Solved My hijackthis log - vista antivirus 2010

[antweezy]

Thanks for any and all help!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:08:28 AM, on 3/6/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Internet Explorer\ieuser.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msntask.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10e.exe
C:\Users\MRROBO~1\AppData\Local\Temp\Low\av.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9398 bytes

 

[Broni]

Please, follow steps from here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

 

[antweezy]

MalWare Bytes Log
Malwarebytes' Anti-Malware 1.44
Database version: 3828
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

3/6/2010 10:19:46 AM
mbam-log-2010-03-06 (10-19-43).txt

Scan type: Quick Scan
Objects scanned: 97026
Time elapsed: 2 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

SuperAntiSpyware Log
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/06/2010 at 11:00 AM

Application Version : 4.34.1000

Core Rules Database Version : 4596
Trace Rules Database Version: 1978

Scan type : Quick Scan
Total Scan Time : 00:32:43

Memory items scanned : 490
Memory threats detected : 0
Registry items scanned : 209
Registry threats detected : 0
File items scanned : 33503
File threats detected : 0

 

[antweezy]

HiJackthis Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:08:28 AM, on 3/6/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Internet Explorer\ieuser.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msntask.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10e.exe
C:\Users\MRROBO~1\AppData\Local\Temp\Low\av.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9398 bytes

 

[Broni]

What are your actual issues?

 

[antweezy]

Caught Vista Antivirus 2010...can't seem to shake it...closed it off the task manager so it isn't currently running I dont think...and computer is running sluggish since it hit me.

 

[Broni]

Malwarebytes should have taken care of it, but let's check some more....

Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log.

 

[antweezy]

it says that there aren't any system modifications...but ive heard that if i restart my comp vista antivirus 2010 comes back...is that true?

 

[Broni]

No. Your computer should be pretty much clean.
GMER result is good.

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT


* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[antweezy]

OTL logfile created on: 3/6/2010 5:01:39 PM - Run 1
OTL by OldTimer - Version 3.1.34.0 Folder = C:\Users\Mr Roboto\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 37.00% Memory free
12.00 Gb Paging File | 8.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.97 Gb Total Space | 517.22 Gb Free Space | 88.72% Space Free | Partition Type: NTFS
Drive D: | 13.20 Gb Total Space | 1.80 Gb Free Space | 13.64% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MRROBOTO
Current User Name: Mr Roboto
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/06 17:00:55 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Users\Mr Roboto\Desktop\OTL.exe
PRC - [2010/02/18 16:40:26 | 002,012,912 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/01/26 16:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10e.exe
PRC - [2010/01/20 13:03:39 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
PRC - [2009/11/10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/09/10 07:21:05 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2008/10/17 16:57:18 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/10/17 16:56:54 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/09/26 02:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/09/08 15:12:40 | 000,430,080 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
PRC - [2008/08/28 20:09:08 | 000,133,648 | ---- | M] (Microsoft Corp.) -- c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msntask.exe
PRC - [2008/08/25 03:57:21 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2008/01/20 18:50:38 | 000,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieuser.exe
PRC - [2007/04/18 07:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe


========== Modules (SafeList) ==========

MOD - [2010/03/06 17:00:55 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Users\Mr Roboto\Desktop\OTL.exe
MOD - [2008/01/20 18:50:03 | 000,450,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2008/01/20 18:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/12/09 20:30:34 | 000,017,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2008/01/20 18:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/01/20 13:03:39 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2010/01/18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/12/09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/11/10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2008/07/27 10:01:49 | 000,093,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2006/11/02 05:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/01 22:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/01 22:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/03/03 22:43:53 | 000,000,000 | ---D | M]

 

[antweezy]

O1 HOSTS File: ([2006/09/18 13:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL ()
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL ()
O4:64bit: - HKLM..\Run: [NVRaidService] C:\Windows\SysNative\nvraidservice.exe ()
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TSMAgent] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\clouds.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\clouds.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2008/01/20 19:06:38 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll ()
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll ()
NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008/01/20 19:08:35 | 000,000,000 | ---D | M]
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)
OTL cannot create restorepoints on Vista OSs!

 

[antweezy]

