TechSpot

Possible Virus, Internet connected but unable to use it

By KenBrown2
Jun 17, 2011
  1. Hello,

    I have yet another issue that I cannot solve, and I was hoping you guys could help me! You've helped so much with my computer, now my wife needs help with hers!

    Basically, she has a gateway laptop loaded with Windows Vista that has been having internet trouble for a while now. For a good few months, the wireless internet has been touch and go. At first we could restart it, and be able to connect...Or even perform a diagnose and repair. But, last night after countless restarts and some tweaking, still no internet. Now it says it is connected, but I cannot use the internet through any application. Also, when I try to diagnose and repair, it says it can't find anything wrong with it.

    I am at a loss, and I thought that maybe it is a virus. And if not, maybe someone here can help. You guys have been awesome in the past, and I have complete faith in you.

    I ran the initial scans, and I will post them as replies to this message.

    Thanks!
    Ken
     
  2. KenBrown2

    KenBrown2 TS Rookie Topic Starter Posts: 60

    Malewarebytes:


    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Database version: 6705

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.19088

    6/16/2011 10:28:46 PM
    mbam-log-2011-06-16 (22-28-46).txt

    Scan type: Quick scan
    Objects scanned: 163876
    Time elapsed: 6 minute(s), 35 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)



    GMER:

    GMER 1.0.15.15640 - http://www.gmer.net
    Rootkit scan 2011-06-16 23:19:12
    Windows 6.0.6002 Service Pack 2
    Running: u8kqkj1h.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe2f66c76
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1F 0x91 0x01 0xD2 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x79 0x58 0xD9 0xA8 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3C 0x31 0x1F 0x15 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001fe2f66c76 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1F 0x91 0x01 0xD2 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x79 0x58 0xD9 0xA8 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3C 0x31 0x1F 0x15 ...

    ---- EOF - GMER 1.0.15 ----



    DDS:
    .
    DDS (Ver_2011-06-12.02) - NTFSAMD64
    Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_22
    Run by Owner at 23:19:31 on 2011-06-16
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3960.2270 [GMT -4:00]
    .
    AV: avast! Antivirus *Disabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    AV: Norton 360 *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    SP: avast! Antivirus *Disabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton 360 *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Acer\Preload\Command\AlaunchX\AlaunchX.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Windows\system32\svchost.exe -k HsfXAudioService
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\ehome\ehtray.exe
    C:\Users\Owner\AppData\Roaming\Smilebox\SmileboxTray.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Program Files\Alwil Software\Avast5\avastUI.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.livingston.org/
    uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=1008&m=mc7801u
    mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=1008&m=mc7801u
    mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=1008&m=mc7801u
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: ooVoo Toolbar: {59c6f12b-f004-43e5-9997-08f2123119b6} - C:\Program Files (x86)\oovootoolbar\oovootoolbarX.dll
    BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\PROGRA~2\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    TB: ooVoo Toolbar: {59c6f12b-f004-43e5-9997-08f2123119b6} - C:\Program Files (x86)\oovootoolbar\oovootoolbarX.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    uRun: [SmileboxTray] "C:\Users\Owner\AppData\Roaming\Smilebox\SmileboxTray.exe"
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    mRun: [ccApp] "c:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Trigger New Acer AlaunchX] c:\Acer\Preload\Command\AlaunchX\AppInRun.exe
    mRun: [eRecoveryService]
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [hpqSRMon]
    mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    mRunOnce: [New Acer AlaunchX] c:\Acer\Preload\Command\AlaunchX\LaunchAlaunchX.exe
    mRunOnce: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.16.0.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    TCP: DhcpNameServer = 167.206.245.130 167.206.245.129
    TCP: Interfaces\{7C7D86A6-5962-483F-89BB-ED5F19941C31} : DhcpNameServer = 167.206.245.130 167.206.245.129
    TCP: Interfaces\{9AC1704F-5238-42FA-AC76-6A1EF6B6BD72} : DhcpNameServer = 167.206.245.130 167.206.245.129
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
    BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    BHO-X64: 0x1 - No File
    BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO-X64: HP Print Enhancer - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: ooVoo Toolbar: {59c6f12b-f004-43e5-9997-08f2123119b6} - C:\Program Files (x86)\oovootoolbar\oovootoolbarX.dll
    BHO-X64: ooVoo Toolbar - No File
    BHO-X64: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
    BHO-X64: NCO 2.0 IE BHO - No File
    BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~2\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    BHO-X64: Symantec Intrusion Prevention - No File
    BHO-X64: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    BHO-X64: HP Smart BHO Class - No File
    TB-X64: Show Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
    TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    TB-X64: ooVoo Toolbar: {59c6f12b-f004-43e5-9997-08f2123119b6} - C:\Program Files (x86)\oovootoolbar\oovootoolbarX.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [ccApp] "c:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [Trigger New Acer AlaunchX] c:\Acer\Preload\Command\AlaunchX\AppInRun.exe
    mRun-x64: [eRecoveryService]
    mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun-x64: [(Default)]
    mRun-x64: [hpqSRMon]
    mRun-x64: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    mRunOnce-x64: [New Acer AlaunchX] c:\Acer\Preload\Command\AlaunchX\LaunchAlaunchX.exe
    mRunOnce-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c8nzy25t.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxp://www.oovoostart.com/s/?src=FF-Address&site=Bing&cfg=2-201-0-0&engine_id=1&provider_id=1&product_id=201&country=US&q=
    FF - prefs.js: network.proxy.type - 0
    FF - component: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c8nzy25t.default\extensions\{59c6f12b-f004-43e5-9997-08f2123119b6}\components\dtTransparency.dll
    FF - component: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c8nzy25t.default\extensions\{59c6f12b-f004-43e5-9997-08f2123119b6}\components\dtTransparency3.5.dll
    FF - component: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c8nzy25t.default\extensions\{59c6f12b-f004-43e5-9997-08f2123119b6}\components\dtTransparency3.6.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    FF - Ext: ooVooToolbar: {59c6f12b-f004-43e5-9997-08f2123119b6} - %profile%\extensions\{59c6f12b-f004-43e5-9997-08f2123119b6}
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
    R1 IDSvia64;Symantec Intrusion Prevention Driver;C:\PROGRA~3\Symantec\DEFINI~1\SymcData\ipsdefs\20090709.001\IDSvia64.sys [2009-7-10 370224]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
    R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-6-16 40384]
    R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2008-1-20 21504]
    R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
    R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
    R3 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2mdx64.sys --> C:\Windows\system32\DRIVERS\o2mdx64.sys [?]
    R3 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sdx64.sys --> C:\Windows\system32\DRIVERS\o2sdx64.sys [?]
    R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS --> C:\Windows\system32\Drivers\SYMNDISV.SYS [?]
    R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-6-16 40384]
    S3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-6-16 40384]
    S3 COH_Mon;COH_Mon;\??\C:\Windows\system32\Drivers\COH_Mon.sys --> C:\Windows\system32\Drivers\COH_Mon.sys [?]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-5-11 131632]
    S3 NETwNv64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETwNv64.sys --> C:\Windows\system32\DRIVERS\NETwNv64.sys [?]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
    S4 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2010-7-29 20376]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-19 89920]
    S4 ETService;Empowering Technology Service;C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2008-10-4 24576]
    S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-4 135664]
    S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-4 135664]
    S4 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE [2008-2-17 149352]
    S4 Symantec Core LC;Symantec Core LC;C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2008-9-3 1245064]
    .
    =============== File Associations ===============
    .
    JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    2011-06-17 02:20:51 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes
    2011-06-17 02:20:33 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-06-17 02:20:32 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-06-17 02:20:28 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-06-17 02:20:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-06-17 00:50:44 61008 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2011-06-17 00:50:05 38848 ----a-w- C:\Windows\avastSS.scr
    2011-06-17 00:49:53 -------- d-----w- C:\ProgramData\Alwil Software
    2011-06-16 11:09:41 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{66A6601A-D8B8-45BE-9CAD-116EE98825EF}\mpengine.dll
    2011-06-16 02:10:31 0 ---ha-w- C:\Users\Owner\AppData\Local\BIT79D1.tmp
    2011-06-16 01:12:05 0 ---ha-w- C:\Users\Owner\AppData\Local\BIT6892.tmp
    2011-05-29 16:15:06 0 ---ha-w- C:\Users\Owner\AppData\Local\BITFA17.tmp
    .
    ==================== Find3M ====================
    .
    2011-05-28 06:28:00 1147904 ----a-w- C:\Windows\System32\wininet.dll
    2011-05-28 06:24:04 56832 ----a-w- C:\Windows\System32\licmgr10.dll
    2011-05-28 06:23:47 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
    2011-05-28 06:23:30 132096 ----a-w- C:\Windows\System32\iesysprep.dll
    2011-05-28 06:23:29 77312 ----a-w- C:\Windows\System32\iesetup.dll
    2011-05-28 06:08:58 916480 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-05-28 06:04:30 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2011-05-28 06:04:17 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2011-05-28 06:04:03 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2011-05-28 06:04:03 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
    2011-05-28 05:33:37 479232 ----a-w- C:\Windows\System32\html.iec
    2011-05-28 05:10:26 385024 ----a-w- C:\Windows\SysWow64\html.iec
    2011-05-28 04:53:37 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
    2011-05-28 04:52:18 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-05-28 04:33:03 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2011-05-28 04:31:44 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-05-18 13:56:59 2762752 ----a-w- C:\Windows\System32\win32k.sys
    2011-05-02 17:16:14 739328 ----a-w- C:\Windows\SysWow64\inetcomm.dll
    2011-05-02 17:13:21 975360 ----a-w- C:\Windows\System32\inetcomm.dll
    2011-04-29 13:41:02 176128 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2011-04-29 13:40:56 145920 ----a-w- C:\Windows\System32\drivers\srvnet.sys
    2011-04-29 13:39:34 275456 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
    2011-04-29 13:39:34 135680 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
    2011-04-29 13:39:31 107008 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
    2011-04-21 14:20:24 405504 ----a-w- C:\Windows\System32\drivers\afd.sys
    2011-04-14 15:14:19 97792 ----a-w- C:\Windows\System32\drivers\dfsc.sys
    .
    ============= FINISH: 23:20:35.86 ===============


