TechSpot

My hijackthis log - vista antivirus 2010

By antweezy
Mar 6, 2010
  1. Thanks for any and all help!


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:08:28 AM, on 3/6/2010
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18385)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
    C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    C:\Program Files (x86)\Internet Explorer\ieuser.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msntask.exe
    C:\Windows\SysWow64\Macromed\Flash\FlashUtil10e.exe
    C:\Users\MRROBO~1\AppData\Local\Temp\Low\av.exe
    C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O1 - Hosts: ::1 localhost
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
    O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    O4 - HKLM\..\Run: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
    O4 - HKLM\..\Run: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    O4 - HKLM\..\Run: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
    O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
    O4 - HKLM\..\Run: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
    O13 - Gopher Prefix:
    O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 9398 bytes
     
  2. Broni

    Broni Malware Annihilator Posts: 52,890   +344

  3. antweezy

    antweezy TS Rookie Topic Starter Posts: 48

    MalWare Bytes Log
    Malwarebytes' Anti-Malware 1.44
    Database version: 3828
    Windows 6.0.6001 Service Pack 1
    Internet Explorer 7.0.6001.18000

    3/6/2010 10:19:46 AM
    mbam-log-2010-03-06 (10-19-43).txt

    Scan type: Quick Scan
    Objects scanned: 97026
    Time elapsed: 2 minute(s), 4 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    SuperAntiSpyware Log
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 03/06/2010 at 11:00 AM

    Application Version : 4.34.1000

    Core Rules Database Version : 4596
    Trace Rules Database Version: 1978

    Scan type : Quick Scan
    Total Scan Time : 00:32:43

    Memory items scanned : 490
    Memory threats detected : 0
    Registry items scanned : 209
    Registry threats detected : 0
    File items scanned : 33503
    File threats detected : 0
     
  4. antweezy

    antweezy TS Rookie Topic Starter Posts: 48

    HiJackthis Log
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:08:28 AM, on 3/6/2010
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18385)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
    C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    C:\Program Files (x86)\Internet Explorer\ieuser.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msntask.exe
    C:\Windows\SysWow64\Macromed\Flash\FlashUtil10e.exe
    C:\Users\MRROBO~1\AppData\Local\Temp\Low\av.exe
    C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O1 - Hosts: ::1 localhost
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
    O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    O4 - HKLM\..\Run: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
    O4 - HKLM\..\Run: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    O4 - HKLM\..\Run: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
    O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
    O4 - HKLM\..\Run: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
    O13 - Gopher Prefix:
    O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 9398 bytes
     
  5. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    What are your actual issues?
     
  6. antweezy

    antweezy TS Rookie Topic Starter Posts: 48

    Caught Vista Antivirus 2010...can't seem to shake it...closed it off the task manager so it isn't currently running I dont think...and computer is running sluggish since it hit me.
     
  7. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Malwarebytes should have taken care of it, but let's check some more....

    Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log.
     
  8. antweezy

    antweezy TS Rookie Topic Starter Posts: 48

    it says that there aren't any system modifications...but ive heard that if i restart my comp vista antivirus 2010 comes back...is that true?
     
  9. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    No. Your computer should be pretty much clean.
    GMER result is good.

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:


    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    CREATERESTOREPOINT


    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  10. antweezy

    antweezy TS Rookie Topic Starter Posts: 48

    OTL logfile created on: 3/6/2010 5:01:39 PM - Run 1
    OTL by OldTimer - Version 3.1.34.0 Folder = C:\Users\Mr Roboto\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6001.18000)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    6.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 37.00% Memory free
    12.00 Gb Paging File | 8.00 Gb Available in Paging File | 68.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 582.97 Gb Total Space | 517.22 Gb Free Space | 88.72% Space Free | Partition Type: NTFS
    Drive D: | 13.20 Gb Total Space | 1.80 Gb Free Space | 13.64% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: MRROBOTO
    Current User Name: Mr Roboto
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Include 64bit Scans
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 14 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/03/06 17:00:55 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Users\Mr Roboto\Desktop\OTL.exe
    PRC - [2010/02/18 16:40:26 | 002,012,912 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
    PRC - [2010/01/26 16:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10e.exe
    PRC - [2010/01/20 13:03:39 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
    PRC - [2009/11/10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
    PRC - [2009/09/10 07:21:05 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    PRC - [2008/10/17 16:57:18 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    PRC - [2008/10/17 16:56:54 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
    PRC - [2008/09/26 02:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    PRC - [2008/09/08 15:12:40 | 000,430,080 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    PRC - [2008/08/28 20:09:08 | 000,133,648 | ---- | M] (Microsoft Corp.) -- c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msntask.exe
    PRC - [2008/08/25 03:57:21 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
    PRC - [2008/01/20 18:50:38 | 000,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieuser.exe
    PRC - [2007/04/18 07:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/03/06 17:00:55 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Users\Mr Roboto\Desktop\OTL.exe
    MOD - [2008/01/20 18:50:03 | 000,450,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
    MOD - [2008/01/20 18:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2009/12/09 20:30:34 | 000,017,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2008/01/20 18:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2010/01/20 13:03:39 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe -- (Norton Internet Security)
    SRV - [2010/01/18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
    SRV - [2009/12/09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
    SRV - [2009/11/10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
    SRV - [2008/07/27 10:01:49 | 000,093,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
    SRV - [2006/11/02 05:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
    SRV - [2006/11/01 22:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
    SRV - [2006/11/01 22:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/03/03 22:43:53 | 000,000,000 | ---D | M]
     
  11. antweezy

    antweezy TS Rookie Topic Starter Posts: 48

    O1 HOSTS File: ([2006/09/18 13:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
    O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL ()
    O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL ()
    O4:64bit: - HKLM..\Run: [NVRaidService] C:\Windows\SysNative\nvraidservice.exe ()
    O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
    O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
    O4 - HKLM..\Run: [DVDAgent] c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [TSMAgent] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
    O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\clouds.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\clouds.jpg
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    64bit: O35 - comfile [open] -- "%1" %* File not found
    64bit: O35 - exefile [open] -- "%1" %* File not found
    O35 - comfile [open] -- "%1" %*
    O35 - exefile [open] -- "%1" %*

    NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2008/01/20 19:06:38 | 000,000,000 | ---D | M]
    NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll ()
    NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll ()
    NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008/01/20 19:08:35 | 000,000,000 | ---D | M]
    NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)
    OTL cannot create restorepoints on Vista OSs!
     