[2010/02/25 22:14:04 | 000,000,000 | -HSD | C] -- C:\Users\Mr Roboto\Templates
[2010/02/25 22:14:04 | 000,000,000 | -HSD | C] -- C:\Users\Mr Roboto\Start Menu
[2010/02/25 22:14:04 | 000,000,000 | -HSD | C] -- C:\Users\Mr Roboto\SendTo
[2010/02/25 22:14:04 | 000,000,000 | -HSD | C] -- C:\Users\Mr Roboto\Recent
[2010/02/25 22:14:04 | 000,000,000 | -HSD | C] -- C:\Users\Mr Roboto\PrintHood
[2010/02/25 22:14:04 | 000,000,000 | -HSD | C] -- C:\Users\Mr Roboto\NetHood
[2010/02/25 22:14:04 | 000,000,000 | -HSD | C] -- C:\Users\Mr Roboto\Documents\My Videos
[2010/02/25 22:14:04 | 000,000,000 | -HSD | C] -- C:\Users\Mr Roboto\Documents\My Pictures
[2010/02/25 22:14:04 | 000,000,000 | -HSD | C] -- C:\Users\Mr Roboto\Documents\My Music
[2010/02/25 22:14:04 | 000,000,000 | -HSD | C] -- C:\Users\Mr Roboto\My Documents
[2010/02/25 22:14:04 | 000,000,000 | -HSD | C] -- C:\Users\Mr Roboto\Local Settings
[2010/02/25 22:14:04 | 000,000,000 | -HSD | C] -- C:\Users\Mr Roboto\AppData\Local\History
[2010/02/25 22:14:04 | 000,000,000 | -HSD | C] -- C:\Users\Mr Roboto\Cookies
[2010/02/25 22:14:04 | 000,000,000 | -HSD | C] -- C:\Users\Mr Roboto\Application Data
[2010/02/25 22:14:04 | 000,000,000 | -HSD | C] -- C:\Users\Mr Roboto\AppData\Local\Application Data
[2010/02/25 22:14:04 | 000,000,000 | -H-D | C] -- C:\Users\Mr Roboto\AppData
[2010/02/25 22:14:04 | 000,000,000 | ---D | C] -- C:\Users\Mr Roboto\AppData\Local\Temp
[2010/02/25 22:14:04 | 000,000,000 | ---D | C] -- C:\Users\Mr Roboto\AppData\Local\Microsoft
[2010/02/25 22:14:04 | 000,000,000 | ---D | C] -- C:\Users\Mr Roboto\AppData\Roaming\Media Center Programs
[2010/02/25 22:11:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Templates
[2010/02/25 22:11:01 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Videos
[2010/02/25 22:11:01 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Pictures
[2010/02/25 22:11:01 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Music
[2010/02/25 22:11:00 | 000,000,000 | -HSD | C] -- C:\ProgramData\Start Menu
[2010/02/25 22:11:00 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favorites
[2010/02/25 22:11:00 | 000,000,000 | -HSD | C] -- C:\Documents and Settings
[2010/02/25 22:11:00 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documents
[2010/02/25 22:11:00 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2010/02/25 22:11:00 | 000,000,000 | -HSD | C] -- C:\ProgramData\Application Data
[2010/02/25 22:10:43 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/02/25 22:01:58 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 14 Days ==========

[2010/03/06 17:03:45 | 001,048,576 | -HS- | M] () -- C:\Users\Mr Roboto\NTUSER.DAT
[2010/03/06 17:00:55 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Users\Mr Roboto\Desktop\OTL.exe
[2010/03/06 16:49:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/06 16:46:27 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/06 16:46:27 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/06 10:08:44 | 000,000,946 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/03/06 10:08:38 | 002,202,366 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1008000.029\Cat.DB
[2010/03/06 01:40:20 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/03/06 00:54:40 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/03/06 00:52:34 | 000,000,335 | ---- | M] () -- C:\Users\Mr Roboto\Desktop\FixExe.reg
[2010/03/06 00:14:31 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/06 00:08:20 | 000,001,930 | ---- | M] () -- C:\Users\Mr Roboto\Desktop\HijackThis.lnk
[2010/03/03 22:48:10 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/03/03 22:48:10 | 000,595,446 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/03/03 22:48:10 | 000,101,144 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/03/03 22:43:36 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/03 22:42:21 | 000,524,288 | -HS- | M] () -- C:\Users\Mr Roboto\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/03/03 22:42:21 | 000,065,536 | -HS- | M] () -- C:\Users\Mr Roboto\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/03/03 22:42:10 | 001,158,495 | -H-- | M] () -- C:\Users\Mr Roboto\AppData\Local\IconCache.db
[2010/03/02 22:51:05 | 000,193,241 | ---- | M] () -- C:\Users\Mr Roboto\Desktop\Orlando_Bloom.jpg
[2010/03/02 13:48:18 | 000,148,844 | ---- | M] () -- C:\Users\Mr Roboto\Desktop\IMG_0443.JPG
[2010/03/02 13:47:56 | 000,119,411 | ---- | M] () -- C:\Users\Mr Roboto\Desktop\IMG_0442.JPG
[2010/03/02 13:43:01 | 000,101,176 | ---- | M] () -- C:\Users\Mr Roboto\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/03/02 13:42:30 | 000,364,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/02/27 08:56:57 | 000,000,680 | ---- | M] () -- C:\Users\Mr Roboto\AppData\Local\d3d9caps.dat
[2010/02/27 00:48:42 | 000,002,281 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010/02/26 16:01:17 | 000,172,592 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/02/26 16:01:17 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/02/26 16:01:17 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/02/26 16:00:57 | 000,583,296 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1008000.029\cchpx64.sys
[2010/02/26 16:00:57 | 000,334,384 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1008000.029\BHDrvx64.sys
[2010/02/26 16:00:55 | 000,009,412 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1008000.029\symnetv.cat
[2010/02/26 16:00:55 | 000,007,362 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1008000.029\BHDrvx64.CAT
[2010/02/26 16:00:55 | 000,001,481 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1008000.029\SymNetV.inf
[2010/02/26 16:00:55 | 000,000,640 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1008000.029\BHDrvx64.inf
[2010/02/26 16:00:55 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1008000.029\isolate.ini
[2010/02/26 07:48:31 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/02/26 07:46:48 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/02/26 07:40:37 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/02/26 01:23:30 | 000,524,288 | -HS- | M] () -- C:\Users\Mr Roboto\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000002.regtrans-ms
[2010/02/26 01:18:48 | 000,001,726 | ---- | M] () -- C:\Users\Mr Roboto\Desktop\CCleaner.lnk
[2010/02/25 22:15:06 | 000,001,834 | RHS- | M] () -- C:\Windows\SysWow64\drivers\103C_HP_CPC_NP200AA-ABA a6720y_YC_0Pavi_QMXU913_E91NAv6PrA1_49_IVIOLET_SPEGATRON CORPORATION_V3.02_B5.09_T090304_WUH1_L409_M5887_J640_7AMD_8Phenom 9550 Quad-Core_92.2_#090414_N10DE0760_Z_G10DE0847.MRK
[2010/02/25 22:15:06 | 000,001,834 | RHS- | M] () -- C:\Windows\SysNative\drivers\103C_HP_CPC_NP200AA-ABA a6720y_YC_0Pavi_QMXU913_E91NAv6PrA1_49_IVIOLET_SPEGATRON CORPORATION_V3.02_B5.09_T090304_WUH1_L409_M5887_J640_7AMD_8Phenom 9550 Quad-Core_92.2_#090414_N10DE0760_Z_G10DE0847.MRK
[2010/02/25 22:14:51 | 000,001,368 | ---- | M] () -- C:\Users\Public\Desktop\Snapfish Photos - FREE - 1st 25 Prints.lnk
[2010/02/25 22:14:04 | 000,000,020 | -HS- | M] () -- C:\Users\Mr Roboto\ntuser.ini
[2010/02/25 22:09:43 | 000,047,092 | ---- | M] () -- C:\Windows\SysNative\license.rtf

