hidir.sys
    0x059B1000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x059CA000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x059D3000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x059E1000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x00080000 \SystemRoot\System32\win32k.sys
    0x059EE000 \SystemRoot\System32\drivers\Dxapi.sys
    0x05800000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x0580E000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x0581A000 \SystemRoot\System32\Drivers\dump_msahci.sys
    0x04BD6000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x04800000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x02C87000 \SystemRoot\System32\Drivers\usbvideo.sys
    0x02CB5000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x00450000 \SystemRoot\System32\TSDDD.dll
    0x00690000 \SystemRoot\System32\cdd.dll
    0x00950000 \SystemRoot\System32\ATMFD.DLL
    0x02CC3000 \SystemRoot\system32\drivers\luafv.sys
    0x02CE6000 \SystemRoot\system32\DRIVERS\stflt.sys
    0x02D12000 \SystemRoot\system32\drivers\WudfPf.sys
    0x02D33000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x02D48000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x02D9B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x02DAE000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x04E4A000 \SystemRoot\system32\drivers\HTTP.sys
    0x04F12000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x04F30000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x04F48000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x04F75000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x04FC3000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x0684E000 \SystemRoot\system32\drivers\peauth.sys
    0x068F4000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x068FF000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x0692C000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x0693E000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x06C3B000 \SystemRoot\System32\DRIVERS\srv.sys
    0x06CD1000 \SystemRoot\System32\Drivers\N360x64\0308000.029\SRTSP64.SYS
    0x08A31000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101020.002\EX64.SYS
    0x08A00000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101020.002\ENG64.SYS
    0x06D4F000 \SystemRoot\system32\drivers\spsys.sys
    0x77920000 \Windows\System32\ntdll.dll
    0x47FC0000 \Windows\System32\smss.exe
    0xFFC40000 \Windows\System32\apisetschema.dll
    0xFF160000 \Windows\System32\autochk.exe
    0xFFB60000 \Windows\System32\usp10.dll
    0xFF950000 \Windows\System32\ole32.dll
    0xFF8E0000 \Windows\System32\gdi32.dll
    0xFF8D0000 \Windows\System32\nsi.dll
    0xFF880000 \Windows\System32\Wldap32.dll
    0x77820000 \Windows\System32\user32.dll
    0xFF6A0000 \Windows\System32\setupapi.dll
    0xFF520000 \Windows\System32\urlmon.dll
    0xFF3F0000 \Windows\System32\wininet.dll
    0xFF3E0000 \Windows\System32\lpk.dll
    0xFF180000 \Windows\System32\iertutil.dll
    0x77AF0000 \Windows\System32\normaliz.dll
    0x77700000 \Windows\System32\kernel32.dll
    0xFF100000 \Windows\System32\shlwapi.dll
    0xFF020000 \Windows\System32\advapi32.dll
    0xFEFA0000 \Windows\System32\difxapi.dll
    0xFE210000 \Windows\System32\shell32.dll
    0xFE1C0000 \Windows\System32\ws2_32.dll
    0xFE090000 \Windows\System32\rpcrt4.dll
    0xFDFF0000 \Windows\System32\msvcrt.dll
    0xFDEE0000 \Windows\System32\msctf.dll
    0xFDE40000 \Windows\System32\clbcatq.dll
    0x77AE0000 \Windows\System32\psapi.dll
    0xFDE20000 \Windows\System32\imagehlp.dll
    0xFDE00000 \Windows\System32\sechost.dll
    0xFDDD0000 \Windows\System32\imm32.dll
    0xFDCF0000 \Windows\System32\oleaut32.dll
    0xFDC50000 \Windows\System32\comdlg32.dll
    0xFDBE0000 \Windows\System32\KernelBase.dll
    0xFDB40000 \Windows\System32\comctl32.dll
    0xFD9D0000 \Windows\System32\crypt32.dll
    0xFD990000 \Windows\System32\cfgmgr32.dll
    0xFD950000 \Windows\System32\wintrust.dll
    0xFD930000 \Windows\System32\devobj.dll
    0xFD920000 \Windows\System32\msasn1.dll
    0x77AD0000 \Windows\SysWOW64\normaliz.dll