  12. antweezy

    antweezy TS Rookie Topic Starter Posts: 48

    [2010/02/25 22:14:04 | 000,000,000 | -HSD | C] -- C:\Users\Mr Roboto\Templates
    [2010/02/25 22:14:04 | 000,000,000 | -HSD | C] -- C:\Users\Mr Roboto\Start Menu
    [2010/02/25 22:14:04 | 000,000,000 | -HSD | C] -- C:\Users\Mr Roboto\SendTo
    [2010/02/25 22:14:04 | 000,000,000 | -HSD | C] -- C:\Users\Mr Roboto\Recent
    [2010/02/25 22:14:04 | 000,000,000 | -HSD | C] -- C:\Users\Mr Roboto\PrintHood
    [2010/02/25 22:14:04 | 000,000,000 | -HSD | C] -- C:\Users\Mr Roboto\NetHood
    [2010/02/25 22:14:04 | 000,000,000 | -HSD | C] -- C:\Users\Mr Roboto\Documents\My Videos
    [2010/02/25 22:14:04 | 000,000,000 | -HSD | C] -- C:\Users\Mr Roboto\Documents\My Pictures
    [2010/02/25 22:14:04 | 000,000,000 | -HSD | C] -- C:\Users\Mr Roboto\Documents\My Music
    [2010/02/25 22:14:04 | 000,000,000 | -HSD | C] -- C:\Users\Mr Roboto\My Documents
    [2010/02/25 22:14:04 | 000,000,000 | -HSD | C] -- C:\Users\Mr Roboto\Local Settings
    [2010/02/25 22:14:04 | 000,000,000 | -HSD | C] -- C:\Users\Mr Roboto\AppData\Local\History
    [2010/02/25 22:14:04 | 000,000,000 | -HSD | C] -- C:\Users\Mr Roboto\Cookies
    [2010/02/25 22:14:04 | 000,000,000 | -HSD | C] -- C:\Users\Mr Roboto\Application Data
    [2010/02/25 22:14:04 | 000,000,000 | -HSD | C] -- C:\Users\Mr Roboto\AppData\Local\Application Data
    [2010/02/25 22:14:04 | 000,000,000 | -H-D | C] -- C:\Users\Mr Roboto\AppData
    [2010/02/25 22:14:04 | 000,000,000 | ---D | C] -- C:\Users\Mr Roboto\AppData\Local\Temp
    [2010/02/25 22:14:04 | 000,000,000 | ---D | C] -- C:\Users\Mr Roboto\AppData\Local\Microsoft
    [2010/02/25 22:14:04 | 000,000,000 | ---D | C] -- C:\Users\Mr Roboto\AppData\Roaming\Media Center Programs
    [2010/02/25 22:11:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Templates
    [2010/02/25 22:11:01 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Videos
    [2010/02/25 22:11:01 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Pictures
    [2010/02/25 22:11:01 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Music
    [2010/02/25 22:11:00 | 000,000,000 | -HSD | C] -- C:\ProgramData\Start Menu
    [2010/02/25 22:11:00 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favorites
    [2010/02/25 22:11:00 | 000,000,000 | -HSD | C] -- C:\Documents and Settings
    [2010/02/25 22:11:00 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documents
    [2010/02/25 22:11:00 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
    [2010/02/25 22:11:00 | 000,000,000 | -HSD | C] -- C:\ProgramData\Application Data
    [2010/02/25 22:10:43 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
    [2010/02/25 22:01:58 | 000,000,000 | -HSD | C] -- C:\System Volume Information

    ========== Files - Modified Within 14 Days ==========

    [2010/03/06 17:03:45 | 001,048,576 | -HS- | M] () -- C:\Users\Mr Roboto\NTUSER.DAT
    [2010/03/06 17:00:55 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Users\Mr Roboto\Desktop\OTL.exe
    [2010/03/06 16:49:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/03/06 16:46:27 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/03/06 16:46:27 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/03/06 10:08:44 | 000,000,946 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2010/03/06 10:08:38 | 002,202,366 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1008000.029\Cat.DB
    [2010/03/06 01:40:20 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
    [2010/03/06 00:54:40 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
    [2010/03/06 00:52:34 | 000,000,335 | ---- | M] () -- C:\Users\Mr Roboto\Desktop\FixExe.reg
    [2010/03/06 00:14:31 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/03/06 00:08:20 | 000,001,930 | ---- | M] () -- C:\Users\Mr Roboto\Desktop\HijackThis.lnk
    [2010/03/03 22:48:10 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2010/03/03 22:48:10 | 000,595,446 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2010/03/03 22:48:10 | 000,101,144 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2010/03/03 22:43:36 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2010/03/03 22:42:21 | 000,524,288 | -HS- | M] () -- C:\Users\Mr Roboto\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
    [2010/03/03 22:42:21 | 000,065,536 | -HS- | M] () -- C:\Users\Mr Roboto\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
    [2010/03/03 22:42:10 | 001,158,495 | -H-- | M] () -- C:\Users\Mr Roboto\AppData\Local\IconCache.db
    [2010/03/02 22:51:05 | 000,193,241 | ---- | M] () -- C:\Users\Mr Roboto\Desktop\Orlando_Bloom.jpg
    [2010/03/02 13:48:18 | 000,148,844 | ---- | M] () -- C:\Users\Mr Roboto\Desktop\IMG_0443.JPG
    [2010/03/02 13:47:56 | 000,119,411 | ---- | M] () -- C:\Users\Mr Roboto\Desktop\IMG_0442.JPG
    [2010/03/02 13:43:01 | 000,101,176 | ---- | M] () -- C:\Users\Mr Roboto\AppData\Local\GDIPFONTCACHEV1.DAT
    [2010/03/02 13:42:30 | 000,364,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2010/02/27 08:56:57 | 000,000,680 | ---- | M] () -- C:\Users\Mr Roboto\AppData\Local\d3d9caps.dat
    [2010/02/27 00:48:42 | 000,002,281 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
    [2010/02/26 16:01:17 | 000,172,592 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
    [2010/02/26 16:01:17 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
    [2010/02/26 16:01:17 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
    [2010/02/26 16:00:57 | 000,583,296 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1008000.029\cchpx64.sys
    [2010/02/26 16:00:57 | 000,334,384 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1008000.029\BHDrvx64.sys
    [2010/02/26 16:00:55 | 000,009,412 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1008000.029\symnetv.cat
    [2010/02/26 16:00:55 | 000,007,362 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1008000.029\BHDrvx64.CAT
    [2010/02/26 16:00:55 | 000,001,481 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1008000.029\SymNetV.inf
    [2010/02/26 16:00:55 | 000,000,640 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1008000.029\BHDrvx64.inf
    [2010/02/26 16:00:55 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1008000.029\isolate.ini
    [2010/02/26 07:48:31 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010/02/26 07:46:48 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2010/02/26 07:40:37 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
    [2010/02/26 01:23:30 | 000,524,288 | -HS- | M] () -- C:\Users\Mr Roboto\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000002.regtrans-ms
    [2010/02/26 01:18:48 | 000,001,726 | ---- | M] () -- C:\Users\Mr Roboto\Desktop\CCleaner.lnk
    [2010/02/25 22:15:06 | 000,001,834 | RHS- | M] () -- C:\Windows\SysWow64\drivers\103C_HP_CPC_NP200AA-ABA a6720y_YC_0Pavi_QMXU913_E91NAv6PrA1_49_IVIOLET_SPEGATRON CORPORATION_V3.02_B5.09_T090304_WUH1_L409_M5887_J640_7AMD_8Phenom 9550 Quad-Core_92.2_#090414_N10DE0760_Z_G10DE0847.MRK
    [2010/02/25 22:15:06 | 000,001,834 | RHS- | M] () -- C:\Windows\SysNative\drivers\103C_HP_CPC_NP200AA-ABA a6720y_YC_0Pavi_QMXU913_E91NAv6PrA1_49_IVIOLET_SPEGATRON CORPORATION_V3.02_B5.09_T090304_WUH1_L409_M5887_J640_7AMD_8Phenom 9550 Quad-Core_92.2_#090414_N10DE0760_Z_G10DE0847.MRK
    [2010/02/25 22:14:51 | 000,001,368 | ---- | M] () -- C:\Users\Public\Desktop\Snapfish Photos - FREE - 1st 25 Prints.lnk
    [2010/02/25 22:14:04 | 000,000,020 | -HS- | M] () -- C:\Users\Mr Roboto\ntuser.ini
    [2010/02/25 22:09:43 | 000,047,092 | ---- | M] () -- C:\Windows\SysNative\license.rtf