========== Files Created - No Company Name ==========

 

[antweezy]

========== Files/Folders - Created Within 14 Days ==========

[2010/03/06 17:00:45 | 000,553,984 | ---- | C] (OldTimer Tools) -- C:\Users\Mr Roboto\Desktop\OTL.exe
[2010/03/06 10:09:02 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/03/06 10:08:40 | 000,000,000 | ---D | C] -- C:\Users\Mr Roboto\AppData\Roaming\SUPERAntiSpyware.com
[2010/03/06 10:08:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
[2010/03/06 10:08:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010/03/06 03:02:32 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/03/06 01:40:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/03/06 01:40:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/03/06 01:03:02 | 000,000,000 | ---D | C] -- C:\Users\Mr Roboto\AppData\Local\Threat Expert
[2010/03/06 00:56:25 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010/03/06 00:56:24 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010/03/06 00:56:24 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010/03/06 00:54:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Doctor
[2010/03/06 00:54:24 | 000,000,000 | ---D | C] -- C:\Users\Mr Roboto\AppData\Roaming\PC Tools
[2010/03/06 00:54:24 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/03/06 00:54:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2010/03/06 00:14:32 | 000,000,000 | ---D | C] -- C:\Users\Mr Roboto\AppData\Roaming\Malwarebytes
[2010/03/06 00:14:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/03/06 00:14:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/03/06 00:14:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/03/06 00:08:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/03/02 13:38:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Picture It! 9
[2010/02/27 09:36:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2010/02/27 09:18:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010/02/26 15:19:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2010/02/26 07:48:34 | 000,000,000 | ---D | C] -- C:\Users\Mr Roboto\AppData\Roaming\Apple Computer
[2010/02/26 07:48:34 | 000,000,000 | ---D | C] -- C:\Users\Mr Roboto\AppData\Local\Apple Computer
[2010/02/26 07:48:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010/02/26 07:48:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/02/26 07:47:58 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/02/26 07:47:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/02/26 07:47:58 | 000,000,000 | ---D | C] -- C:\ProgramData\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3}
[2010/02/26 07:46:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/02/26 07:46:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/02/26 07:46:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/02/26 07:46:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/02/26 07:46:28 | 000,000,000 | ---D | C] -- C:\Users\Mr Roboto\AppData\Local\Apple
[2010/02/26 07:46:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/02/26 07:44:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/02/26 07:43:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/02/26 07:43:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010/02/26 01:18:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010/02/25 22:40:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/02/25 22:40:22 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/02/25 22:39:45 | 000,000,000 | ---D | C] -- C:\Users\Mr Roboto\AppData\Roaming\Macromedia
[2010/02/25 22:39:43 | 000,000,000 | ---D | C] -- C:\Users\Mr Roboto\AppData\Roaming\Adobe
[2010/02/25 22:39:02 | 000,000,000 | ---D | C] -- C:\Users\Mr Roboto\AppData\Roaming\Hewlett-Packard
[2010/02/25 22:38:49 | 000,000,000 | ---D | C] -- C:\Users\Mr Roboto\AppData\Roaming\PictureMover
[2010/02/25 22:38:42 | 000,000,000 | ---D | C] -- C:\Users\Mr Roboto\AppData\Local\Hewlett-Packard
[2010/02/25 22:38:33 | 000,000,000 | R--D | C] -- C:\Users\Mr Roboto\Searches
[2010/02/25 22:38:26 | 000,000,000 | ---D | C] -- C:\Users\Mr Roboto\AppData\Roaming\Identities
[2010/02/25 22:38:23 | 000,000,000 | R--D | C] -- C:\Users\Mr Roboto\Contacts
[2010/02/25 22:16:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2010/02/25 22:16:23 | 000,000,000 | ---D | C] -- C:\Users\Mr Roboto\AppData\Roaming\HP TCS
[2010/02/25 22:16:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2010/02/25 22:14:07 | 000,000,000 | ---D | C] -- C:\Users\Mr Roboto\AppData\Local\VirtualStore
[2010/02/25 22:14:04 | 000,000,000 | --SD | C] -- C:\Users\Mr Roboto\AppData\Roaming\Microsoft
[2010/02/25 22:14:04 | 000,000,000 | R--D | C] -- C:\Users\Mr Roboto\Videos
[2010/02/25 22:14:04 | 000,000,000 | R--D | C] -- C:\Users\Mr Roboto\Saved Games
[2010/02/25 22:14:04 | 000,000,000 | R--D | C] -- C:\Users\Mr Roboto\Pictures
[2010/02/25 22:14:04 | 000,000,000 | R--D | C] -- C:\Users\Mr Roboto\Music
[2010/02/25 22:14:04 | 000,000,000 | R--D | C] -- C:\Users\Mr Roboto\Links
[2010/02/25 22:14:04 | 000,000,000 | R--D | C] -- C:\Users\Mr Roboto\Favorites
[2010/02/25 22:14:04 | 000,000,000 | R--D | C] -- C:\Users\Mr Roboto\Downloads
[2010/02/25 22:14:04 | 000,000,000 | R--D | C] -- C:\Users\Mr Roboto\Documents
[2010/02/25 22:14:04 | 000,000,000 | R--D | C] -- C:\Users\Mr Roboto\Desktop
[2010/02/25 22:14:04 | 000,000,000 | -HSD | C] -- C:\Users\Mr Roboto\AppData\Local\Temporary Internet Files