    Attach:
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-12.02)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 10/4/2008 4:20:18 AM
    System Uptime: 6/16/2011 8:38:11 PM (3 hours ago)
    .
    Motherboard: Gateway | |
    Processor: Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz | uFCPGA2 | 800/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 144 GiB total, 67.696 GiB free.
    D: is FIXED (NTFS) - 144 GiB total, 143.773 GiB free.
    E: is CDROM ()
    F: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: HP Photosmart C6300
    Device ID: ROOT\IMAGE\0000
    Manufacturer: Hewlett-Packard
    Name: HP Photosmart C6300
    PNP Device ID: ROOT\IMAGE\0000
    Service: StillCam
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Photosmart C6300 series
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Photosmart C6300 series
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Deskjet F4500 series
    Device ID: ROOT\MULTIFUNCTION\0001
    Manufacturer: HP
    Name: Deskjet F4500 series
    PNP Device ID: ROOT\MULTIFUNCTION\0001
    Service:
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    3ivx MPEG-4 5.0.3 (remove only)
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9
    AppCore
    Apple Application Support
    Apple Software Update
    avast! Free Antivirus
    AviSynth 2.5
    Backup
    BufferChm
    C6300
    C6300_Help
    Camera Assistant Software for Gateway
    Cards_Calendar_OrderGift_DoMorePlugout
    ccCommon
    Cisco Network Magic
    Compatibility Pack for the 2007 Office system
    Copy
    Coupon Printer for Windows
    CustomerResearchQFolder
    CyberLink LabelPrint
    CyberLink Power2Go
    Destinations
    DeviceDiscovery
    DeviceManagementQFolder
    DJ_AIO_06_F4500_SW_MIN
    DocProc
    DocProcQFolder
    DriverBoost
    eSupportQFolder
    F4500
    FlipShare
    Free Convert to DIVX AVI WMV MP4 MPEG Converter 5.8
    Gateway Games
    Gateway Recovery Management
    GearDrvs
    Google Toolbar for Internet Explorer
    Google Update Helper
    GPBaseService
    GPBaseService2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Photo Creations
    HP Photosmart Essential 2.5
    HP Update
    HPPhotoGadget
    HPPhotoSmartPhotobookWebPack1
    HPProductAssistant
    HPSSupply
    ImgBurn
    Java Auto Updater
    Java(TM) 6 Update 22
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    K-Lite Codec Pack 6.4.0 (Basic)
    LiveUpdate (Symantec Corporation)
    Malwarebytes' Anti-Malware version 1.51.0.1200
    MarketResearch
    Marvell Miniport Driver
    Microsoft Money Essentials
    Microsoft Money Shared Libraries
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    Mozilla Firefox (3.6.8)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Napster
    Napster Burn Engine
    Network Magic
    Norton 360
    Norton 360 (Symantec Corporation)
    Norton 360 HTMLHelp
    Norton Confidential Core
    ooVoo
    ooVoo Toolbar
    PanoStandAlone
    PS_AIO_04_C6300_ProductContext
    PS_AIO_04_C6300_Software
    PS_AIO_04_C6300_Software_Min
    PSSWCORE
    Pure Networks Platform
    QuickTime
    Scan
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft Office 2007 System (KB2541012)
    Security Update for Microsoft Office Excel 2007 (KB2541007)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    SmartWebPrinting
    Smilebox
    SolutionCenter
    Status
    Symantec Technical Support Controls
    System Requirements Lab for Intel
    Toolbox
    TrayApp
    UnloadSupport
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VideoToolkit01
    VLC media player 0.9.2
    WebEx Support Manager for Internet Explorer
    WebReg
    Wii Video 9 6
    Windows Live Messenger
    WinRAR archiver
    WinZip 14.5
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/16/2011 7:24:18 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.103 for the Network Card with network address 00215D40C41C has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    6/16/2011 7:09:52 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    6/16/2011 7:09:52 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/16/2011 7:05:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    .
    ==== End Of File ===========================
     
  3. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================================================

    You're running two AV programs, Norton and Avast.
    One of them has to go.
    If Norton, make sure to use this tool to uninstall it: http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN

    Then...

    Can you get ethernet cable and see, if wired connection will work?
    Also, see if the connection works in Safe Mode with Networking.

    Lastly...

    Please download MiniToolBox and run it.

    Checkmark following boxes:
    • Report IE Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List last 10 Event Viewer log
    • List Users, Partitions and Memory size
    Click Go and post the result.
     
  4. KenBrown2

    KenBrown2 TS Rookie Topic Starter Posts: 60

    Broni,

    Thank you for your assistance! I have uninstalled Avast, and I have tried using an ethernet cable and booting into safe mode with networking..but no luck. I could not use the internet with either. Below you will find the results of mini tool box.

    Results:


    MiniToolBox by Farbar
    Ran by Owner (administrator) on 18-06-2011 at 10:51:33
    Windows (TM) Vista Home Premium Service Pack 2 (X64)

    ***************************************************************************


    ========================= IE Proxy Settings: ==============================

    Proxy is not enabled.
    No Proxy Server is set.