    ========== Files Created - No Company Name ==========
     
  13. antweezy

    antweezy TS Rookie Topic Starter Posts: 48

    ========== Files/Folders - Created Within 14 Days ==========

    [2010/03/06 17:00:45 | 000,553,984 | ---- | C] (OldTimer Tools) -- C:\Users\Mr Roboto\Desktop\OTL.exe
    [2010/03/06 10:09:02 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2010/03/06 10:08:40 | 000,000,000 | ---D | C] -- C:\Users\Mr Roboto\AppData\Roaming\SUPERAntiSpyware.com
    [2010/03/06 10:08:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
    [2010/03/06 10:08:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    [2010/03/06 03:02:32 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2010/03/06 01:40:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
    [2010/03/06 01:40:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
    [2010/03/06 01:03:02 | 000,000,000 | ---D | C] -- C:\Users\Mr Roboto\AppData\Local\Threat Expert
    [2010/03/06 00:56:25 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
    [2010/03/06 00:56:24 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
    [2010/03/06 00:56:24 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
    [2010/03/06 00:54:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Doctor
    [2010/03/06 00:54:24 | 000,000,000 | ---D | C] -- C:\Users\Mr Roboto\AppData\Roaming\PC Tools
    [2010/03/06 00:54:24 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
    [2010/03/06 00:54:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
    [2010/03/06 00:14:32 | 000,000,000 | ---D | C] -- C:\Users\Mr Roboto\AppData\Roaming\Malwarebytes
    [2010/03/06 00:14:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2010/03/06 00:14:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/03/06 00:14:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2010/03/06 00:08:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
    [2010/03/02 13:38:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Picture It! 9
    [2010/02/27 09:36:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
    [2010/02/27 09:18:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
    [2010/02/26 15:19:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
    [2010/02/26 07:48:34 | 000,000,000 | ---D | C] -- C:\Users\Mr Roboto\AppData\Roaming\Apple Computer
    [2010/02/26 07:48:34 | 000,000,000 | ---D | C] -- C:\Users\Mr Roboto\AppData\Local\Apple Computer
    [2010/02/26 07:48:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
    [2010/02/26 07:48:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/02/26 07:47:58 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2010/02/26 07:47:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
    [2010/02/26 07:47:58 | 000,000,000 | ---D | C] -- C:\ProgramData\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3}
    [2010/02/26 07:46:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2010/02/26 07:46:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
    [2010/02/26 07:46:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
    [2010/02/26 07:46:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
    [2010/02/26 07:46:28 | 000,000,000 | ---D | C] -- C:\Users\Mr Roboto\AppData\Local\Apple
    [2010/02/26 07:46:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
    [2010/02/26 07:44:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
    [2010/02/26 07:43:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
    [2010/02/26 07:43:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
    [2010/02/26 01:18:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
    [2010/02/25 22:40:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
    [2010/02/25 22:40:22 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
    [2010/02/25 22:39:45 | 000,000,000 | ---D | C] -- C:\Users\Mr Roboto\AppData\Roaming\Macromedia
    [2010/02/25 22:39:43 | 000,000,000 | ---D | C] -- C:\Users\Mr Roboto\AppData\Roaming\Adobe
    [2010/02/25 22:39:02 | 000,000,000 | ---D | C] -- C:\Users\Mr Roboto\AppData\Roaming\Hewlett-Packard
    [2010/02/25 22:38:49 | 000,000,000 | ---D | C] -- C:\Users\Mr Roboto\AppData\Roaming\PictureMover
    [2010/02/25 22:38:42 | 000,000,000 | ---D | C] -- C:\Users\Mr Roboto\AppData\Local\Hewlett-Packard
    [2010/02/25 22:38:33 | 000,000,000 | R--D | C] -- C:\Users\Mr Roboto\Searches
    [2010/02/25 22:38:26 | 000,000,000 | ---D | C] -- C:\Users\Mr Roboto\AppData\Roaming\Identities
    [2010/02/25 22:38:23 | 000,000,000 | R--D | C] -- C:\Users\Mr Roboto\Contacts
    [2010/02/25 22:16:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
    [2010/02/25 22:16:23 | 000,000,000 | ---D | C] -- C:\Users\Mr Roboto\AppData\Roaming\HP TCS
    [2010/02/25 22:16:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
    [2010/02/25 22:14:07 | 000,000,000 | ---D | C] -- C:\Users\Mr Roboto\AppData\Local\VirtualStore
    [2010/02/25 22:14:04 | 000,000,000 | --SD | C] -- C:\Users\Mr Roboto\AppData\Roaming\Microsoft
    [2010/02/25 22:14:04 | 000,000,000 | R--D | C] -- C:\Users\Mr Roboto\Videos
    [2010/02/25 22:14:04 | 000,000,000 | R--D | C] -- C:\Users\Mr Roboto\Saved Games
    [2010/02/25 22:14:04 | 000,000,000 | R--D | C] -- C:\Users\Mr Roboto\Pictures
    [2010/02/25 22:14:04 | 000,000,000 | R--D | C] -- C:\Users\Mr Roboto\Music
    [2010/02/25 22:14:04 | 000,000,000 | R--D | C] -- C:\Users\Mr Roboto\Links
    [2010/02/25 22:14:04 | 000,000,000 | R--D | C] -- C:\Users\Mr Roboto\Favorites
    [2010/02/25 22:14:04 | 000,000,000 | R--D | C] -- C:\Users\Mr Roboto\Downloads
    [2010/02/25 22:14:04 | 000,000,000 | R--D | C] -- C:\Users\Mr Roboto\Documents
    [2010/02/25 22:14:04 | 000,000,000 | R--D | C] -- C:\Users\Mr Roboto\Desktop
    [2010/02/25 22:14:04 | 000,000,000 | -HSD | C] -- C:\Users\Mr Roboto\AppData\Local\Temporary Internet Files