[2010/03/06 10:08:44 | 000,000,946 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/03/06 01:43:29 | 000,212,864 | ---- | C] () -- C:\Windows\SysNative\MpSigStub.exe
[2010/03/06 01:40:20 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/03/06 00:56:25 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010/03/06 00:56:25 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010/03/06 00:56:25 | 000,000,880 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010/03/06 00:56:25 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010/03/06 00:56:24 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010/03/06 00:54:47 | 000,306,648 | ---- | C] () -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2010/03/06 00:54:47 | 000,133,072 | ---- | C] () -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2010/03/06 00:54:47 | 000,007,357 | ---- | C] () -- C:\Windows\SysNative\drivers\pctgntdi64.cat
[2010/03/06 00:54:42 | 000,218,056 | ---- | C] () -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2010/03/06 00:54:42 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctcore64.cat
[2010/03/06 00:54:40 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/03/06 00:54:36 | 000,092,896 | ---- | C] () -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2010/03/06 00:54:36 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctplsg64.cat
[2010/03/06 00:54:26 | 000,418,048 | ---- | C] () -- C:\Users\Mr Roboto\AppData\Local\dd_vcredistMSI34A4.txt
[2010/03/06 00:54:26 | 000,014,762 | ---- | C] () -- C:\Users\Mr Roboto\AppData\Local\dd_vcredistUI34A7.txt
[2010/03/06 00:54:25 | 000,015,542 | ---- | C] () -- C:\Users\Mr Roboto\AppData\Local\dd_vcredistUI34A4.txt
[2010/03/06 00:52:34 | 000,000,335 | ---- | C] () -- C:\Users\Mr Roboto\Desktop\FixExe.reg
[2010/03/06 00:14:31 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/06 00:14:22 | 000,022,104 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/03/06 00:08:20 | 000,001,930 | ---- | C] () -- C:\Users\Mr Roboto\Desktop\HijackThis.lnk
[2010/03/02 22:51:04 | 000,193,241 | ---- | C] () -- C:\Users\Mr Roboto\Desktop\Orlando_Bloom.jpg
[2010/03/02 13:34:44 | 000,148,844 | ---- | C] () -- C:\Users\Mr Roboto\Desktop\IMG_0443.JPG
[2010/03/02 13:34:42 | 000,119,411 | ---- | C] () -- C:\Users\Mr Roboto\Desktop\IMG_0442.JPG
[2010/02/27 10:28:25 | 004,691,032 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2010/02/27 09:24:57 | 000,049,160 | ---- | C] () -- C:\Windows\SysNative\infocardcpl.cpl
[2010/02/27 09:24:52 | 000,052,760 | ---- | C] () -- C:\Windows\SysNative\PresentationHostProxy.dll

 

[antweezy]