    Processes (total 86):
    0 System Idle Process
    4 System
    272 C:\Windows\System32\smss.exe
    384 csrss.exe
    460 C:\Windows\System32\wininit.exe
    468 csrss.exe
    516 C:\Windows\System32\services.exe
    532 C:\Windows\System32\lsass.exe
    540 C:\Windows\System32\lsm.exe
    636 C:\Windows\System32\svchost.exe
    704 C:\Windows\System32\winlogon.exe
    752 C:\Windows\System32\svchost.exe
    808 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
    932 C:\Windows\System32\atiesrxx.exe
    964 C:\Windows\System32\svchost.exe
    996 C:\Windows\System32\svchost.exe
    244 C:\Windows\System32\svchost.exe
    396 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe
    1044 C:\Windows\System32\audiodg.exe
    1088 C:\Windows\System32\svchost.exe
    1136 C:\Windows\System32\hpservice.exe
    1200 C:\Windows\System32\svchost.exe
    1264 C:\Windows\System32\atieclxx.exe
    1352 C:\Windows\System32\wlanext.exe
    1360 C:\Windows\System32\conhost.exe
    1464 C:\Windows\System32\spoolsv.exe
    1564 C:\Windows\System32\svchost.exe
    1640 C:\Windows\System32\taskhost.exe
    1668 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    1688 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
    1732 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1784 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    1852 C:\Windows\SysWOW64\svchost.exe
    1868 C:\Windows\System32\dwm.exe
    1908 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    1928 C:\Windows\explorer.exe
    2028 C:\Windows\System32\taskeng.exe
    1028 C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
    1728 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    2056 C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe
    2156 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    2656 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe
    2748 C:\Windows\System32\svchost.exe
    2816 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
    2856 C:\Program Files\IDT\WDM\sttray64.exe
    2880 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    2932 C:\Windows\System32\svchost.exe
    3024 WmiPrvSE.exe
    3128 C:\Program Files\Java\jre6\bin\jusched.exe
    3140 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    3152 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    3160 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    3172 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    3188 C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
    3484 C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
    3772 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    4084 C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    3604 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    3612 C:\Windows\System32\taskeng.exe
    3736 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    3720 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    4024 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    4100 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    4172 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
    4192 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    4224 C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    4232 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    4296 C:\Program Files (x86)\iTunes\iTunesHelper.exe
    4316 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    4496 C:\Windows\System32\SearchIndexer.exe
    4536 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4584 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    4676 C:\Program Files\iPod\bin\iPodService.exe
    4784 WmiPrvSE.exe
    4880 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    5048 C:\Windows\System32\sppsvc.exe
    4308 C:\Windows\System32\SearchProtocolHost.exe
    3936 C:\Windows\System32\SearchFilterHost.exe
    4252 C:\Windows\System32\svchost.exe
    1580 C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
    4968 C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
    5796 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    5908 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    5312 C:\Users\owner\Downloads\MBRCheck.exe
    5556 C:\Windows\System32\conhost.exe
    5512 C:\Windows\System32\dllhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000036`db600000 (NTFS)

    PhysicalDrive0 Model Number: WDCWD2500BEKT-60F3T1, Rev: 12.01A12

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


    Done!
  15. Broni

    Broni Malware Annihilator Posts: 46,131   +251

    Good job :)
    MBR is clean...

    Download Dr.Web CureIt to the desktop:
    ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
    Alternative download: http://majorgeeks.com/Dr.Web_CureIT_d4783.html

    • Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in pop-up window to allow scan.
    • This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
    • Once the short scan has finished, select Complete scan.
    • Click the green arrow [​IMG] at the right, and the scan will start.
    • Click Yes to all if it asks if you want to cure/move the file.
    • When the scan has finished, in the menu, click File and choose Save report list
    • Save the report to your desktop. The report will be called DrWeb.csv
    • Close Dr.Web Cureit.
    • [color=5]Important![/color] Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
    • Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.

    NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.
  16. BobDylan

    BobDylan TechSpot Enthusiast Topic Starter Posts: 114

    Okay. I am currently doing the above process. I have done the smaller scan, am now doing the complete scan.