    [2010/03/06 10:08:44 | 000,000,946 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2010/03/06 01:43:29 | 000,212,864 | ---- | C] () -- C:\Windows\SysNative\MpSigStub.exe
    [2010/03/06 01:40:20 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
    [2010/03/06 00:56:25 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
    [2010/03/06 00:56:25 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
    [2010/03/06 00:56:25 | 000,000,880 | ---- | C] () -- C:\Windows\RegISSImport.xml
    [2010/03/06 00:56:25 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
    [2010/03/06 00:56:24 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
    [2010/03/06 00:54:47 | 000,306,648 | ---- | C] () -- C:\Windows\SysNative\drivers\pctgntdi64.sys
    [2010/03/06 00:54:47 | 000,133,072 | ---- | C] () -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
    [2010/03/06 00:54:47 | 000,007,357 | ---- | C] () -- C:\Windows\SysNative\drivers\pctgntdi64.cat
    [2010/03/06 00:54:42 | 000,218,056 | ---- | C] () -- C:\Windows\SysNative\drivers\PCTCore64.sys
    [2010/03/06 00:54:42 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctcore64.cat
    [2010/03/06 00:54:40 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
    [2010/03/06 00:54:36 | 000,092,896 | ---- | C] () -- C:\Windows\SysNative\drivers\pctplsg64.sys
    [2010/03/06 00:54:36 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctplsg64.cat
    [2010/03/06 00:54:26 | 000,418,048 | ---- | C] () -- C:\Users\Mr Roboto\AppData\Local\dd_vcredistMSI34A4.txt
    [2010/03/06 00:54:26 | 000,014,762 | ---- | C] () -- C:\Users\Mr Roboto\AppData\Local\dd_vcredistUI34A7.txt
    [2010/03/06 00:54:25 | 000,015,542 | ---- | C] () -- C:\Users\Mr Roboto\AppData\Local\dd_vcredistUI34A4.txt
    [2010/03/06 00:52:34 | 000,000,335 | ---- | C] () -- C:\Users\Mr Roboto\Desktop\FixExe.reg
    [2010/03/06 00:14:31 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/03/06 00:14:22 | 000,022,104 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
    [2010/03/06 00:08:20 | 000,001,930 | ---- | C] () -- C:\Users\Mr Roboto\Desktop\HijackThis.lnk
    [2010/03/02 22:51:04 | 000,193,241 | ---- | C] () -- C:\Users\Mr Roboto\Desktop\Orlando_Bloom.jpg
    [2010/03/02 13:34:44 | 000,148,844 | ---- | C] () -- C:\Users\Mr Roboto\Desktop\IMG_0443.JPG
    [2010/03/02 13:34:42 | 000,119,411 | ---- | C] () -- C:\Users\Mr Roboto\Desktop\IMG_0442.JPG
    [2010/02/27 10:28:25 | 004,691,032 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
    [2010/02/27 09:24:57 | 000,049,160 | ---- | C] () -- C:\Windows\SysNative\infocardcpl.cpl
    [2010/02/27 09:24:52 | 000,052,760 | ---- | C] () -- C:\Windows\SysNative\PresentationHostProxy.dll
     