[2010/02/27 09:24:52 | 000,011,264 | ---- | C] () -- C:\Windows\SysNative\icardres.dll
[2010/02/27 09:24:51 | 001,168,928 | ---- | C] () -- C:\Windows\SysNative\PresentationNative_v0300.dll
[2010/02/27 09:24:50 | 000,167,432 | ---- | C] () -- C:\Windows\SysNative\infocardapi.dll
[2010/02/27 09:24:49 | 001,383,936 | ---- | C] () -- C:\Windows\SysNative\icardagt.exe
[2010/02/27 09:24:42 | 000,126,520 | ---- | C] () -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2010/02/27 09:24:39 | 000,357,904 | ---- | C] () -- C:\Windows\SysNative\PresentationHost.exe
[2010/02/27 09:16:29 | 000,013,824 | ---- | C] () -- C:\Windows\SysNative\netfxperf.dll
[2010/02/27 09:16:03 | 000,112,120 | ---- | C] () -- C:\Windows\SysNative\dfshim.dll
[2010/02/27 09:15:51 | 000,406,528 | ---- | C] () -- C:\Windows\SysNative\mscoree.dll
[2010/02/27 09:15:44 | 000,158,208 | ---- | C] () -- C:\Windows\SysNative\mscorier.dll
[2010/02/27 09:15:39 | 000,076,288 | ---- | C] () -- C:\Windows\SysNative\mscories.dll
[2010/02/27 09:02:09 | 000,032,768 | ---- | C] () -- C:\Windows\SysNative\nshhttp.dll
[2010/02/27 09:01:49 | 000,610,304 | ---- | C] () -- C:\Windows\SysNative\drivers\http.sys
[2010/02/27 09:01:48 | 000,033,792 | ---- | C] () -- C:\Windows\SysNative\httpapi.dll
[2010/02/27 08:56:57 | 000,000,680 | ---- | C] () -- C:\Users\Mr Roboto\AppData\Local\d3d9caps.dat
[2010/02/26 08:08:32 | 002,608,803 | ---- | C] () -- C:\Windows\SysNative\wlan.tmf
[2010/02/26 08:08:32 | 000,376,832 | ---- | C] () -- C:\Windows\SysNative\wlansec.dll
[2010/02/26 08:08:32 | 000,353,280 | ---- | C] () -- C:\Windows\SysNative\wlanmsm.dll
[2010/02/26 08:08:32 | 000,157,184 | ---- | C] () -- C:\Windows\SysNative\L2SecHC.dll
[2010/02/26 08:08:31 | 000,615,936 | ---- | C] () -- C:\Windows\SysNative\wlansvc.dll
[2010/02/26 08:08:31 | 000,097,792 | ---- | C] () -- C:\Windows\SysNative\wlanhlp.dll
[2010/02/26 08:08:31 | 000,086,528 | ---- | C] () -- C:\Windows\SysNative\wlanapi.dll
[2010/02/26 08:08:30 | 000,648,704 | ---- | C] () -- C:\Windows\SysNative\netapi32.dll
[2010/02/26 08:08:16 | 013,426,176 | ---- | C] () -- C:\Windows\SysNative\wmp.dll
[2010/02/26 08:08:11 | 000,372,736 | ---- | C] () -- C:\Windows\SysNative\unregmp2.exe
[2010/02/26 08:08:07 | 008,147,968 | ---- | C] () -- C:\Windows\SysNative\wmploc.DLL
[2010/02/26 08:07:42 | 001,691,648 | ---- | C] () -- C:\Windows\SysNative\connect.dll
[2010/02/26 08:07:41 | 001,570,816 | ---- | C] () -- C:\Windows\SysNative\quartz.dll
[2010/02/26 08:07:40 | 000,093,184 | ---- | C] () -- C:\Windows\SysNative\mciavi32.dll
[2010/02/26 08:07:40 | 000,054,272 | ---- | C] () -- C:\Windows\SysNative\iyuv_32.dll
[2010/02/26 08:07:40 | 000,038,400 | ---- | C] () -- C:\Windows\SysNative\msvidc32.dll
[2010/02/26 08:07:40 | 000,025,600 | ---- | C] () -- C:\Windows\SysNative\msyuv.dll
[2010/02/26 08:07:40 | 000,013,824 | ---- | C] () -- C:\Windows\SysNative\tsbyuv.dll
[2010/02/26 08:07:39 | 000,108,544 | ---- | C] () -- C:\Windows\SysNative\avifil32.dll
[2010/02/26 08:07:39 | 000,076,800 | ---- | C] () -- C:\Windows\SysNative\avicap32.dll
[2010/02/26 08:07:39 | 000,015,872 | ---- | C] () -- C:\Windows\SysNative\msrle32.dll
[2010/02/26 08:07:38 | 000,143,360 | ---- | C] () -- C:\Windows\SysNative\msvfw32.dll
[2010/02/26 08:07:33 | 000,558,592 | ---- | C] () -- C:\Windows\SysNative\EncDec.dll
[2010/02/26 08:07:32 | 000,289,792 | ---- | C] () -- C:\Windows\SysNative\psisrndr.ax
[2010/02/26 08:07:31 | 000,375,808 | ---- | C] () -- C:\Windows\SysNative\psisdecd.dll
[2010/02/26 08:07:31 | 000,101,376 | ---- | C] () -- C:\Windows\SysNative\MSNP.ax
[2010/02/26 08:07:31 | 000,073,216 | ---- | C] () -- C:\Windows\SysNative\MSDvbNP.ax
[2010/02/26 08:07:29 | 000,227,328 | ---- | C] () -- C:\Windows\SysNative\mpg2splt.ax
[2010/02/26 08:07:20 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll
[2010/02/26 08:07:18 | 004,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/02/26 08:07:15 | 000,366,080 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll
[2010/02/26 08:07:15 | 000,189,440 | ---- | C] () -- C:\Windows\SysNative\t2embed.dll
[2010/02/26 08:07:15 | 000,096,256 | ---- | C] () -- C:\Windows\SysNative\fontsub.dll
[2010/02/26 08:07:15 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll
[2010/02/26 08:07:13 | 000,791,552 | ---- | C] () -- C:\Windows\SysNative\localspl.dll
[2010/02/26 08:07:11 | 001,280,512 | ---- | C] () -- C:\Windows\SysNative\rpcrt4.dll
[2010/02/26 08:07:09 | 000,437,248 | ---- | C] () -- C:\Windows\SysNative\WSDApi.dll
[2010/02/26 08:07:07 | 000,818,688 | ---- | C] () -- C:\Windows\SysNative\WMSPDMOD.DLL
[2010/02/26 08:07:06 | 000,660,480 | ---- | C] () -- C:\Windows\SysNative\win32spl.dll
[2010/02/26 08:07:05 | 000,439,808 | ---- | C] () -- C:\Windows\SysNative\winhttp.dll
[2010/02/26 08:07:02 | 002,749,952 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2010/02/26 08:07:00 | 000,334,336 | ---- | C] () -- C:\Windows\SysNative\schannel.dll
[2010/02/26 08:06:58 | 000,295,936 | ---- | C] () -- C:\Windows\SysNative\raschap.dll
[2010/02/26 08:06:58 | 000,280,576 | ---- | C] () -- C:\Windows\SysNative\rastls.dll
[2010/02/26 08:06:56 | 001,208,832 | ---- | C] () -- C:\Windows\SysNative\kernel32.dll
[2010/02/26 08:06:54 | 000,025,600 | ---- | C] () -- C:\Windows\SysNative\amxread.dll
[2010/02/26 08:06:54 | 000,015,872 | ---- | C] () -- C:\Windows\SysNative\apilogen.dll