    ========================= End of IE Proxy Settings ========================
    =============== Hosts content: ============================================

    # Copyright (c) 1993-2006 Microsoft Corp.
    #
    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
    #
    # This file contains the mappings of IP addresses to host names. Each
    # entry should be kept on an individual line. The IP address should
    # be placed in the first column followed by the corresponding host name.
    # The IP address and the host name should be separated by at least one
    # space.
    #
    # Additionally, comments (such as these) may be inserted on individual
    # lines or following the machine name denoted by a '#' symbol.
    #
    # For example:
    #
    # 102.54.94.97 rhino.acme.com # source server
    # 38.25.63.10 x.acme.com # x client host

    127.0.0.1 localhost
    ::1 localhost

    =============== End of Hosts ==============================================

    ================= IP Configuration: =======================================

    # ----------------------------------
    # IPv4 Configuration
    # ----------------------------------
    pushd interface ipv4

    reset
    set global icmpredirects=enabled


    popd
    # End of IPv4 configuration



    Windows IP Configuration

    Host Name . . . . . . . . . . . . : Owner-PC
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No

    Ethernet adapter Local Area Connection:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Marvell Yukon 88E8057 PCI-E Gigabit Ethernet Controller
    Physical Address. . . . . . . . . : 00-E0-B8-FD-93-D9
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes

    Wireless LAN adapter Wireless Network Connection:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Intel(R) WiFi Link 5100 AGN
    Physical Address. . . . . . . . . : 00-21-5D-40-C4-1C
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    Link-local IPv6 Address . . . . . : fe80::a0f3:9220:6649:70f4%10(Preferred)
    IPv4 Address. . . . . . . . . . . : 192.168.1.103(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Lease Obtained. . . . . . . . . . : Saturday, June 18, 2011 10:42:16 AM
    Lease Expires . . . . . . . . . . : Sunday, June 19, 2011 10:42:15 AM
    Default Gateway . . . . . . . . . : 192.168.1.1
    DHCP Server . . . . . . . . . . . : 192.168.1.1
    DHCPv6 IAID . . . . . . . . . . . : 268441322
    DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-10-78-DD-EC-00-E0-B8-FD-93-D9
    DNS Servers . . . . . . . . . . . : 167.206.245.130
    167.206.245.129
    NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter Local Area Connection* 6:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : 6TO4 Adapter
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 7:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : isatap.{9AC1704F-5238-42FA-AC76-6A1EF6B6BD72}
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 11:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
    Physical Address. . . . . . . . . : 02-00-54-55-4E-01
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 14:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : isatap.{7C7D86A6-5962-483F-89BB-ED5F19941C31}
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    Server: vdns2.srv.prnynj.cv.net
    Address: 167.206.245.130

    Name: google.com
    Addresses: 74.125.91.106
    74.125.91.147
    74.125.91.104
    74.125.91.99
    74.125.91.105
    74.125.91.103



    Pinging google.com [74.125.91.105] with 32 bytes of data:

    Reply from 74.125.91.105: bytes=32 time=32ms TTL=52

    Reply from 74.125.91.105: bytes=32 time=27ms TTL=52



    Ping statistics for 74.125.91.105:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

    Approximate round trip times in milli-seconds:

    Minimum = 27ms, Maximum = 32ms, Average = 29ms

    Server: vdns2.srv.prnynj.cv.net
    Address: 167.206.245.130

    Name: yahoo.com
    Addresses: 69.147.125.65
    72.30.2.43
    98.137.149.56
    209.191.122.70
    67.195.160.76



    Pinging yahoo.com [69.147.125.65] with 32 bytes of data:

    Reply from 69.147.125.65: bytes=32 time=20ms TTL=55

    Reply from 69.147.125.65: bytes=32 time=21ms TTL=55



    Ping statistics for 69.147.125.65:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

    Approximate round trip times in milli-seconds:

    Minimum = 20ms, Maximum = 21ms, Average = 20ms



    Pinging 127.0.0.1 with 32 bytes of data:

    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



    Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

    Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

    ===========================================================================
    Interface List
    11 ...00 e0 b8 fd 93 d9 ...... Marvell Yukon 88E8057 PCI-E Gigabit Ethernet Controller
    10 ...00 21 5d 40 c4 1c ...... Intel(R) WiFi Link 5100 AGN
    1 ........................... Software Loopback Interface 1
    12 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
    15 ...00 00 00 00 00 00 00 e0 isatap.{9AC1704F-5238-42FA-AC76-6A1EF6B6BD72}
    13 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
    14 ...00 00 00 00 00 00 00 e0 isatap.{7C7D86A6-5962-483F-89BB-ED5F19941C31}
    ===========================================================================

    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination Netmask Gateway Interface Metric
    0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.103 25
    127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
    127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
    127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
    192.168.1.0 255.255.255.0 On-link 192.168.1.103 281
    192.168.1.103 255.255.255.255 On-link 192.168.1.103 281
    192.168.1.255 255.255.255.255 On-link 192.168.1.103 281
    224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
    224.0.0.0 240.0.0.0 On-link 192.168.1.103 281
    255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
    255.255.255.255 255.255.255.255 On-link 192.168.1.103 281
    ===========================================================================
    Persistent Routes:
    None

    IPv6 Route Table
    ===========================================================================
    Active Routes:
    If Metric Network Destination Gateway
    1 306 ::1/128 On-link
    10 281 fe80::/64 On-link
    10 281 fe80::a0f3:9220:6649:70f4/128
    On-link
    1 306 ff00::/8 On-link
    10 281 ff00::/8 On-link
    ===========================================================================
    Persistent Routes:
    None

    ================= End of IP Configuration =================================

    ========================= Event log errors: ===============================

    Application errors:
    ==================
    Error: (06/18/2011 10:42:38 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/18/2011 10:37:50 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/18/2011 10:37:29 AM) (Source: EventSystem) (User: )
    Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

    Error: (06/18/2011 10:34:17 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/18/2011 10:03:07 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/17/2011 08:09:12 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/16/2011 08:39:52 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/16/2011 08:36:10 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/16/2011 07:32:30 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/16/2011 07:17:50 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    System errors:
    =============
    Error: (06/18/2011 10:37:51 AM) (Source: Service Control Manager) (User: )
    Description: eeCtrl
    spldr
    sptd
    SRTSPX
    SYMTDI
    Wanarpv6

    Error: (06/18/2011 10:37:51 AM) (Source: Service Control Manager) (User: )
    Description: Computer BrowserServer%%1068

    Error: (06/18/2011 10:37:42 AM) (Source: DCOM) (User: )
    Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

    Error: (06/18/2011 10:37:40 AM) (Source: DCOM) (User: )
    Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

    Error: (06/18/2011 10:37:32 AM) (Source: DCOM) (User: )
    Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

    Error: (06/18/2011 10:37:29 AM) (Source: DCOM) (User: )
    Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error: (06/18/2011 10:37:20 AM) (Source: DCOM) (User: )
    Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

    Error: (06/18/2011 10:36:36 AM) (Source: sptd) (User: )
    Description: Driver detected an internal error in its data structures for .

    Error: (06/18/2011 10:33:36 AM) (Source: EventLog) (User: )
    Description: The previous system shutdown at 10:29:16 AM on 6/18/2011 was unexpected.

    Error: (06/18/2011 10:13:53 AM) (Source: DCOM) (User: )
    Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}


    Microsoft Office Sessions:
    =========================

    ========================= End of Event log errors =========================

    ========================= Memory info: ====================================

    Percentage of memory in use: 36%
    Total physical RAM: 3960 MB
    Available physical RAM: 2532.04 MB
    Total Pagefile: 8099.28 MB
    Available Pagefile: 6601.23 MB
    Total Virtual: 4095.88 MB
    Available Virtual: 4013.93 MB

    ======================= Partitions: =======================================

    1 Drive c: (OS) (Fixed) (Total:144.04 GB) (Free:64.86 GB) NTFS
    2 Drive d: (DATA) (Fixed) (Total:144.04 GB) (Free:143.7 GB) NTFS
    4 Drive f: () (Removable) (Total:1.87 GB) (Free:1.81 GB) FAT

    ================= Users: ==================================================

    User accounts for \\OWNER-PC

    -------------------------------------------------------------------------------
    Administrator Guest Owner
    The command completed successfully.