  14. antweezy

    antweezy TS Rookie Topic Starter Posts: 48

    [2010/02/27 09:24:52 | 000,011,264 | ---- | C] () -- C:\Windows\SysNative\icardres.dll
    [2010/02/27 09:24:51 | 001,168,928 | ---- | C] () -- C:\Windows\SysNative\PresentationNative_v0300.dll
    [2010/02/27 09:24:50 | 000,167,432 | ---- | C] () -- C:\Windows\SysNative\infocardapi.dll
    [2010/02/27 09:24:49 | 001,383,936 | ---- | C] () -- C:\Windows\SysNative\icardagt.exe
    [2010/02/27 09:24:42 | 000,126,520 | ---- | C] () -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
    [2010/02/27 09:24:39 | 000,357,904 | ---- | C] () -- C:\Windows\SysNative\PresentationHost.exe
    [2010/02/27 09:16:29 | 000,013,824 | ---- | C] () -- C:\Windows\SysNative\netfxperf.dll
    [2010/02/27 09:16:03 | 000,112,120 | ---- | C] () -- C:\Windows\SysNative\dfshim.dll
    [2010/02/27 09:15:51 | 000,406,528 | ---- | C] () -- C:\Windows\SysNative\mscoree.dll
    [2010/02/27 09:15:44 | 000,158,208 | ---- | C] () -- C:\Windows\SysNative\mscorier.dll
    [2010/02/27 09:15:39 | 000,076,288 | ---- | C] () -- C:\Windows\SysNative\mscories.dll
    [2010/02/27 09:02:09 | 000,032,768 | ---- | C] () -- C:\Windows\SysNative\nshhttp.dll
    [2010/02/27 09:01:49 | 000,610,304 | ---- | C] () -- C:\Windows\SysNative\drivers\http.sys
    [2010/02/27 09:01:48 | 000,033,792 | ---- | C] () -- C:\Windows\SysNative\httpapi.dll
    [2010/02/27 08:56:57 | 000,000,680 | ---- | C] () -- C:\Users\Mr Roboto\AppData\Local\d3d9caps.dat
    [2010/02/26 08:08:32 | 002,608,803 | ---- | C] () -- C:\Windows\SysNative\wlan.tmf
    [2010/02/26 08:08:32 | 000,376,832 | ---- | C] () -- C:\Windows\SysNative\wlansec.dll
    [2010/02/26 08:08:32 | 000,353,280 | ---- | C] () -- C:\Windows\SysNative\wlanmsm.dll
    [2010/02/26 08:08:32 | 000,157,184 | ---- | C] () -- C:\Windows\SysNative\L2SecHC.dll
    [2010/02/26 08:08:31 | 000,615,936 | ---- | C] () -- C:\Windows\SysNative\wlansvc.dll
    [2010/02/26 08:08:31 | 000,097,792 | ---- | C] () -- C:\Windows\SysNative\wlanhlp.dll
    [2010/02/26 08:08:31 | 000,086,528 | ---- | C] () -- C:\Windows\SysNative\wlanapi.dll
    [2010/02/26 08:08:30 | 000,648,704 | ---- | C] () -- C:\Windows\SysNative\netapi32.dll
    [2010/02/26 08:08:16 | 013,426,176 | ---- | C] () -- C:\Windows\SysNative\wmp.dll
    [2010/02/26 08:08:11 | 000,372,736 | ---- | C] () -- C:\Windows\SysNative\unregmp2.exe
    [2010/02/26 08:08:07 | 008,147,968 | ---- | C] () -- C:\Windows\SysNative\wmploc.DLL
    [2010/02/26 08:07:42 | 001,691,648 | ---- | C] () -- C:\Windows\SysNative\connect.dll
    [2010/02/26 08:07:41 | 001,570,816 | ---- | C] () -- C:\Windows\SysNative\quartz.dll
    [2010/02/26 08:07:40 | 000,093,184 | ---- | C] () -- C:\Windows\SysNative\mciavi32.dll
    [2010/02/26 08:07:40 | 000,054,272 | ---- | C] () -- C:\Windows\SysNative\iyuv_32.dll
    [2010/02/26 08:07:40 | 000,038,400 | ---- | C] () -- C:\Windows\SysNative\msvidc32.dll
    [2010/02/26 08:07:40 | 000,025,600 | ---- | C] () -- C:\Windows\SysNative\msyuv.dll
    [2010/02/26 08:07:40 | 000,013,824 | ---- | C] () -- C:\Windows\SysNative\tsbyuv.dll
    [2010/02/26 08:07:39 | 000,108,544 | ---- | C] () -- C:\Windows\SysNative\avifil32.dll
    [2010/02/26 08:07:39 | 000,076,800 | ---- | C] () -- C:\Windows\SysNative\avicap32.dll
    [2010/02/26 08:07:39 | 000,015,872 | ---- | C] () -- C:\Windows\SysNative\msrle32.dll
    [2010/02/26 08:07:38 | 000,143,360 | ---- | C] () -- C:\Windows\SysNative\msvfw32.dll
    [2010/02/26 08:07:33 | 000,558,592 | ---- | C] () -- C:\Windows\SysNative\EncDec.dll
    [2010/02/26 08:07:32 | 000,289,792 | ---- | C] () -- C:\Windows\SysNative\psisrndr.ax
    [2010/02/26 08:07:31 | 000,375,808 | ---- | C] () -- C:\Windows\SysNative\psisdecd.dll
    [2010/02/26 08:07:31 | 000,101,376 | ---- | C] () -- C:\Windows\SysNative\MSNP.ax
    [2010/02/26 08:07:31 | 000,073,216 | ---- | C] () -- C:\Windows\SysNative\MSDvbNP.ax
    [2010/02/26 08:07:29 | 000,227,328 | ---- | C] () -- C:\Windows\SysNative\mpg2splt.ax
    [2010/02/26 08:07:20 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll
    [2010/02/26 08:07:18 | 004,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
    [2010/02/26 08:07:15 | 000,366,080 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll
    [2010/02/26 08:07:15 | 000,189,440 | ---- | C] () -- C:\Windows\SysNative\t2embed.dll
    [2010/02/26 08:07:15 | 000,096,256 | ---- | C] () -- C:\Windows\SysNative\fontsub.dll
    [2010/02/26 08:07:15 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll
    [2010/02/26 08:07:13 | 000,791,552 | ---- | C] () -- C:\Windows\SysNative\localspl.dll
    [2010/02/26 08:07:11 | 001,280,512 | ---- | C] () -- C:\Windows\SysNative\rpcrt4.dll
    [2010/02/26 08:07:09 | 000,437,248 | ---- | C] () -- C:\Windows\SysNative\WSDApi.dll
    [2010/02/26 08:07:07 | 000,818,688 | ---- | C] () -- C:\Windows\SysNative\WMSPDMOD.DLL
    [2010/02/26 08:07:06 | 000,660,480 | ---- | C] () -- C:\Windows\SysNative\win32spl.dll
    [2010/02/26 08:07:05 | 000,439,808 | ---- | C] () -- C:\Windows\SysNative\winhttp.dll
    [2010/02/26 08:07:02 | 002,749,952 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
    [2010/02/26 08:07:00 | 000,334,336 | ---- | C] () -- C:\Windows\SysNative\schannel.dll
    [2010/02/26 08:06:58 | 000,295,936 | ---- | C] () -- C:\Windows\SysNative\raschap.dll
    [2010/02/26 08:06:58 | 000,280,576 | ---- | C] () -- C:\Windows\SysNative\rastls.dll
    [2010/02/26 08:06:56 | 001,208,832 | ---- | C] () -- C:\Windows\SysNative\kernel32.dll
    [2010/02/26 08:06:54 | 000,025,600 | ---- | C] () -- C:\Windows\SysNative\amxread.dll
    [2010/02/26 08:06:54 | 000,015,872 | ---- | C] () -- C:\Windows\SysNative\apilogen.dll
     