    Is it OK that I am doing this in 'Enhanced Protection Mode'? It kind of asked me and I agreed.

    Is this scan meant to take such a long time? I am 30 minutes in and the green bar is only a few millimetres in. The speed is 1550 KB/s.... I'm guessing that's slow?

    I presume I need the internet for this scan? I have it on now, but would like to restart it as it's so slow!
  17. BobDylan

    BobDylan TechSpot Enthusiast Topic Starter Posts: 114

    It's been scanning for over two hours now, and the green bar is a centermetre long at most.

    If it carries on like this, it will take approx 20 hours!

    Should I just stop it and try and sort my internet out?
  18. BobDylan

    BobDylan TechSpot Enthusiast Topic Starter Posts: 114

    Okay, it's 22 KB/s now!
     
  19. Broni

    Broni Malware Annihilator Posts: 46,131   +251

    That scan may take a while....
  20. BobDylan

    BobDylan TechSpot Enthusiast Topic Starter Posts: 114

    Hi there,

    I have made 5 seperate attempts to do the complete scan. But it ends up freezing so I can't move the curser and have to turn the computer off.

    Last time it had been scanning for over 4 hours and hadn't even got half way. I am wondering if it is freezing because the laptop is over heating or something?

    My computer really doesn't have a great deal on it, so it's a shame that the complete scan is taking so long.

    What do you think I should do? Keep trying?

    Thanks
  21. Broni

    Broni Malware Annihilator Posts: 46,131   +251

    Let's leave it for now.

    How is computer doing at the moment?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  22. BobDylan