    ================= End of Users ============================================
     
  5. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Your connection is perfectly fine ("ping" works), so, something must be blocking your browsers.

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ===================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  6. KenBrown2

    KenBrown2 TS Rookie Topic Starter Posts: 60

    Broni,

    Internet still not working...but here are the log files. Also, I did not post the MBR.dat file, because I don't know what program to open it with.

    Thanks!

    aswMBR:


    aswMBR version 0.9.6.399 Copyright(c) 2011 AVAST Software
    Run date: 2011-06-18 14:07:03
    -----------------------------
    14:07:03.897 OS Version: Windows x64 6.0.6002 Service Pack 2
    14:07:03.897 Number of processors: 2 586 0xF0D
    14:07:03.897 ComputerName: OWNER-PC UserName: Owner
    14:07:05.036 Initialize success
    14:07:19.778 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    14:07:19.778 Disk 0 Vendor: Hitachi_ FB4O Size: 305245MB BusType: 3
    14:07:19.778 Disk 0 MBR read error 0
    14:07:19.778 Disk 0 MBR scan
    14:07:19.794 Disk 0 unknown MBR code
    14:07:19.794 MBR BIOS signature not found 0
    14:07:19.794 Service scanning
    14:07:20.979 Disk 0 trace - called modules:
    14:07:20.995 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys sprl.sys hal.dll
    14:07:20.995 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004ee9260]
    14:07:20.995 3 CLASSPNP.SYS[fffffa60011d5c33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004c8f050]
    14:07:20.995 Scan finished successfully
    14:07:48.352 Disk 0 MBR has been saved successfully to "F:\Ken\Virus\Francescas_Logs\MBR.dat"
    14:07:48.367 The log file has been saved successfully to "F:\Ken\Virus\Francescas_Logs\aswMBR.txt"




    ComboFix:


    ComboFix 11-06-17.04 - Owner 06/18/2011 14:12:22.1.2 - x64
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3960.2187 [GMT -4:00]
    Running from: F:\ComboFix.exe
    AV: Norton 360 *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    SP: Norton 360 *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\vlc-1.1.4-win32.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_usnjsvc
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-05-18 to 2011-06-18 )))))))))))))))))))))))))))))))
    .
    .
    2011-06-18 18:11 . 2011-06-18 18:11 -------- d-----w- C:\32788R22FWJFW
    2011-06-18 00:19 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AC2CE6BA-D3AA-4659-9A4F-DD2B560163A3}\mpengine.dll
    2011-06-17 02:20 . 2011-06-17 02:20 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
    2011-06-17 02:20 . 2011-05-29 13:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-06-17 02:20 . 2011-06-17 02:20 -------- d-----w- c:\programdata\Malwarebytes
    2011-06-17 02:20 . 2011-06-17 02:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-06-17 02:20 . 2011-05-29 13:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-17 00:49 . 2011-06-18 14:12 -------- d-----w- c:\programdata\Alwil Software
    2011-06-17 00:49 . 2011-06-17 00:49 -------- d-----w- c:\program files\Alwil Software
    2011-06-16 02:10 . 2011-06-16 02:10 0 ---ha-w- c:\users\Owner\AppData\Local\BIT79D1.tmp
    2011-06-16 01:12 . 2011-06-16 01:12 0 ---ha-w- c:\users\Owner\AppData\Local\BIT6892.tmp
    2011-05-29 16:15 . 2011-05-29 16:15 0 ---ha-w- c:\users\Owner\AppData\Local\BITFA17.tmp
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-06-11 17:00 . 2011-05-16 03:46 525856 ----a-w- c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{59c6f12b-f004-43e5-9997-08f2123119b6}]
    2011-04-26 02:39 81920 ----a-w- c:\program files (x86)\oovootoolbar\oovootoolbarX.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{59c6f12b-f004-43e5-9997-08f2123119b6}"= "c:\program files (x86)\oovootoolbar\oovootoolbarX.dll" [2011-04-26 81920]
    .
    [HKEY_CLASSES_ROOT\clsid\{59c6f12b-f004-43e5-9997-08f2123119b6}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
    "SmileboxTray"="c:\users\Owner\AppData\Roaming\Smilebox\SmileboxTray.exe" [2011-06-02 313160]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-30 68856]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "Trigger New Acer AlaunchX"="c:\acer\Preload\Command\AlaunchX\AppInRun.exe" [2008-07-17 8192]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "New Acer AlaunchX"="c:\acer\Preload\Command\AlaunchX\LaunchAlaunchX.exe" [2008-07-17 200704]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
    R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [x]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-04-15 131632]
    R3 NETwNv64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETwNv64.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
    R4 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2009-03-06 20376]
    R4 ETService;Empowering Technology Service;c:\program files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2008-06-11 24576]
    R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 135664]
    R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 135664]
    R4 LiveUpdate Notice;LiveUpdate Notice;c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
    S1 IDSvia64;Symantec Intrusion Prevention Driver;c:\progra~3\Symantec\DEFINI~1\SymcData\ipsdefs\20090709.001\IDSvia64.sys [2009-04-28 370224]
    S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2008-01-21 27648]
    S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
    S3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
    S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2mdx64.sys [x]
    S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sdx64.sys [x]
    S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [x]
    S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - COMHOST
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 03:30]
    .
    2011-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 03:30]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "combofix"="c:\combofix\CF854.cfxxe" [X]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-10 1560360]
    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-21 182808]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-12 151064]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-12 209432]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-12 182808]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.livingston.org/
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=1008&m=mc7801u
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    TCP: DhcpNameServer = 167.206.245.130 167.206.245.129
    CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
    FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c8nzy25t.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxp://www.oovoostart.com/s/?src=FF-Address&site=Bing&cfg=2-201-0-0&engine_id=1&provider_id=1&product_id=201&country=US&q=
    FF - prefs.js: network.proxy.type - 0
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    FF - Ext: ooVooToolbar: {59c6f12b-f004-43e5-9997-08f2123119b6} - %profile%\extensions\{59c6f12b-f004-43e5-9997-08f2123119b6}
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKLM-Run-eRecoveryService - (no file)
    Wow6432Node-HKLM-Run-hpqSRMon - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @SACL=
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @SACL=
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @SACL=
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @SACL=
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    .
    **************************************************************************
    .
    Completion time: 2011-06-18 14:35:38 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-06-18 18:35
    .
    Pre-Run: 74,050,727,936 bytes free
    Post-Run: 76,057,313,280 bytes free
    .
    - - End Of File - - 2B605629C07F319943672C0F3E448094



    rkill:


    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.
    Ran as Owner on 06/18/2011 at 14:47:58.


    Services Stopped:


    Processes terminated by Rkill or while it was running:




    Rkill completed on 06/18/2011 at 14:48:08.
     
  7. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    My instructions clearly ask for Combofix to placed on your Desktop.
    Please, move the file to correct location.