  15. antweezy

    antweezy TS Rookie Topic Starter Posts: 48

    [2010/02/26 08:06:53 | 000,388,608 | ---- | C] () -- C:\Windows\SysNative\gdi32.dll
    [2010/02/26 08:06:40 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
    [2010/02/26 08:05:58 | 000,464,384 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
    [2010/02/26 08:05:57 | 000,141,824 | ---- | C] () -- C:\Windows\SysNative\drivers\srvnet.sys
    [2010/02/26 08:05:51 | 000,324,608 | ---- | C] () -- C:\Windows\SysNative\PortableDeviceApi.dll
    [2010/02/26 08:05:43 | 001,875,456 | ---- | C] () -- C:\Windows\SysNative\msxml3.dll
    [2010/02/26 08:05:42 | 001,794,560 | ---- | C] () -- C:\Windows\SysNative\msxml6.dll
    [2010/02/26 08:05:35 | 002,423,296 | ---- | C] () -- C:\Windows\SysNative\mstscax.dll
    [2010/02/26 08:05:32 | 000,273,408 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys
    [2010/02/26 08:05:31 | 000,134,656 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys
    [2010/02/26 08:05:28 | 000,880,640 | ---- | C] () -- C:\Windows\SysNative\timedate.cpl
    [2010/02/26 08:05:20 | 001,030,656 | ---- | C] () -- C:\Windows\SysNative\printfilterpipelinesvc.exe
    [2010/02/26 08:05:18 | 000,718,336 | ---- | C] () -- C:\Windows\SysNative\rpcss.dll
    [2010/02/26 08:05:14 | 000,231,424 | ---- | C] () -- C:\Windows\SysNative\sdohlp.dll
    [2010/02/26 08:05:14 | 000,163,840 | ---- | C] () -- C:\Windows\SysNative\iasrecst.dll
    [2010/02/26 08:05:14 | 000,061,440 | ---- | C] () -- C:\Windows\SysNative\iasdatastore.dll
    [2010/02/26 08:05:14 | 000,036,352 | ---- | C] () -- C:\Windows\SysNative\printfilterpipelineprxy.dll
    [2010/02/26 08:05:13 | 000,075,776 | ---- | C] () -- C:\Windows\SysNative\iasads.dll
    [2010/02/26 08:05:13 | 000,024,576 | ---- | C] () -- C:\Windows\SysNative\iashost.exe
    [2010/02/26 08:05:03 | 000,594,944 | ---- | C] () -- C:\Windows\SysNative\RMActivate_isv.exe
    [2010/02/26 08:05:03 | 000,594,432 | ---- | C] () -- C:\Windows\SysNative\RMActivate.exe
    [2010/02/26 08:05:03 | 000,535,040 | ---- | C] () -- C:\Windows\SysNative\secproc.dll
    [2010/02/26 08:05:03 | 000,534,016 | ---- | C] () -- C:\Windows\SysNative\secproc_isv.dll
    [2010/02/26 08:05:03 | 000,413,696 | ---- | C] () -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
    [2010/02/26 08:05:03 | 000,409,600 | ---- | C] () -- C:\Windows\SysNative\RMActivate_ssp.exe
    [2010/02/26 08:05:02 | 000,159,232 | ---- | C] () -- C:\Windows\SysNative\secproc_ssp_isv.dll
    [2010/02/26 08:05:02 | 000,158,720 | ---- | C] () -- C:\Windows\SysNative\secproc_ssp.dll
    [2010/02/26 08:05:01 | 000,457,216 | ---- | C] () -- C:\Windows\SysNative\msdrm.dll
    [2010/02/26 08:04:48 | 002,452,872 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dat
    [2010/02/26 08:04:45 | 005,686,784 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
    [2010/02/26 08:04:42 | 007,005,696 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
    [2010/02/26 08:04:41 | 001,032,704 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
    [2010/02/26 08:04:39 | 001,426,432 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
    [2010/02/26 08:04:38 | 000,208,896 | ---- | C] () -- C:\Windows\SysNative\occache.dll
    [2010/02/26 08:04:33 | 000,422,400 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dll
    [2010/02/26 08:04:29 | 000,580,608 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
    [2010/02/26 08:04:29 | 000,480,256 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
    [2010/02/26 08:04:29 | 000,375,296 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
    [2010/02/26 08:04:28 | 000,249,856 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
    [2010/02/26 08:04:25 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll
    [2010/02/26 08:04:23 | 000,032,768 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
    [2010/02/26 08:04:22 | 000,485,376 | ---- | C] () -- C:\Windows\SysNative\html.iec
    [2010/02/26 08:04:20 | 000,086,528 | ---- | C] () -- C:\Windows\SysNative\ieencode.dll
    [2010/02/26 08:04:19 | 001,129,984 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
    [2010/02/26 08:04:17 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
    [2010/02/26 08:04:11 | 001,383,424 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
    [2010/02/26 08:03:52 | 000,753,152 | ---- | C] () -- C:\Windows\SysNative\jscript.dll
    [2010/02/26 08:03:44 | 001,418,840 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
    [2010/02/26 08:03:32 | 002,900,480 | ---- | C] () -- C:\Windows\SysNative\WMVCORE.DLL
    [2010/02/26 08:03:31 | 003,547,136 | ---- | C] () -- C:\Windows\SysNative\mf.dll
    [2010/02/26 08:03:14 | 001,692,160 | ---- | C] () -- C:\Windows\SysNative\lsasrv.dll
    [2010/02/26 08:03:14 | 000,268,800 | ---- | C] () -- C:\Windows\SysNative\msv1_0.dll
    [2010/02/26 08:03:13 | 000,205,312 | ---- | C] () -- C:\Windows\SysNative\wdigest.dll
    [2010/02/26 08:03:12 | 000,515,656 | ---- | C] () -- C:\Windows\SysNative\drivers\ksecdd.sys
    [2010/02/26 08:03:11 | 000,094,720 | ---- | C] () -- C:\Windows\SysNative\secur32.dll
    [2010/02/26 08:03:10 | 000,011,264 | ---- | C] () -- C:\Windows\SysNative\lsass.exe
    [2010/02/26 08:02:56 | 000,088,576 | ---- | C] () -- C:\Windows\SysNative\atl.dll
    [2010/02/26 08:01:43 | 000,141,312 | ---- | C] () -- C:\Windows\SysNative\netiohlp.dll
    [2010/02/26 08:01:41 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\NETSTAT.EXE
    [2010/02/26 08:01:39 | 000,023,040 | ---- | C] () -- C:\Windows\SysNative\ARP.EXE
    [2010/02/26 08:01:38 | 000,012,800 | ---- | C] () -- C:\Windows\SysNative\MRINFO.EXE
    [2010/02/26 08:01:36 | 000,011,264 | ---- | C] () -- C:\Windows\SysNative\finger.exe
    [2010/02/26 08:01:36 | 000,010,752 | ---- | C] () -- C:\Windows\SysNative\TCPSVCS.EXE
    [2010/02/26 08:01:36 | 000,010,240 | ---- | C] () -- C:\Windows\SysNative\HOSTNAME.EXE
    [2010/02/26 08:01:35 | 000,021,504 | ---- | C] () -- C:\Windows\SysNative\ROUTE.EXE
    [2010/02/26 08:01:30 | 000,017,920 | ---- | C] () -- C:\Windows\SysNative\netevent.dll
    [2010/02/26 08:00:39 | 000,174,592 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
     