    BobDylan TechSpot Enthusiast Topic Starter Posts: 114

    OTL logfile created on: 10/23/2010 5:02:43 PM - Run 1
    OTL by OldTimer - Version 3.2.17.0 Folder = C:\Users\owner\Downloads
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
    5.00 Gb Paging File | 4.00 Gb Available in Paging File | 69.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 219.23 Gb Total Space | 128.68 Gb Free Space | 58.70% Space Free | Partition Type: NTFS
    Drive D: | 13.36 Gb Total Space | 2.22 Gb Free Space | 16.65% Space Free | Partition Type: NTFS
    Drive E: | 2.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/10/23 16:57:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Downloads\OTL.exe
    PRC - [2010/10/17 22:14:25 | 003,037,696 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
    PRC - [2010/10/03 23:43:16 | 001,266,920 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
    PRC - [2010/10/03 23:43:16 | 000,767,208 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
    PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/01/15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    PRC - [2009/12/27 14:47:30 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    PRC - [2009/12/22 17:49:33 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
    PRC - [2009/07/24 04:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    PRC - [2009/07/23 19:37:16 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/10/23 16:57:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Downloads\OTL.exe
    MOD - [2010/10/03 23:43:42 | 000,431,336 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\rooksbas.dll
    MOD - [2010/08/21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\ezsvc7.dll -- (ezSharedSvc)
    SRV:64bit: - [2010/06/29 18:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
    SRV:64bit: - [2009/07/22 02:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/08 21:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
    SRV:64bit: - [2009/07/02 19:16:06 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2009/03/02 22:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)
    SRV - [2010/10/17 22:14:25 | 001,033,255 | ---- | M] (Xacti LLC) [Auto | Running] -- C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
    SRV - [2010/10/03 23:43:48 | 000,526,320 | ---- | M] (Trusteer Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe -- (RapportLaunService)
    SRV - [2010/10/03 23:43:16 | 000,767,208 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
    SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
    SRV - [2009/12/22 17:49:33 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe -- (N360)
    SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/05/22 19:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2009/02/22 20:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
    SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RtsUCcid.sys -- (USBCCID)
    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rts516xIR.sys -- (RtsUIR)
    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2010/10/18 15:39:17 | 000,286,768 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2010/07/07 11:26:46 | 000,050,696 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\stflt.sys -- (sp_rsdrv2)
    DRV:64bit: - [2010/03/02 16:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2010/02/17 19:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2010/02/17 19:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2009/12/22 17:49:46 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
    DRV:64bit: - [2009/12/22 17:49:35 | 000,476,720 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\srtsp64.sys -- (SRTSP)
    DRV:64bit: - [2009/12/22 17:49:35 | 000,402,992 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\SymEFA64.sys -- (SymEFA)
    DRV:64bit: - [2009/12/22 17:49:35 | 000,278,576 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\symtdi.sys -- (SYMTDI)
    DRV:64bit: - [2009/12/22 17:49:35 | 000,120,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\symfw.sys -- (SYMFW)
    DRV:64bit: - [2009/12/22 17:49:35 | 000,056,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\symndisv.sys -- (SYMNDISV)
    DRV:64bit: - [2009/12/22 17:49:35 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV:64bit: - [2009/12/22 17:49:35 | 000,031,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
    DRV:64bit: - [2009/12/22 17:49:34 | 000,583,296 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\cchpx64.sys -- (ccHP)
    DRV:64bit: - [2009/12/22 17:49:34 | 000,334,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\BHDrvx64.sys -- (BHDrvx64)
    DRV:64bit: - [2009/12/22 17:49:34 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/07/22 02:33:32 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/14 00:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2009/07/08 21:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
    DRV:64bit: - [2009/07/08 21:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
    DRV:64bit: - [2009/07/02 19:51:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2009/06/29 19:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
    DRV:64bit: - [2009/06/10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
    DRV:64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009/06/10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2009/06/10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/06/10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
    DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/06/05 11:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV:64bit: - [2009/05/23 07:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009/05/05 06:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
    DRV:64bit: - [2009/04/29 16:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV:64bit: - [2009/03/09 14:49:08 | 000,036,408 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
    DRV - [2010/10/19 21:36:20 | 000,476,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20101021.003\IDSviA64.sys -- (IDSVia64)
    DRV - [2010/10/03 23:43:50 | 000,056,816 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportPG64.sys -- (RapportPG64)
    DRV - [2010/10/03 23:43:48 | 000,063,472 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportKE64.sys -- (RapportKE64)
    DRV - [2010/09/28 09:00:00 | 001,804,336 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101022.048\EX64.SYS -- (NAVEX15)
    DRV - [2010/09/28 09:00:00 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101022.048\ENG64.SYS -- (NAVENG)
    DRV - [2010/05/26 09:00:00 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
    DRV - [2010/05/26 09:00:00 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cnnb
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cnnb
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cnnb
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cnnb
    IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cnnb
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cnnb
    IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultthis.engineName: "Google Powered Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.selectedEngine: "Web Search..."
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "www.google.com"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
    FF - prefs.js..extensions.enabledItems: {4B3803EA-5230-4DC3-A7FC-33638F3D3542}:1.3
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&q="

    FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/27 10:38:29 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files (x86)\Crawler\Toolbar\firefox\ [2010/10/17 22:14:48 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/21 19:38:23 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/21 19:38:23 | 000,000,000 | ---D | M]

    [2009/12/27 14:58:09 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\mozilla\Extensions
    [2010/10/23 16:45:28 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\tjsh4d9s.default\extensions
    [2010/10/17 20:36:07 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\tjsh4d9s.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
    [2010/08/19 18:00:12 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\tjsh4d9s.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
    [2010/10/17 20:37:58 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\tjsh4d9s.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2010/08/28 15:18:22 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\tjsh4d9s.default\extensions\vshare@toolbar
    [2010/04/02 13:40:27 | 000,000,911 | ---- | M] () -- C:\Users\owner\AppData\Roaming\Mozilla\FireFox\Profiles\tjsh4d9s.default\searchplugins\conduit.xml
    [2010/08/28 15:18:33 | 000,001,583 | ---- | M] () -- C:\Users\owner\AppData\Roaming\Mozilla\FireFox\Profiles\tjsh4d9s.default\searchplugins\web-search.xml
    [2010/10/22 12:44:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2010/06/16 23:31:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/08/12 09:40:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010/06/12 01:10:42 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
    [2010/06/12 01:10:42 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
    [2007/07/26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\crawlersrch.xml
    [2010/06/12 01:10:42 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
    [2010/06/12 01:10:42 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