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box
    • Click OK
    Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\users\Owner\AppData\Local\BIT79D1.tmp
    c:\users\Owner\AppData\Local\BIT6892.tmp
    c:\users\Owner\AppData\Local\BITFA17.tmp
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt

    =====================================================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  8. KenBrown2

    KenBrown2 TS Rookie Topic Starter Posts: 60

    Broni,

    I apologize, didn't realize I had to have it on the desktop. Here are is the ComboFix log. The TDS SKiller will be in the next post:

    ComboFix
    ComboFix 11-06-17.04 - Owner 06/18/2011 17:49:23.2.2 - x64
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3960.2571 [GMT -4:00]
    Running from: c:\users\Owner\Desktop\ComboFix.exe
    Command switches used :: c:\users\Owner\Desktop\CFScript.txt
    AV: Norton 360 *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    SP: Norton 360 *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\users\Owner\AppData\Local\BIT6892.tmp"
    "c:\users\Owner\AppData\Local\BIT79D1.tmp"
    "c:\users\Owner\AppData\Local\BITFA17.tmp"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Owner\AppData\Local\BIT6892.tmp
    c:\users\Owner\AppData\Local\BIT79D1.tmp
    c:\users\Owner\AppData\Local\BITFA17.tmp
    .
    c:\windows\SysWow64\userinit.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot
    .
    Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected
    Restored copy from - c:\windows\ERDNT\cache86\userinit.exe
    .
    ((((((((((((((((((((((((( Files Created from 2011-05-18 to 2011-06-18 )))))))))))))))))))))))))))))))
    .
    .
    2011-06-18 22:06 . 2011-06-18 22:08 -------- d-----w- c:\users\Owner\AppData\Local\temp
    2011-06-18 22:06 . 2011-06-18 22:06 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-06-18 00:19 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AC2CE6BA-D3AA-4659-9A4F-DD2B560163A3}\mpengine.dll
    2011-06-17 02:20 . 2011-06-17 02:20 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
    2011-06-17 02:20 . 2011-05-29 13:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-06-17 02:20 . 2011-06-17 02:20 -------- d-----w- c:\programdata\Malwarebytes
    2011-06-17 02:20 . 2011-06-17 02:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-06-17 02:20 . 2011-05-29 13:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-17 00:49 . 2011-06-18 14:12 -------- d-----w- c:\programdata\Alwil Software
    2011-06-17 00:49 . 2011-06-17 00:49 -------- d-----w- c:\program files\Alwil Software
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-06-11 17:00 . 2011-05-16 03:46 525856 ----a-w- c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-06-18_18.26.11 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-11-30 00:16 . 2011-06-18 14:42 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-11-30 00:16 . 2011-06-18 22:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-11-30 00:16 . 2011-06-18 14:42 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-11-30 00:16 . 2011-06-18 22:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-06-18 18:25 . 2011-06-18 18:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-06-18 22:07 . 2011-06-18 22:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2011-06-18 18:25 . 2011-06-18 18:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-06-18 22:07 . 2011-06-18 22:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2006-11-02 12:46 . 2011-06-18 18:08 644102 c:\windows\system32\perfh009.dat
    + 2006-11-02 12:46 . 2011-06-18 18:33 644102 c:\windows\system32\perfh009.dat
    + 2006-11-02 12:46 . 2011-06-18 18:33 117976 c:\windows\system32\perfc009.dat
    - 2006-11-02 12:46 . 2011-06-18 18:08 117976 c:\windows\system32\perfc009.dat
    - 2011-02-14 03:14 . 2011-06-18 18:24 285896 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2011-02-14 03:14 . 2011-06-18 22:06 285896 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{59c6f12b-f004-43e5-9997-08f2123119b6}]
    2011-04-26 02:39 81920 ----a-w- c:\program files (x86)\oovootoolbar\oovootoolbarX.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{59c6f12b-f004-43e5-9997-08f2123119b6}"= "c:\program files (x86)\oovootoolbar\oovootoolbarX.dll" [2011-04-26 81920]
    .
    [HKEY_CLASSES_ROOT\clsid\{59c6f12b-f004-43e5-9997-08f2123119b6}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
    "SmileboxTray"="c:\users\Owner\AppData\Roaming\Smilebox\SmileboxTray.exe" [2011-06-02 313160]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-30 68856]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "Trigger New Acer AlaunchX"="c:\acer\Preload\Command\AlaunchX\AppInRun.exe" [2008-07-17 8192]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
    "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "New Acer AlaunchX"="c:\acer\Preload\Command\AlaunchX\LaunchAlaunchX.exe" [2008-07-17 200704]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
    R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [x]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-04-15 131632]
    R3 NETwNv64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETwNv64.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
    R4 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2009-03-06 20376]
    R4 ETService;Empowering Technology Service;c:\program files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2008-06-11 24576]
    R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 135664]
    R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 135664]
    R4 LiveUpdate Notice;LiveUpdate Notice;c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
    S1 IDSvia64;Symantec Intrusion Prevention Driver;c:\progra~3\Symantec\DEFINI~1\SymcData\ipsdefs\20090709.001\IDSvia64.sys [2009-04-28 370224]
    S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2008-01-21 27648]
    S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
    S3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
    S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2mdx64.sys [x]
    S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sdx64.sys [x]
    S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [x]
    S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - COMHOST
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 03:30]
    .
    2011-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 03:30]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-10 1560360]
    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-21 182808]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-12 151064]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-12 209432]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-12 182808]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.livingston.org/
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=1008&m=mc7801u
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    TCP: DhcpNameServer = 167.206.245.130 167.206.245.129
    CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
    FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c8nzy25t.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxp://www.oovoostart.com/s/?src=FF-Address&site=Bing&cfg=2-201-0-0&engine_id=1&provider_id=1&product_id=201&country=US&q=
    FF - prefs.js: network.proxy.type - 0
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    FF - Ext: ooVooToolbar: {59c6f12b-f004-43e5-9997-08f2123119b6} - %profile%\extensions\{59c6f12b-f004-43e5-9997-08f2123119b6}
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @SACL=
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @SACL=
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @SACL=
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @SACL=
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2011-06-18 18:17:27 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-06-18 22:17
    ComboFix2.txt 2011-06-18 18:35
    .
    Pre-Run: 76,094,566,400 bytes free
    Post-Run: 75,867,205,632 bytes free
    .
    - - End Of File - - 4AF5824CE7654E86389ABFD275C350A4
     