 

[antweezy]

[2010/02/26 08:06:53 | 000,388,608 | ---- | C] () -- C:\Windows\SysNative\gdi32.dll
[2010/02/26 08:06:40 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2010/02/26 08:05:58 | 000,464,384 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2010/02/26 08:05:57 | 000,141,824 | ---- | C] () -- C:\Windows\SysNative\drivers\srvnet.sys
[2010/02/26 08:05:51 | 000,324,608 | ---- | C] () -- C:\Windows\SysNative\PortableDeviceApi.dll
[2010/02/26 08:05:43 | 001,875,456 | ---- | C] () -- C:\Windows\SysNative\msxml3.dll
[2010/02/26 08:05:42 | 001,794,560 | ---- | C] () -- C:\Windows\SysNative\msxml6.dll
[2010/02/26 08:05:35 | 002,423,296 | ---- | C] () -- C:\Windows\SysNative\mstscax.dll
[2010/02/26 08:05:32 | 000,273,408 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys
[2010/02/26 08:05:31 | 000,134,656 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys
[2010/02/26 08:05:28 | 000,880,640 | ---- | C] () -- C:\Windows\SysNative\timedate.cpl
[2010/02/26 08:05:20 | 001,030,656 | ---- | C] () -- C:\Windows\SysNative\printfilterpipelinesvc.exe
[2010/02/26 08:05:18 | 000,718,336 | ---- | C] () -- C:\Windows\SysNative\rpcss.dll
[2010/02/26 08:05:14 | 000,231,424 | ---- | C] () -- C:\Windows\SysNative\sdohlp.dll
[2010/02/26 08:05:14 | 000,163,840 | ---- | C] () -- C:\Windows\SysNative\iasrecst.dll
[2010/02/26 08:05:14 | 000,061,440 | ---- | C] () -- C:\Windows\SysNative\iasdatastore.dll
[2010/02/26 08:05:14 | 000,036,352 | ---- | C] () -- C:\Windows\SysNative\printfilterpipelineprxy.dll
[2010/02/26 08:05:13 | 000,075,776 | ---- | C] () -- C:\Windows\SysNative\iasads.dll
[2010/02/26 08:05:13 | 000,024,576 | ---- | C] () -- C:\Windows\SysNative\iashost.exe
[2010/02/26 08:05:03 | 000,594,944 | ---- | C] () -- C:\Windows\SysNative\RMActivate_isv.exe
[2010/02/26 08:05:03 | 000,594,432 | ---- | C] () -- C:\Windows\SysNative\RMActivate.exe
[2010/02/26 08:05:03 | 000,535,040 | ---- | C] () -- C:\Windows\SysNative\secproc.dll
[2010/02/26 08:05:03 | 000,534,016 | ---- | C] () -- C:\Windows\SysNative\secproc_isv.dll
[2010/02/26 08:05:03 | 000,413,696 | ---- | C] () -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010/02/26 08:05:03 | 000,409,600 | ---- | C] () -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010/02/26 08:05:02 | 000,159,232 | ---- | C] () -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010/02/26 08:05:02 | 000,158,720 | ---- | C] () -- C:\Windows\SysNative\secproc_ssp.dll
[2010/02/26 08:05:01 | 000,457,216 | ---- | C] () -- C:\Windows\SysNative\msdrm.dll
[2010/02/26 08:04:48 | 002,452,872 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dat
[2010/02/26 08:04:45 | 005,686,784 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/02/26 08:04:42 | 007,005,696 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/02/26 08:04:41 | 001,032,704 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/02/26 08:04:39 | 001,426,432 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/02/26 08:04:38 | 000,208,896 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/02/26 08:04:33 | 000,422,400 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dll
[2010/02/26 08:04:29 | 000,580,608 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/02/26 08:04:29 | 000,480,256 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/02/26 08:04:29 | 000,375,296 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/02/26 08:04:28 | 000,249,856 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/02/26 08:04:25 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll
[2010/02/26 08:04:23 | 000,032,768 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/02/26 08:04:22 | 000,485,376 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2010/02/26 08:04:20 | 000,086,528 | ---- | C] () -- C:\Windows\SysNative\ieencode.dll
[2010/02/26 08:04:19 | 001,129,984 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2010/02/26 08:04:17 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/02/26 08:04:11 | 001,383,424 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/02/26 08:03:52 | 000,753,152 | ---- | C] () -- C:\Windows\SysNative\jscript.dll
[2010/02/26 08:03:44 | 001,418,840 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2010/02/26 08:03:32 | 002,900,480 | ---- | C] () -- C:\Windows\SysNative\WMVCORE.DLL
[2010/02/26 08:03:31 | 003,547,136 | ---- | C] () -- C:\Windows\SysNative\mf.dll
[2010/02/26 08:03:14 | 001,692,160 | ---- | C] () -- C:\Windows\SysNative\lsasrv.dll
[2010/02/26 08:03:14 | 000,268,800 | ---- | C] () -- C:\Windows\SysNative\msv1_0.dll
[2010/02/26 08:03:13 | 000,205,312 | ---- | C] () -- C:\Windows\SysNative\wdigest.dll
[2010/02/26 08:03:12 | 000,515,656 | ---- | C] () -- C:\Windows\SysNative\drivers\ksecdd.sys
[2010/02/26 08:03:11 | 000,094,720 | ---- | C] () -- C:\Windows\SysNative\secur32.dll
[2010/02/26 08:03:10 | 000,011,264 | ---- | C] () -- C:\Windows\SysNative\lsass.exe
[2010/02/26 08:02:56 | 000,088,576 | ---- | C] () -- C:\Windows\SysNative\atl.dll
[2010/02/26 08:01:43 | 000,141,312 | ---- | C] () -- C:\Windows\SysNative\netiohlp.dll
[2010/02/26 08:01:41 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\NETSTAT.EXE
[2010/02/26 08:01:39 | 000,023,040 | ---- | C] () -- C:\Windows\SysNative\ARP.EXE
[2010/02/26 08:01:38 | 000,012,800 | ---- | C] () -- C:\Windows\SysNative\MRINFO.EXE
[2010/02/26 08:01:36 | 000,011,264 | ---- | C] () -- C:\Windows\SysNative\finger.exe
[2010/02/26 08:01:36 | 000,010,752 | ---- | C] () -- C:\Windows\SysNative\TCPSVCS.EXE
[2010/02/26 08:01:36 | 000,010,240 | ---- | C] () -- C:\Windows\SysNative\HOSTNAME.EXE
[2010/02/26 08:01:35 | 000,021,504 | ---- | C] () -- C:\Windows\SysNative\ROUTE.EXE
[2010/02/26 08:01:30 | 000,017,920 | ---- | C] () -- C:\Windows\SysNative\netevent.dll
[2010/02/26 08:00:39 | 000,174,592 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys

 

[antweezy]

[2010/02/26 08:00:35 | 001,245,184 | ---- | C] () -- C:\Windows\SysNative\WMNetMgr.dll
[2010/02/26 08:00:34 | 000,112,640 | ---- | C] () -- C:\Windows\SysNative\logagent.exe
[2010/02/26 08:00:30 | 000,082,944 | ---- | C] () -- C:\Windows\SysNative\msasn1.dll
[2010/02/26 08:00:28 | 000,202,752 | ---- | C] () -- C:\Windows\SysNative\wkssvc.dll
[2010/02/26 08:00:27 | 000,730,112 | ---- | C] () -- C:\Windows\SysNative\msdtcprx.dll
[2010/02/26 08:00:26 | 000,048,640 | ---- | C] () -- C:\Windows\SysNative\xolehlp.dll
[2010/02/26 08:00:15 | 000,368,128 | ---- | C] () -- C:\Windows\SysNative\wmpdxm.dll
[2010/02/26 08:00:13 | 000,009,216 | ---- | C] () -- C:\Windows\SysNative\spwmp.dll
[2010/02/26 08:00:13 | 000,005,120 | ---- | C] () -- C:\Windows\SysNative\msdxm.ocx
[2010/02/26 08:00:13 | 000,005,120 | ---- | C] () -- C:\Windows\SysNative\dxmasf.dll
[2010/02/26 08:00:11 | 000,043,520 | ---- | C] () -- C:\Windows\SysNative\msdxm.tlb
[2010/02/26 08:00:11 | 000,018,432 | ---- | C] () -- C:\Windows\SysNative\amcompat.tlb
[2010/02/26 08:00:04 | 012,897,792 | ---- | C] () -- C:\Windows\SysNative\shell32.dll
[2010/02/26 07:59:35 | 000,176,640 | ---- | C] () -- C:\Windows\SysNative\Faultrep.dll
[2010/02/26 07:59:34 | 000,120,832 | ---- | C] () -- C:\Windows\SysNative\wersvc.dll
[2010/02/26 07:59:24 | 000,470,016 | ---- | C] () -- C:\Windows\SysNative\PhotoMetadataHandler.dll
[2010/02/26 07:59:23 | 000,386,560 | ---- | C] () -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2010/02/26 07:59:22 | 000,841,216 | ---- | C] () -- C:\Windows\SysNative\WindowsCodecs.dll
[2010/02/26 07:48:31 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/02/26 07:48:28 | 000,126,312 | ---- | C] () -- C:\Windows\SysNative\GEARAspi64.dll
[2010/02/26 07:48:28 | 000,034,152 | ---- | C] () -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2010/02/26 07:46:48 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/02/26 07:40:37 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/02/26 01:18:48 | 000,001,726 | ---- | C] () -- C:\Users\Mr Roboto\Desktop\CCleaner.lnk
[2010/02/25 22:40:25 | 000,031,280 | R--- | C] () -- C:\Windows\SysNative\drivers\SymIMV.sys
[2010/02/25 22:40:22 | 000,172,592 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/02/25 22:40:22 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/02/25 22:40:22 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/02/25 22:14:59 | 000,001,834 | RHS- | C] () -- C:\Windows\SysWow64\drivers\103C_HP_CPC_NP200AA-ABA a6720y_YC_0Pavi_QMXU913_E91NAv6PrA1_49_IVIOLET_SPEGATRON CORPORATION_V3.02_B5.09_T090304_WUH1_L409_M5887_J640_7AMD_8Phenom 9550 Quad-Core_92.2_#090414_N10DE0760_Z_G10DE0847.MRK
[2010/02/25 22:14:59 | 000,001,834 | RHS- | C] () -- C:\Windows\SysNative\drivers\103C_HP_CPC_NP200AA-ABA a6720y_YC_0Pavi_QMXU913_E91NAv6PrA1_49_IVIOLET_SPEGATRON CORPORATION_V3.02_B5.09_T090304_WUH1_L409_M5887_J640_7AMD_8Phenom 9550 Quad-Core_92.2_#090414_N10DE0760_Z_G10DE0847.MRK
[2010/02/25 22:14:51 | 000,001,368 | ---- | C] () -- C:\Users\Public\Desktop\Snapfish Photos - FREE - 1st 25 Prints.lnk
[2010/02/25 22:14:33 | 000,001,903 | ---- | C] () -- C:\Users\Public\Desktop\HP Total Care Advisor.lnk
[2010/02/25 22:14:28 | 000,002,107 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk
[2010/02/25 22:14:28 | 000,001,562 | ---- | C] () -- C:\Users\Public\Desktop\Try Microsoft Office for 60 days.lnk
[2010/02/25 22:14:04 | 001,048,576 | -HS- | C] () -- C:\Users\Mr Roboto\NTUSER.DAT
[2010/02/25 22:14:04 | 000,524,288 | -HS- | C] () -- C:\Users\Mr Roboto\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000002.regtrans-ms
[2010/02/25 22:14:04 | 000,524,288 | -HS- | C] () -- C:\Users\Mr Roboto\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/02/25 22:14:04 | 000,065,536 | -HS- | C] () -- C:\Users\Mr Roboto\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/02/25 22:14:04 | 000,000,020 | -HS- | C] () -- C:\Users\Mr Roboto\ntuser.ini
[2010/02/25 22:12:04 | 002,621,440 | ---- | C] () -- C:\Windows\SysNative\wucltux.dll
[2010/02/25 22:12:04 | 002,424,024 | ---- | C] () -- C:\Windows\SysNative\wuaueng.dll
[2010/02/25 22:12:04 | 000,057,560 | ---- | C] () -- C:\Windows\SysNative\wuauclt.exe
[2010/02/25 22:12:04 | 000,043,744 | ---- | C] () -- C:\Windows\SysNative\wups2.dll
[2010/02/25 22:11:59 | 000,700,640 | ---- | C] () -- C:\Windows\SysNative\wuapi.dll
[2010/02/25 22:11:59 | 000,098,816 | ---- | C] () -- C:\Windows\SysNative\wudriver.dll
[2010/02/25 22:11:59 | 000,038,112 | ---- | C] () -- C:\Windows\SysNative\wups.dll
[2010/02/25 22:11:40 | 000,185,416 | ---- | C] () -- C:\Windows\SysNative\wuwebv.dll
[2010/02/25 22:11:40 | 000,036,864 | ---- | C] () -- C:\Windows\SysNative\wuapp.exe
[2009/02/11 08:44:49 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2009/02/11 08:44:49 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/01/20 18:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 18:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