    O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
    O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files (x86)\Crawler\Toolbar\ctbr.dll (Crawler.com)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
    O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files (x86)\Crawler\Toolbar\ctbr.dll (Crawler.com)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files (x86)\Crawler\Toolbar\ctbr.dll (Crawler.com)
    O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
    O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
    O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
    O4 - HKCU..\Run: [SpywareTerminatorUpdate] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
    O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.203.110
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
    O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files (x86)\Crawler\Toolbar\ctbr.dll (Crawler.com)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/07/30 09:30:42 | 000,000,154 | R--- | M] () - E:\autorun.cfg -- [ UDF ]
    O32 - AutoRun File - [2008/11/27 13:02:24 | 000,214,280 | R--- | M] (Sports Interactive) - E:\autorun.exe -- [ UDF ]
    O32 - AutoRun File - [2006/09/11 14:26:42 | 000,000,027 | R--- | M] () - E:\autorun.inf -- [ UDF ]
    O33 - MountPoints2\{99b5adbb-ba2e-11de-9da7-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{99b5adbb-ba2e-11de-9da7-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2008/11/27 13:02:24 | 000,214,280 | R--- | M] (Sports Interactive)
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)

    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/10/21 15:16:58 | 000,000,000 | ---D | C] -- C:\Users\owner\DoctorWeb
    [2010/10/19 20:06:09 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\SUPERAntiSpyware.com
    [2010/10/19 20:06:05 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
    [2010/10/19 20:06:03 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2010/10/18 17:22:11 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Malwarebytes
    [2010/10/18 17:22:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2010/10/18 17:22:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/10/18 17:22:00 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2010/10/18 17:22:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2010/10/18 15:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
    [2010/10/18 15:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
    [2010/10/18 15:58:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
    [2010/10/18 15:39:22 | 000,286,768 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\SynTP.sys
    [2010/10/18 15:39:22 | 000,107,816 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynTPCOM.dll
    [2010/10/18 15:39:21 | 000,261,928 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCtrl.dll
    [2010/10/18 15:39:21 | 000,206,120 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCtrl.dll
    [2010/10/18 15:39:21 | 000,169,256 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCOM.dll
    [2010/10/17 22:14:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Crawler
    [2010/10/17 22:14:24 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Spyware Terminator
    [2010/10/17 22:14:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
    [2010/10/17 22:14:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator
    [2010/10/17 21:38:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
    [2010/10/17 20:57:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2010/10/17 20:57:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
    [2010/10/13 20:12:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2010/10/13 18:18:10 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Registry Mechanic
    [2010/10/10 21:12:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xvid

    ========== Files - Modified Within 30 Days ==========

    [2010/10/23 17:02:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2010/10/23 16:40:55 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/10/23 16:40:55 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/10/23 16:33:26 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2010/10/23 16:33:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/10/23 16:33:12 | 2211,598,336 | -HS- | M] () -- C:\hiberfil.sys
    [2010/10/19 20:06:05 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2010/10/18 17:22:04 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/10/18 16:10:21 | 000,001,866 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    [2010/10/18 16:10:21 | 000,001,864 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    [2010/10/18 15:40:22 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
    [2010/10/18 15:39:17 | 000,286,768 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\SynTP.sys
    [2010/10/18 15:39:17 | 000,261,928 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCtrl.dll
    [2010/10/18 15:39:17 | 000,206,120 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCtrl.dll
    [2010/10/18 15:39:17 | 000,169,256 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCOM.dll
    [2010/10/18 15:39:17 | 000,107,816 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynTPCOM.dll
    [2010/10/17 22:42:01 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator.lnk
    [2010/10/17 21:38:58 | 000,002,975 | ---- | M] () -- C:\Users\owner\Desktop\HiJackThis.lnk
    [2010/10/17 20:57:08 | 000,001,258 | ---- | M] () -- C:\Users\owner\Desktop\Spybot - Search & Destroy.lnk
    [2010/10/13 20:04:31 | 000,355,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2010/10/13 19:04:12 | 002,768,896 | ---- | M] () -- C:\Users\owner\s-1-5-21-417765125-1604902435-2956440555-1000.rrr
    [2010/10/11 13:38:27 | 000,001,848 | ---- | M] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
    [2010/10/11 13:38:26 | 000,001,848 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk

    ========== Files Created - No Company Name ==========

    [2010/10/19 20:06:05 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2010/10/18 17:22:04 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/10/18 15:58:09 | 000,001,866 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    [2010/10/18 15:58:09 | 000,001,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    [2010/10/18 15:40:22 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
    [2010/10/17 22:42:01 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator.lnk
    [2010/10/17 21:38:58 | 000,002,975 | ---- | C] () -- C:\Users\owner\Desktop\HiJackThis.lnk
    [2010/10/17 20:57:08 | 000,001,258 | ---- | C] () -- C:\Users\owner\Desktop\Spybot - Search & Destroy.lnk
    [2010/10/13 19:04:12 | 002,768,896 | ---- | C] () -- C:\Users\owner\s-1-5-21-417765125-1604902435-2956440555-1000.rrr
    [2010/10/10 21:12:56 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2010/10/10 21:12:56 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2010/10/10 21:12:56 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
    [2010/01/02 01:32:59 | 000,000,000 | ---- | C] () -- C:\Windows\pcfriend.INI
    [2009/12/22 17:21:17 | 000,000,178 | ---- | C] () -- C:\ProgramData\HPWALog.txt
    [2009/12/22 17:21:16 | 000,000,000 | ---- | C] () -- C:\Users\owner\AppData\Local\QSwitch.txt
    [2009/12/22 17:21:16 | 000,000,000 | ---- | C] () -- C:\Users\owner\AppData\Local\DSwitch.txt
    [2009/12/22 17:21:16 | 000,000,000 | ---- | C] () -- C:\Users\owner\AppData\Local\AtStart.txt
    [2009/10/25 23:27:20 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
    [2009/10/16 09:50:52 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
    [2009/10/16 09:50:43 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
    [2009/10/16 09:50:27 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
    [2009/10/16 09:49:57 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
    [2009/10/16 09:49:15 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
    [2009/08/15 08:53:41 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
    [2009/08/15 08:50:03 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
    [2009/08/15 08:48:33 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    [2009/08/15 08:47:51 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [1998/10/11 01:07:38 | 000,088,576 | ---- | C] () -- C:\Windows\SysWow64\Iticheck.dll

    ========== LOP Check ==========

    [2010/10/11 20:12:35 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Azureus
    [2010/07/07 11:21:35 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\GrabPro
    [2010/07/07 11:35:47 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Orbit
    [2010/10/13 18:20:08 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Registry Mechanic
    [2009/12/27 22:17:18 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Sports Interactive
    [2010/10/20 21:44:50 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Spotify
    [2010/10/18 11:15:36 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Spyware Terminator
    [2010/02/09 14:43:00 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Trusteer
    [2010/02/06 21:56:44 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\WildTangent
    [2009/12/27 14:53:28 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\_MDLogs
    [2010/08/20 11:25:08 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/07/14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
    [2010/10/23 16:33:12 | 2211,598,336 | -HS- | M] () -- C:\hiberfil.sys
    [2010/05/30 15:34:57 | 000,000,186 | ---- | M] () -- C:\hpqlb.log
    [2010/10/23 16:33:15 | 2948,800,512 | -HS- | M] () -- C:\pagefile.sys
    [2010/06/15 10:25:31 | 000,000,184 | ---- | M] () -- C:\setup.log
    [2010/10/18 15:40:26 | 000,000,084 | ---- | M] () -- C:\SYNTPAD.LOG

    < %systemroot%\Fonts\*.com >
    [2009/07/14 06:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 06:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 06:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 06:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 21:49:50 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/12/22 17:26:11 | 000,000,221 | -HS- | M] () -- C:\Users\owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2010/07/07 11:39:28 | 008,288,706 | ---- | M] () -- C:\Users\owner\Desktop\ipdl.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 22:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/08/03 21:50:15 | 000,000,402 | -HS- | M] () -- C:\Users\owner\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >
  23. BobDylan