  9. KenBrown2

    KenBrown2 TS Rookie Topic Starter Posts: 60

    TDS SKiller
    2011/06/18 18:24:36.0752 3716 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
    2011/06/18 18:24:36.0861 3716 ================================================================================
    2011/06/18 18:24:36.0861 3716 SystemInfo:
    2011/06/18 18:24:36.0861 3716
    2011/06/18 18:24:36.0861 3716 OS Version: 6.0.6002 ServicePack: 2.0
    2011/06/18 18:24:36.0861 3716 Product type: Workstation
    2011/06/18 18:24:36.0861 3716 ComputerName: OWNER-PC
    2011/06/18 18:24:36.0861 3716 UserName: Owner
    2011/06/18 18:24:36.0861 3716 Windows directory: C:\Windows
    2011/06/18 18:24:36.0861 3716 System windows directory: C:\Windows
    2011/06/18 18:24:36.0861 3716 Running under WOW64
    2011/06/18 18:24:36.0861 3716 Processor architecture: Intel x64
    2011/06/18 18:24:36.0861 3716 Number of processors: 2
    2011/06/18 18:24:36.0861 3716 Page size: 0x1000
    2011/06/18 18:24:36.0861 3716 Boot type: Normal boot
    2011/06/18 18:24:36.0861 3716 ================================================================================
    2011/06/18 18:24:37.0376 3716 Initialize success
    2011/06/18 18:24:45.0550 1020 ================================================================================
    2011/06/18 18:24:45.0550 1020 Scan started
    2011/06/18 18:24:45.0550 1020 Mode: Manual;
    2011/06/18 18:24:45.0566 1020 ================================================================================
    2011/06/18 18:24:46.0096 1020 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
    2011/06/18 18:24:46.0268 1020 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
    2011/06/18 18:24:46.0361 1020 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
    2011/06/18 18:24:46.0471 1020 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
    2011/06/18 18:24:46.0517 1020 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
    2011/06/18 18:24:46.0673 1020 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
    2011/06/18 18:24:46.0798 1020 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
    2011/06/18 18:24:46.0845 1020 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
    2011/06/18 18:24:47.0001 1020 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
    2011/06/18 18:24:47.0032 1020 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
    2011/06/18 18:24:47.0110 1020 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
    2011/06/18 18:24:47.0266 1020 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
    2011/06/18 18:24:47.0344 1020 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
    2011/06/18 18:24:47.0453 1020 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/06/18 18:24:47.0500 1020 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
    2011/06/18 18:24:47.0765 1020 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
    2011/06/18 18:24:47.0859 1020 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
    2011/06/18 18:24:47.0953 1020 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
    2011/06/18 18:24:48.0062 1020 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
    2011/06/18 18:24:48.0140 1020 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
    2011/06/18 18:24:48.0233 1020 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
    2011/06/18 18:24:48.0296 1020 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
    2011/06/18 18:24:48.0343 1020 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
    2011/06/18 18:24:48.0421 1020 BthEnum (86f46c41f773da5a4a1d221c9201e3b8) C:\Windows\system32\DRIVERS\BthEnum.sys
    2011/06/18 18:24:48.0514 1020 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
    2011/06/18 18:24:48.0623 1020 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys
    2011/06/18 18:24:48.0857 1020 BTHPORT (e76f40c8dffd33b6f142de90d3cabb73) C:\Windows\system32\Drivers\BTHport.sys
    2011/06/18 18:24:48.0998 1020 BTHUSB (cd52602d1884c6867269babcb67849c5) C:\Windows\system32\Drivers\BTHUSB.sys
    2011/06/18 18:24:49.0372 1020 CAXHWAZL (c25362669072f6aa8d4c3415d8b30b7a) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
    2011/06/18 18:24:49.0497 1020 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/06/18 18:24:49.0559 1020 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/06/18 18:24:49.0684 1020 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
    2011/06/18 18:24:49.0762 1020 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
    2011/06/18 18:24:49.0934 1020 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/06/18 18:24:49.0996 1020 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
    2011/06/18 18:24:50.0059 1020 CnxtHdAudService (48958718dd046e2ededd0d5addbfb5d9) C:\Windows\system32\drivers\CHDRT64.sys
    2011/06/18 18:24:50.0183 1020 COH_Mon (4ac0614de43f8787ec1556560c752af8) C:\Windows\system32\Drivers\COH_Mon.sys
    2011/06/18 18:24:50.0246 1020 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/06/18 18:24:50.0449 1020 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
    2011/06/18 18:24:50.0636 1020 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
    2011/06/18 18:24:50.0761 1020 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
    2011/06/18 18:24:50.0854 1020 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
    2011/06/18 18:24:50.0979 1020 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/06/18 18:24:51.0104 1020 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
    2011/06/18 18:24:51.0197 1020 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
    2011/06/18 18:24:51.0291 1020 eeCtrl (a7fbc38c1f6f3df3f1e21b8933e76e7c) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    2011/06/18 18:24:51.0463 1020 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
    2011/06/18 18:24:51.0572 1020 EraserUtilRebootDrv (541357e1a4d632c5c0440ccfb95606e7) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    2011/06/18 18:24:51.0712 1020 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
    2011/06/18 18:24:51.0868 1020 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
    2011/06/18 18:24:51.0977 1020 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
    2011/06/18 18:24:52.0071 1020 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
    2011/06/18 18:24:52.0196 1020 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
    2011/06/18 18:24:52.0258 1020 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
    2011/06/18 18:24:52.0383 1020 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/06/18 18:24:52.0461 1020 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
    2011/06/18 18:24:52.0633 1020 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/06/18 18:24:52.0679 1020 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
    2011/06/18 18:24:52.0789 1020 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\Drivers\GEARAspiWDM.sys
    2011/06/18 18:24:52.0929 1020 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
    2011/06/18 18:24:53.0069 1020 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/06/18 18:24:53.0194 1020 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
    2011/06/18 18:24:53.0241 1020 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
    2011/06/18 18:24:53.0303 1020 HidUsb (d02c82cb3a20f391c8aeff94e8e0baa1) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/06/18 18:24:53.0459 1020 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
    2011/06/18 18:24:53.0662 1020 HSFHWAZL (57ba73b5b321291e5114cb21350e1ea0) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
    2011/06/18 18:24:53.0834 1020 HSF_DPV (c8ecf7d2fd3f20078dfb3bd5f1e51f23) C:\Windows\system32\DRIVERS\CAX_DPV.sys
    2011/06/18 18:24:54.0005 1020 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
    2011/06/18 18:24:54.0130 1020 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
    2011/06/18 18:24:54.0193 1020 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/06/18 18:24:54.0349 1020 iaStor (fc28e90f2204d8fd147fa9bfa8a51c01) C:\Windows\system32\DRIVERS\iaStor.sys
    2011/06/18 18:24:54.0427 1020 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
    2011/06/18 18:24:54.0551 1020 IDSvia64 (18fb7dab578dbbb412d7d371688b0b36) C:\PROGRA~3\Symantec\DEFINI~1\SymcData\ipsdefs\20090709.001\IDSvia64.sys
    2011/06/18 18:24:54.0910 1020 igfx (8254f64c0b738c167b7f487ed7c28db5) C:\Windows\system32\DRIVERS\igdkmd64.sys
    2011/06/18 18:24:55.0175 1020 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
    2011/06/18 18:24:55.0269 1020 int15 (8c7fa71cb1ebcd3ede8958d27b1bf0b4) C:\Windows\SysWOW64\drivers\int15_64.sys
    2011/06/18 18:24:55.0409 1020 IntcHdmiAddService (bd37227c07179b1040a8896b9c0c146b) C:\Windows\system32\drivers\IntcHdmi.sys
    2011/06/18 18:24:55.0472 1020 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
    2011/06/18 18:24:55.0628 1020 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/06/18 18:24:55.0753 1020 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/06/18 18:24:55.0924 1020 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
    2011/06/18 18:24:55.0971 1020 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
    2011/06/18 18:24:56.0080 1020 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
    2011/06/18 18:24:56.0143 1020 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
    2011/06/18 18:24:56.0252 1020 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/06/18 18:24:56.0314 1020 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
    2011/06/18 18:24:56.0423 1020 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
    2011/06/18 18:24:56.0470 1020 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/06/18 18:24:56.0517 1020 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/06/18 18:24:56.0626 1020 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
    2011/06/18 18:24:56.0751 1020 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
    2011/06/18 18:24:56.0876 1020 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/06/18 18:24:56.0969 1020 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
    2011/06/18 18:24:57.0094 1020 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
    2011/06/18 18:24:57.0157 1020 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
    2011/06/18 18:24:57.0281 1020 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
    2011/06/18 18:24:57.0344 1020 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
    2011/06/18 18:24:57.0469 1020 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
    2011/06/18 18:24:57.0531 1020 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
    2011/06/18 18:24:57.0671 1020 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
    2011/06/18 18:24:57.0718 1020 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
    2011/06/18 18:24:57.0827 1020 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/06/18 18:24:57.0874 1020 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/06/18 18:24:57.0983 1020 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
    2011/06/18 18:24:58.0046 1020 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
    2011/06/18 18:24:58.0171 1020 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
    2011/06/18 18:24:58.0217 1020 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
    2011/06/18 18:24:58.0280 1020 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
    2011/06/18 18:24:58.0389 1020 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/06/18 18:24:58.0436 1020 mrxsmb10 (6dc9461915a551c2a625986f5fb3b851) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/06/18 18:24:58.0483 1020 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/06/18 18:24:58.0607 1020 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
    2011/06/18 18:24:58.0685 1020 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
    2011/06/18 18:24:58.0748 1020 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
    2011/06/18 18:24:58.0857 1020 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
    2011/06/18 18:24:58.0951 1020 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/06/18 18:24:59.0060 1020 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/06/18 18:24:59.0107 1020 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
    2011/06/18 18:24:59.0169 1020 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
    2011/06/18 18:24:59.0294 1020 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/06/18 18:24:59.0341 1020 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
    2011/06/18 18:24:59.0465 1020 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