 

[antweezy]

[2010/02/25 22:38:59 | 000,000,000 | ---D | M] -- C:\Users\Mr Roboto\AppData\Roaming\PictureMover
[2010/03/03 22:42:18 | 000,009,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/20 18:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/20 18:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/20 18:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/04/10 23:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 03:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 01:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 01:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 01:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007/05/17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\Cyberlink\PowerDirector\EventLog.dll

< MD5 for: IASTORV.SYS >
[2008/01/20 18:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/20 18:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009/04/10 22:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009/04/10 23:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008/01/20 18:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 18:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 18:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2008/01/20 18:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 18:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 18:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 18:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/20 18:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009/04/10 22:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009/04/10 23:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/01/20 18:49:43 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtmsft.dll
[2008/01/20 18:49:43 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtrans.dll
[2009/09/10 09:33:02 | 010,624,000 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\wmp.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

========== Alternate Data Streams ==========

@Alternate Data Stream - 304 bytes -> C:\Users\Mr Roboto\Desktop\IMG_0443.JPG:Updt_SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Users\Mr Roboto\Desktop\IMG_0442.JPG:Updt_SummaryInformation
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TempFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:A8ADE5D8
< End of report >

 

[Broni]

You're running Microsoft Security Essentials on a top of Norton, so MSE has to go.
Please, uninstall it.

Other. than that, OTL log looks good

1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.


2. Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

• Spyware, Adware, Dialers, and other potentially dangerous programs
  [*] Archives
  [*] Mail databases

6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

Post fresh HijackThis log as well.

 

[antweezy]

the online scanner doesnt work and it says they are prepping a new version. instead it gives me the option to use kaspersky internet security free trail or kaspersky antivirus free trail...what should i do?

Did the Temp File Cleaner.

 

[Broni]

No problem...

Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push List of found threats
• Push Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

 

[antweezy]

I ran the ESET scan..there was no list threats or export to file...but it said there were no infected files or something of that nature. it checked out clean. here is my new hijack this log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:08:28 AM, on 3/6/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Internet Explorer\ieuser.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msntask.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10e.exe
C:\Users\MRROBO~1\AppData\Local\Temp\Low\av.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9398 bytes

 

[Broni]

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Vista users:: Right click on SystemLook.exe, click Run As Administrator
• Copy the content of the following box into the main textfield:
  

  :reg
  HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

[antweezy]

System Look log...

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 17:52 on 07/03/2010 by Mr Roboto (Administrator - Elevation successful)

========== reg ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer for HP TouchSmart"=""c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe""
"DVDAgent"=""c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe""
"HP Health Check Scheduler"="c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe"
"HP Software Update"="c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe"
"hpsysdrv"="c:\hp\support\hpsysdrv.exe"
"iTunesHelper"=""C:\Program Files (x86)\iTunes\iTunesHelper.exe""
"KBD"="C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE"
"QuickTime Task"=""C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime"
"SunJavaUpdateSched"=""C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe""
"TSMAgent"=""c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe""
"UpdateP2GoShortCut"=""c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0""
"UpdatePDIRShortCut"=""c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0""
"UpdatePSTShortCut"=""c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter""


-=End Of File=-

 

[Broni]

Please, re-run SystemLook with different code:

:regfind
av.exe

 

[antweezy]

When I put in that code it just sits there....nothing seems to happen...should I just leave it n check it later...?