    BobDylan TechSpot Enthusiast Topic Starter Posts: 114

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/10/23 16:34:40 | 000,000,178 | ---- | M] () -- C:\ProgramData\HPWALog.txt
    [2009/10/16 09:50:43 | 000,000,032 | ---- | M] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
    [2009/08/15 08:53:57 | 000,000,109 | ---- | M] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
    [2009/10/16 09:49:57 | 000,000,032 | ---- | M] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
    [2009/08/15 08:49:52 | 000,000,105 | ---- | M] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    [2009/10/16 09:49:15 | 000,000,032 | ---- | M] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
    [2009/10/16 09:50:27 | 000,000,032 | ---- | M] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
    [2009/08/15 08:48:23 | 000,000,107 | ---- | M] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    [2009/08/15 08:53:31 | 000,000,110 | ---- | M] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
    [2009/10/16 09:50:53 | 000,000,105 | ---- | M] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1

    < End of report >
  24. BobDylan

    BobDylan TechSpot Enthusiast Topic Starter Posts: 114

    OTL Extras logfile created on: 10/23/2010 5:02:43 PM - Run 1
    OTL by OldTimer - Version 3.2.17.0 Folder = C:\Users\owner\Downloads
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
    5.00 Gb Paging File | 4.00 Gb Available in Paging File | 69.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 219.23 Gb Total Space | 128.68 Gb Free Space | 58.70% Space Free | Partition Type: NTFS
    Drive D: | 13.36 Gb Total Space | 2.22 Gb Free Space | 16.65% Space Free | Partition Type: NTFS
    Drive E: | 2.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
    "{4CE36E6A-300B-427C-BEC7-B261CC13814E}" = iTunes
    "{6C47240C-016E-03B5-D13E-AECAED09F2E3}" = ATI Catalyst Install Manager
    "{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}" = HP 3D DriveGuard
    "{877924AA-E044-4266-B37D-E974CD799934}" = Bonjour
    "{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{ADEB3402-CFBD-00E2-0EE6-F6A3F1AFACF0}" = ccc-utility64
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{CA4AF936-3312-4AF4-A191-527531490DCD}" = Apple Mobile Device Support
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "FFE7D41DF3C645075BB149E21988B63996C34187" = ENE CIR Receiver Driver
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{09CC0D0E-061D-3C7B-3881-D2EB53A8AAFC}" = CCC Help Polish
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{26606D8F-3133-DBE2-8AF5-AB28F300860A}" = CCC Help Chinese Standard
    "{266D0EEA-E5A6-4A08-A0EE-5391D4EA44A7}" = Catalyst Control Center - Branding
    "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 21
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
    "{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
    "{33C17B75-EA9C-0687-9CED-03D92637B042}" = CCC Help Hungarian
    "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
    "{3FBDB7B8-7472-E895-2E5D-99D190B2D1B6}" = Catalyst Control Center InstallProxy
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4E432692-A736-4F77-AF77-F9078CF88D31}" = HP Wireless Assistant
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{5271C0D4-24E4-4C3D-A782-C012033FD3CF}" = AMD USB Filter Driver
    "{546937C5-0529-333E-0D5E-FE3C53108806}" = CCC Help Japanese
    "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
    "{55C70B62-5EF1-D527-7CAB-E50D8B3B4990}" = Catalyst Control Center Graphics Full New
    "{577ED77E-25D9-1A76-4EF0-773B9C173758}" = CCC Help Portuguese
    "{5DB4EA68-A509-D408-585C-C9D045FADF72}" = Catalyst Control Center Graphics Previews Vista
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6D335F78-1F4F-7826-56DD-4F350EA6EADD}" = CCC Help Greek
    "{6EF04EAE-0354-9919-E757-F1203E6F422B}" = CCC Help Italian
    "{7028B245-30A2-BD8C-31B9-6008216FBDC2}" = CCC Help French