    2011/06/18 18:24:59.0543 1020 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/06/18 18:24:59.0762 1020 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
    2011/06/18 18:24:59.0871 1020 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/06/18 18:24:59.0933 1020 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/06/18 18:24:59.0980 1020 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/06/18 18:25:00.0105 1020 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
    2011/06/18 18:25:00.0167 1020 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
    2011/06/18 18:25:00.0214 1020 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
    2011/06/18 18:25:00.0511 1020 NETw5v64 (2bdcb7b7917380794c9d87ac2153ce33) C:\Windows\system32\DRIVERS\NETw5v64.sys
    2011/06/18 18:25:01.0010 1020 NETwNv64 (8ea525c4ad4634ae5f6a23de586fa429) C:\Windows\system32\DRIVERS\NETwNv64.sys
    2011/06/18 18:25:01.0337 1020 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
    2011/06/18 18:25:01.0431 1020 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
    2011/06/18 18:25:01.0571 1020 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
    2011/06/18 18:25:01.0712 1020 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
    2011/06/18 18:25:01.0868 1020 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
    2011/06/18 18:25:01.0930 1020 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
    2011/06/18 18:25:01.0993 1020 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
    2011/06/18 18:25:02.0133 1020 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
    2011/06/18 18:25:02.0320 1020 O2MDRDR (2481724eace9fc86e454402a280b56c6) C:\Windows\system32\DRIVERS\o2mdx64.sys
    2011/06/18 18:25:02.0461 1020 O2SDRDR (c88959545b5f598791d30314c7db5718) C:\Windows\system32\DRIVERS\o2sdx64.sys
    2011/06/18 18:25:02.0554 1020 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
    2011/06/18 18:25:02.0710 1020 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
    2011/06/18 18:25:02.0788 1020 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
    2011/06/18 18:25:02.0897 1020 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
    2011/06/18 18:25:02.0960 1020 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
    2011/06/18 18:25:03.0069 1020 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
    2011/06/18 18:25:03.0163 1020 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
    2011/06/18 18:25:03.0459 1020 pnarp (4ff73a83a25d0eead4f5e6c841bb6704) C:\Windows\system32\DRIVERS\pnarp.sys
    2011/06/18 18:25:03.0631 1020 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/06/18 18:25:03.0693 1020 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
    2011/06/18 18:25:03.0771 1020 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
    2011/06/18 18:25:03.0880 1020 purendis (9a68a89f10f283a23afee2a1bfe4bffb) C:\Windows\system32\DRIVERS\purendis.sys
    2011/06/18 18:25:03.0943 1020 PxHlpa64 (05f46042208e515b9c240aafc54e7aa2) C:\Windows\system32\Drivers\PxHlpa64.sys
    2011/06/18 18:25:04.0083 1020 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
    2011/06/18 18:25:04.0239 1020 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
    2011/06/18 18:25:04.0364 1020 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
    2011/06/18 18:25:04.0411 1020 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/06/18 18:25:04.0535 1020 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/06/18 18:25:04.0598 1020 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/06/18 18:25:04.0660 1020 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/06/18 18:25:04.0785 1020 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/06/18 18:25:04.0894 1020 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/06/18 18:25:04.0957 1020 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
    2011/06/18 18:25:05.0081 1020 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
    2011/06/18 18:25:05.0144 1020 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
    2011/06/18 18:25:05.0315 1020 RFCOMM (f228ce2f778503cecb2b27097b5b3139) C:\Windows\system32\DRIVERS\rfcomm.sys
    2011/06/18 18:25:05.0440 1020 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/06/18 18:25:05.0549 1020 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
    2011/06/18 18:25:05.0737 1020 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
    2011/06/18 18:25:05.0799 1020 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    2011/06/18 18:25:05.0877 1020 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
    2011/06/18 18:25:05.0924 1020 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
    2011/06/18 18:25:06.0017 1020 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
    2011/06/18 18:25:06.0127 1020 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
    2011/06/18 18:25:06.0158 1020 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/06/18 18:25:06.0205 1020 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
    2011/06/18 18:25:06.0298 1020 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
    2011/06/18 18:25:06.0376 1020 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
    2011/06/18 18:25:06.0439 1020 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
    2011/06/18 18:25:06.0517 1020 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
    2011/06/18 18:25:06.0673 1020 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
    2011/06/18 18:25:06.0782 1020 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
    2011/06/18 18:25:06.0782 1020 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
    2011/06/18 18:25:06.0797 1020 sptd - detected LockedFile.Multi.Generic (1)
    2011/06/18 18:25:06.0907 1020 SRTSP (7e4cc24a23262a84ae99dbffef69a6b0) C:\Windows\system32\Drivers\SRTSP64.SYS
    2011/06/18 18:25:06.0969 1020 SRTSPL (8b1dedeba049a3e1daf8219eec87eb00) C:\Windows\system32\Drivers\SRTSPL64.SYS
    2011/06/18 18:25:07.0078 1020 SRTSPX (3db35652e4460da6730bb44908fa39cb) C:\Windows\system32\Drivers\SRTSPX64.SYS
    2011/06/18 18:25:07.0156 1020 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
    2011/06/18 18:25:07.0281 1020 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
    2011/06/18 18:25:07.0328 1020 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/06/18 18:25:07.0468 1020 StillCam (14b4db4381e4a55f570d8bb699b791d6) C:\Windows\system32\DRIVERS\serscan.sys
    2011/06/18 18:25:07.0531 1020 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
    2011/06/18 18:25:07.0609 1020 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
    2011/06/18 18:25:07.0733 1020 SYMDNS (002e73df2a07785e93943eefc16edb57) C:\Windows\System32\Drivers\SYMDNS.SYS
    2011/06/18 18:25:07.0796 1020 SymEvent (209d2e4c78026eba547121e73dd82ebe) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    2011/06/18 18:25:07.0936 1020 SYMFW (c785ca33d3dbcdf604e58c3a2eb1818a) C:\Windows\System32\Drivers\SYMFW.SYS
    2011/06/18 18:25:07.0999 1020 SymIM (f78828b90bd5bb5bcd8500f9b08ba76f) C:\Windows\system32\DRIVERS\SymIMv.sys
    2011/06/18 18:25:08.0108 1020 SYMNDISV (8357806b06b514f6edf9d10cfdce2853) C:\Windows\System32\Drivers\SYMNDISV.SYS
    2011/06/18 18:25:08.0155 1020 SYMREDRV (e05fbad45a96fb25f58bb0a9538a337e) C:\Windows\System32\Drivers\SYMREDRV.SYS
    2011/06/18 18:25:08.0201 1020 SYMTDI (a30def26951b77788a71b1033d275e65) C:\Windows\System32\Drivers\SYMTDI.SYS
    2011/06/18 18:25:08.0326 1020 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
    2011/06/18 18:25:08.0373 1020 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
    2011/06/18 18:25:08.0435 1020 SynTP (437a9d8b5ae2067d44eb60c953edc8a4) C:\Windows\system32\DRIVERS\SynTP.sys
    2011/06/18 18:25:08.0623 1020 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys
    2011/06/18 18:25:08.0810 1020 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/06/18 18:25:08.0950 1020 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
    2011/06/18 18:25:08.0997 1020 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
    2011/06/18 18:25:09.0059 1020 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
    2011/06/18 18:25:09.0153 1020 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
    2011/06/18 18:25:09.0215 1020 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
    2011/06/18 18:25:09.0340 1020 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/06/18 18:25:09.0449 1020 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
    2011/06/18 18:25:09.0496 1020 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/06/18 18:25:09.0605 1020 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
    2011/06/18 18:25:09.0683 1020 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
    2011/06/18 18:25:09.0839 1020 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
    2011/06/18 18:25:09.0902 1020 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
    2011/06/18 18:25:10.0027 1020 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
    2011/06/18 18:25:10.0073 1020 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
    2011/06/18 18:25:10.0136 1020 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
    2011/06/18 18:25:10.0276 1020 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
    2011/06/18 18:25:10.0354 1020 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/06/18 18:25:10.0401 1020 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
    2011/06/18 18:25:10.0526 1020 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/06/18 18:25:10.0573 1020 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/06/18 18:25:10.0697 1020 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
    2011/06/18 18:25:10.0760 1020 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/06/18 18:25:10.0807 1020 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
    2011/06/18 18:25:10.0916 1020 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/06/18 18:25:10.0963 1020 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/06/18 18:25:11.0009 1020 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
    2011/06/18 18:25:11.0134 1020 UVCFTR (56ed086f1300ecb1e6f67ac43955e5e9) C:\Windows\system32\Drivers\UVCFTR_S.SYS
    2011/06/18 18:25:11.0228 1020 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/06/18 18:25:11.0259 1020 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
    2011/06/18 18:25:11.0306 1020 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
    2011/06/18 18:25:11.0431 1020 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
    2011/06/18 18:25:11.0509 1020 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
    2011/06/18 18:25:11.0633 1020 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
    2011/06/18 18:25:11.0743 1020 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
    2011/06/18 18:25:11.0836 1020 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
    2011/06/18 18:25:11.0883 1020 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/06/18 18:25:11.0914 1020 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/06/18 18:25:12.0039 1020 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
    2011/06/18 18:25:12.0117 1020 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
    2011/06/18 18:25:12.0367 1020 winachsf (40efee2fd560eb0438f3aebd5bf751b4) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
    2011/06/18 18:25:12.0569 1020 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2011/06/18 18:25:12.0710 1020 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
    2011/06/18 18:25:12.0835 1020 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/06/18 18:25:12.0944 1020 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/06/18 18:25:13.0069 1020 XAudio (c22b223cc6d58e921d78e173172f66f5) C:\Windows\system32\DRIVERS\xaudio64.sys
    2011/06/18 18:25:13.0162 1020 yukonx64 (29184ba4b42847a76bfab387a2e52fe3) C:\Windows\system32\DRIVERS\yk60x64.sys
    2011/06/18 18:25:13.0225 1020 MBR (0x1B8) (2d38f4a50470b53943a7dbd02e402e47) \Device\Harddisk0\DR0
    2011/06/18 18:25:13.0443 1020 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR1
    2011/06/18 18:25:13.0459 1020 ================================================================================
    2011/06/18 18:25:13.0459 1020 Scan finished
    2011/06/18 18:25:13.0459 1020 ================================================================================
    2011/06/18 18:25:13.0490 3688 Detected object count: 1
    2011/06/18 18:25:13.0490 3688 Actual detected object count: 1
    2011/06/18 18:25:17.0561 3688 LockedFile.Multi.Generic(sptd) - User select action: Skip
     