  16. antweezy

    antweezy TS Rookie Topic Starter Posts: 48

    [2010/02/26 08:00:35 | 001,245,184 | ---- | C] () -- C:\Windows\SysNative\WMNetMgr.dll
    [2010/02/26 08:00:34 | 000,112,640 | ---- | C] () -- C:\Windows\SysNative\logagent.exe
    [2010/02/26 08:00:30 | 000,082,944 | ---- | C] () -- C:\Windows\SysNative\msasn1.dll
    [2010/02/26 08:00:28 | 000,202,752 | ---- | C] () -- C:\Windows\SysNative\wkssvc.dll
    [2010/02/26 08:00:27 | 000,730,112 | ---- | C] () -- C:\Windows\SysNative\msdtcprx.dll
    [2010/02/26 08:00:26 | 000,048,640 | ---- | C] () -- C:\Windows\SysNative\xolehlp.dll
    [2010/02/26 08:00:15 | 000,368,128 | ---- | C] () -- C:\Windows\SysNative\wmpdxm.dll
    [2010/02/26 08:00:13 | 000,009,216 | ---- | C] () -- C:\Windows\SysNative\spwmp.dll
    [2010/02/26 08:00:13 | 000,005,120 | ---- | C] () -- C:\Windows\SysNative\msdxm.ocx
    [2010/02/26 08:00:13 | 000,005,120 | ---- | C] () -- C:\Windows\SysNative\dxmasf.dll
    [2010/02/26 08:00:11 | 000,043,520 | ---- | C] () -- C:\Windows\SysNative\msdxm.tlb
    [2010/02/26 08:00:11 | 000,018,432 | ---- | C] () -- C:\Windows\SysNative\amcompat.tlb
    [2010/02/26 08:00:04 | 012,897,792 | ---- | C] () -- C:\Windows\SysNative\shell32.dll
    [2010/02/26 07:59:35 | 000,176,640 | ---- | C] () -- C:\Windows\SysNative\Faultrep.dll
    [2010/02/26 07:59:34 | 000,120,832 | ---- | C] () -- C:\Windows\SysNative\wersvc.dll
    [2010/02/26 07:59:24 | 000,470,016 | ---- | C] () -- C:\Windows\SysNative\PhotoMetadataHandler.dll
    [2010/02/26 07:59:23 | 000,386,560 | ---- | C] () -- C:\Windows\SysNative\WindowsCodecsExt.dll
    [2010/02/26 07:59:22 | 000,841,216 | ---- | C] () -- C:\Windows\SysNative\WindowsCodecs.dll
    [2010/02/26 07:48:31 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010/02/26 07:48:28 | 000,126,312 | ---- | C] () -- C:\Windows\SysNative\GEARAspi64.dll
    [2010/02/26 07:48:28 | 000,034,152 | ---- | C] () -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
    [2010/02/26 07:46:48 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2010/02/26 07:40:37 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
    [2010/02/26 01:18:48 | 000,001,726 | ---- | C] () -- C:\Users\Mr Roboto\Desktop\CCleaner.lnk
    [2010/02/25 22:40:25 | 000,031,280 | R--- | C] () -- C:\Windows\SysNative\drivers\SymIMV.sys
    [2010/02/25 22:40:22 | 000,172,592 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
    [2010/02/25 22:40:22 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
    [2010/02/25 22:40:22 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
    [2010/02/25 22:14:59 | 000,001,834 | RHS- | C] () -- C:\Windows\SysWow64\drivers\103C_HP_CPC_NP200AA-ABA a6720y_YC_0Pavi_QMXU913_E91NAv6PrA1_49_IVIOLET_SPEGATRON CORPORATION_V3.02_B5.09_T090304_WUH1_L409_M5887_J640_7AMD_8Phenom 9550 Quad-Core_92.2_#090414_N10DE0760_Z_G10DE0847.MRK
    [2010/02/25 22:14:59 | 000,001,834 | RHS- | C] () -- C:\Windows\SysNative\drivers\103C_HP_CPC_NP200AA-ABA a6720y_YC_0Pavi_QMXU913_E91NAv6PrA1_49_IVIOLET_SPEGATRON CORPORATION_V3.02_B5.09_T090304_WUH1_L409_M5887_J640_7AMD_8Phenom 9550 Quad-Core_92.2_#090414_N10DE0760_Z_G10DE0847.MRK
    [2010/02/25 22:14:51 | 000,001,368 | ---- | C] () -- C:\Users\Public\Desktop\Snapfish Photos - FREE - 1st 25 Prints.lnk
    [2010/02/25 22:14:33 | 000,001,903 | ---- | C] () -- C:\Users\Public\Desktop\HP Total Care Advisor.lnk
    [2010/02/25 22:14:28 | 000,002,107 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk
    [2010/02/25 22:14:28 | 000,001,562 | ---- | C] () -- C:\Users\Public\Desktop\Try Microsoft Office for 60 days.lnk
    [2010/02/25 22:14:04 | 001,048,576 | -HS- | C] () -- C:\Users\Mr Roboto\NTUSER.DAT
    [2010/02/25 22:14:04 | 000,524,288 | -HS- | C] () -- C:\Users\Mr Roboto\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000002.regtrans-ms
    [2010/02/25 22:14:04 | 000,524,288 | -HS- | C] () -- C:\Users\Mr Roboto\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
    [2010/02/25 22:14:04 | 000,065,536 | -HS- | C] () -- C:\Users\Mr Roboto\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
    [2010/02/25 22:14:04 | 000,000,020 | -HS- | C] () -- C:\Users\Mr Roboto\ntuser.ini
    [2010/02/25 22:12:04 | 002,621,440 | ---- | C] () -- C:\Windows\SysNative\wucltux.dll
    [2010/02/25 22:12:04 | 002,424,024 | ---- | C] () -- C:\Windows\SysNative\wuaueng.dll
    [2010/02/25 22:12:04 | 000,057,560 | ---- | C] () -- C:\Windows\SysNative\wuauclt.exe
    [2010/02/25 22:12:04 | 000,043,744 | ---- | C] () -- C:\Windows\SysNative\wups2.dll
    [2010/02/25 22:11:59 | 000,700,640 | ---- | C] () -- C:\Windows\SysNative\wuapi.dll
    [2010/02/25 22:11:59 | 000,098,816 | ---- | C] () -- C:\Windows\SysNative\wudriver.dll
    [2010/02/25 22:11:59 | 000,038,112 | ---- | C] () -- C:\Windows\SysNative\wups.dll
    [2010/02/25 22:11:40 | 000,185,416 | ---- | C] () -- C:\Windows\SysNative\wuwebv.dll
    [2010/02/25 22:11:40 | 000,036,864 | ---- | C] () -- C:\Windows\SysNative\wuapp.exe
    [2009/02/11 08:44:49 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
    [2009/02/11 08:44:49 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
    [2008/01/20 18:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
    [2008/01/20 18:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