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{779D3256-84D0-936F-18F9-A154DC85B4B4}" = Catalyst Control Center Localization All
    "{7EACD74C-147F-478C-9389-F9F52EE3C88A}" = LightScribe System Software
    "{7F4DA5B8-6884-47F2-AEBA-D9111E420C63}" = CCC Help Danish
    "{7F9A8D27-A1B9-164F-FCB1-0B64C88629CF}" = CCC Help Norwegian
    "{803263F7-8CAC-DC6D-3288-8128865A7472}" = CCC Help German
    "{82A213BD-B6AA-4281-A2D3-59D51893CC56}" = HP MediaSmart Software Notebook Demo
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8CC47AA0-5774-61FC-6A59-7E1C936DB753}" = ccc-core-static
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A28867B-109A-5BBF-85C0-FC1BAA98CA1C}" = CCC Help Russian
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A8BCC9E4-9036-3029-F2BC-AA73A62DA73D}" = CCC Help Turkish
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3.4 MUI
    "{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B51605BF-6326-4553-AE96-6D7F1813D5F5}" = HP User Guides 0154
    "{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
    "{B5C746E6-D961-445C-3768-5B6FAF6A1A31}" = CCC Help Spanish
    "{C0769946-2CF1-9E8D-009B-5C413B3F01D1}" = CCC Help Czech
    "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
    "{C4F7EEE5-3D99-8552-7483-B2F412838B2A}" = Catalyst Control Center Graphics Previews Common
    "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Activate Norton Online Backup
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
    "{D4C41D27-A2D5-94C6-1D08-3D470A12EAF0}" = CCC Help Swedish
    "{D9D6A848-1BFD-592B-5F9D-0BA8692FDF0B}" = CCC Help Finnish
    "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "{DCD91C2F-3A86-B328-59A0-5EED6190D983}" = Catalyst Control Center Graphics Full Existing
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
    "{E5F5CAA5-84ED-DE41-40D0-8926FE7E5F4D}" = Catalyst Control Center Graphics Light
    "{E6CE345D-BF83-1242-9E4D-3D60A5036D87}" = CCC Help English
    "{EC155897-712F-5637-A5DA-6C7CE7CB5521}" = CCC Help Korean
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{F0580F64-44A1-C607-9364-887912B74F4D}" = CCC Help Thai
    "{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
    "{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
    "{F3F9A4E5-CD9F-4657-CF99-5CE3F7729909}" = Catalyst Control Center Core Implementation
    "{F5B1D41A-05B9-98E2-C350-E69D4A444CB4}" = CCC Help Chinese Traditional
    "{FC17E0A7-EAA9-4902-92F8-C83B9FD02246}" = HP Support Assistant
    "{FCF0F615-6E70-B949-028F-88D32C55C2BC}" = CCC Help Dutch
    "8461-7759-5462-8226" = Vuze
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "CToolbar_UNINSTALL" = Crawler Toolbar with Web Security Guard
    "EasyBits Magic Desktop" = Magic Desktop
    "Efficient WMA MP3 Converter_is1" = Efficient WMA MP3 Converter v0.99.7
    "Football Manager 2010" = Football Manager 2010
    "Google Chrome" = Google Chrome
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
    "InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "McAfee Security Scan" = McAfee Security Scan Plus
    "Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
    "N360" = Norton 360
    "PCFriendly" = PCFriendly
    "Rapport_msi" = Rapport
    "Spotify" = Spotify
    "Spyware Terminator_is1" = Spyware Terminator
    "Vuze_Remote Toolbar" = Vuze_Remote Toolbar
    "WildTangent hp Master Uninstall" = HP Games
    "WinRAR archiver" = WinRAR archiver
    "Xvid_is1" = Xvid 1.2.1 final uninstall

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >
  25. BobDylan

    BobDylan TechSpot Enthusiast Topic Starter Posts: 114

    Really sorry, but 4 notepad files came up!

    I started a scan before I copy and pasted the stuff you told me to do. So maybe that's why?!

    Sorry, hope I've done it right!

    As for the computer, it seems to be working OK. I haven't really been on it that much because whenever it's been on I've been doing those really long scans! But not once have I noticed an IE ad pop up. So who knows, maybe it's fixed?!
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.