    ========== LOP Check ==========
     
  17. antweezy

    antweezy TS Rookie Topic Starter Posts: 48

    [2010/02/25 22:38:59 | 000,000,000 | ---D | M] -- C:\Users\Mr Roboto\AppData\Roaming\PictureMover
    [2010/03/03 22:42:18 | 000,009,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >


    < MD5 for: AGP440.SYS >
    [2008/01/20 18:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
    [2008/01/20 18:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

    < MD5 for: ATAPI.SYS >
    [2008/01/20 18:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
    [2009/04/10 23:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

    < MD5 for: CNGAUDIT.DLL >
    [2006/11/02 03:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
    [2006/11/02 01:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
    [2006/11/02 01:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
    [2006/11/02 01:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

    < MD5 for: EVENTLOG.DLL >
    [2007/05/17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\Cyberlink\PowerDirector\EventLog.dll

    < MD5 for: IASTORV.SYS >
    [2008/01/20 18:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

    < MD5 for: NETLOGON.DLL >
    [2008/01/20 18:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
    [2009/04/10 22:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
    [2009/04/10 23:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
    [2008/01/20 18:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
    [2008/01/20 18:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
    [2008/01/20 18:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

    < MD5 for: NVSTOR.SYS >
    [2008/01/20 18:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

    < MD5 for: SCECLI.DLL >
    [2008/01/20 18:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
    [2008/01/20 18:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
    [2008/01/20 18:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
    [2008/01/20 18:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
    [2009/04/10 22:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
    [2009/04/10 23:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [2008/01/20 18:49:43 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtmsft.dll
    [2008/01/20 18:49:43 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtrans.dll
    [2009/09/10 09:33:02 | 010,624,000 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\wmp.dll

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\System32\config\*.sav >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 304 bytes -> C:\Users\Mr Roboto\Desktop\IMG_0443.JPG:Updt_SummaryInformation
    @Alternate Data Stream - 304 bytes -> C:\Users\Mr Roboto\Desktop\IMG_0442.JPG:Updt_SummaryInformation
    @Alternate Data Stream - 158 bytes -> C:\ProgramData\Temp:DFC5A2B2
    @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:A8ADE5D8
    < End of report >
     
  18. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    You're running Microsoft Security Essentials on a top of Norton, so MSE has to go.
    Please, uninstall it.

    Other. than that, OTL log looks good :)

    1. Download Temp File Cleaner (TFC)
    Double click on TFC.exe to run the program.
    Click on Start button to begin cleaning process.
    TFC will close all running programs, and it may ask you to restart computer.


    2. Go to Kaspersky website and perform an online antivirus scan.

    1. Disable your active antivirus program.
    2. Read through the requirements and privacy statement and click on Accept button.
    3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    4. When the downloads have finished, click on Settings.
    5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, Adware, Dialers, and other potentially dangerous programs
      [*] Archives
      [*] Mail databases
    6. Click on My Computer under Scan.
    7. Once the scan is complete, it will display the results. Click on View Scan Report.
    8. You will see a list of infected items there. Click on Save Report As....
    9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

    Post fresh HijackThis log as well.
     
  19. antweezy

    antweezy TS Rookie Topic Starter Posts: 48

    the online scanner doesnt work and it says they are prepping a new version. instead it gives me the option to use kaspersky internet security free trail or kaspersky antivirus free trail...what should i do?

    Did the Temp File Cleaner.
     
  20. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    No problem...

    Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Push Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
     
  21. antweezy

    antweezy TS Rookie Topic Starter Posts: 48

    I ran the ESET scan..there was no list threats or export to file...but it said there were no infected files or something of that nature. it checked out clean. here is my new hijack this log...

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:08:28 AM, on 3/6/2010
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18385)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
    C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    C:\Program Files (x86)\Internet Explorer\ieuser.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msntask.exe
    C:\Windows\SysWow64\Macromed\Flash\FlashUtil10e.exe
    C:\Users\MRROBO~1\AppData\Local\Temp\Low\av.exe
    C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O1 - Hosts: ::1 localhost
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
    O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    O4 - HKLM\..\Run: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
    O4 - HKLM\..\Run: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    O4 - HKLM\..\Run: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
    O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
    O4 - HKLM\..\Run: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
    O13 - Gopher Prefix:
    O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 9398 bytes
     
  22. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    • Double-click SystemLook.exe to run it.
    • Vista users:: Right click on SystemLook.exe, click Run As Administrator
    • Copy the content of the following box into the main textfield:
      Code:
      :reg
      HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
     
  23. antweezy

    antweezy TS Rookie Topic Starter Posts: 48

    System Look log...

    SystemLook v1.0 by jpshortstuff (11.01.10)
    Log created at 17:52 on 07/03/2010 by Mr Roboto (Administrator - Elevation successful)

    ========== reg ==========

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "CLMLServer for HP TouchSmart"=""c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe""
    "DVDAgent"=""c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe""
    "HP Health Check Scheduler"="c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe"
    "HP Software Update"="c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe"
    "hpsysdrv"="c:\hp\support\hpsysdrv.exe"
    "iTunesHelper"=""C:\Program Files (x86)\iTunes\iTunesHelper.exe""
    "KBD"="C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE"
    "QuickTime Task"=""C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime"
    "SunJavaUpdateSched"=""C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe""
    "TSMAgent"=""c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe""
    "UpdateP2GoShortCut"=""c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0""
    "UpdatePDIRShortCut"=""c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0""
    "UpdatePSTShortCut"=""c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter""


    -=End Of File=-
     
  24. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Please, re-run SystemLook with different code:

    Code:
    :regfind
    av.exe
    
     
  25. antweezy

    antweezy TS Rookie Topic Starter Posts: 48

    When I put in that code it just sits there....nothing seems to happen...should I just leave it n check it later...?
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...