  10. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    How is internet connection?
     
  11. KenBrown2

    KenBrown2 TS Rookie Topic Starter Posts: 60

    It still isn't working. I tried rebooting, but it still doesn't work.
     
  12. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Please download MiniToolBox and run it.

    Checkmark following boxes:
    • Report IE Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List last 10 Event Viewer log
    Click Go and post the result.
     
  13. KenBrown2

    KenBrown2 TS Rookie Topic Starter Posts: 60

    Still no internet connection


    MiniToolBox

    MiniToolBox by Farbar
    Ran by Owner (administrator) on 18-06-2011 at 21:58:19
    Windows (TM) Vista Home Premium Service Pack 2 (X64)

    ***************************************************************************


    ========================= IE Proxy Settings: ==============================

    Proxy is not enabled.
    No Proxy Server is set.

    ========================= End of IE Proxy Settings ========================
    =============== Hosts content: ============================================

    127.0.0.1 localhost

    =============== End of Hosts ==============================================

    ================= IP Configuration: =======================================

    # ----------------------------------
    # IPv4 Configuration
    # ----------------------------------
    pushd interface ipv4

    reset
    set global


    popd
    # End of IPv4 configuration



    Windows IP Configuration

    Host Name . . . . . . . . . . . . : Owner-PC
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No

    Ethernet adapter Local Area Connection:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Marvell Yukon 88E8057 PCI-E Gigabit Ethernet Controller
    Physical Address. . . . . . . . . : 00-E0-B8-FD-93-D9
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes

    Wireless LAN adapter Wireless Network Connection:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Intel(R) WiFi Link 5100 AGN
    Physical Address. . . . . . . . . : 00-21-5D-40-C4-1C
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    Link-local IPv6 Address . . . . . : fe80::a0f3:9220:6649:70f4%10(Preferred)
    IPv4 Address. . . . . . . . . . . : 192.168.1.103(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Lease Obtained. . . . . . . . . . : Saturday, June 18, 2011 9:57:11 PM
    Lease Expires . . . . . . . . . . : Sunday, June 19, 2011 9:57:11 PM
    Default Gateway . . . . . . . . . : 192.168.1.1
    DHCP Server . . . . . . . . . . . : 192.168.1.1
    DHCPv6 IAID . . . . . . . . . . . : 268441322
    DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-10-78-DD-EC-00-E0-B8-FD-93-D9
    DNS Servers . . . . . . . . . . . : 167.206.245.130
    167.206.245.129
    NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter Local Area Connection* 6:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : 6TO4 Adapter
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 7:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : isatap.{9AC1704F-5238-42FA-AC76-6A1EF6B6BD72}
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 11:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
    Physical Address. . . . . . . . . : 02-00-54-55-4E-01
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 14:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : isatap.{7C7D86A6-5962-483F-89BB-ED5F19941C31}
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    Server: vdns2.srv.prnynj.cv.net
    Address: 167.206.245.130

    Name: google.com
    Addresses: 74.125.91.105
    74.125.91.147
    74.125.91.99
    74.125.91.103
    74.125.91.104
    74.125.91.106



    Pinging google.com [74.125.91.103] with 32 bytes of data:

    Reply from 74.125.91.103: bytes=32 time=28ms TTL=52

    Reply from 74.125.91.103: bytes=32 time=26ms TTL=52



    Ping statistics for 74.125.91.103:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

    Approximate round trip times in milli-seconds:

    Minimum = 26ms, Maximum = 28ms, Average = 27ms

    Server: vdns2.srv.prnynj.cv.net
    Address: 167.206.245.130

    Name: yahoo.com
    Addresses: 72.30.2.43
    98.137.149.56
    209.191.122.70
    67.195.160.76
    69.147.125.65



    Pinging yahoo.com [67.195.160.76] with 32 bytes of data:

    Reply from 67.195.160.76: bytes=32 time=33ms TTL=54

    Reply from 67.195.160.76: bytes=32 time=26ms TTL=54



    Ping statistics for 67.195.160.76:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

    Approximate round trip times in milli-seconds:

    Minimum = 26ms, Maximum = 33ms, Average = 29ms



    Pinging 127.0.0.1 with 32 bytes of data:

    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



    Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

    Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

    ===========================================================================
    Interface List
    11 ...00 e0 b8 fd 93 d9 ...... Marvell Yukon 88E8057 PCI-E Gigabit Ethernet Controller
    10 ...00 21 5d 40 c4 1c ...... Intel(R) WiFi Link 5100 AGN
    1 ........................... Software Loopback Interface 1
    12 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
    15 ...00 00 00 00 00 00 00 e0 isatap.{9AC1704F-5238-42FA-AC76-6A1EF6B6BD72}
    13 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
    14 ...00 00 00 00 00 00 00 e0 isatap.{7C7D86A6-5962-483F-89BB-ED5F19941C31}
    ===========================================================================

    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination Netmask Gateway Interface Metric
    0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.103 25
    127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
    127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
    127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
    192.168.1.0 255.255.255.0 On-link 192.168.1.103 281
    192.168.1.103 255.255.255.255 On-link 192.168.1.103 281
    192.168.1.255 255.255.255.255 On-link 192.168.1.103 281
    224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
    224.0.0.0 240.0.0.0 On-link 192.168.1.103 281
    255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
    255.255.255.255 255.255.255.255 On-link 192.168.1.103 281
    ===========================================================================
    Persistent Routes:
    None

    IPv6 Route Table
    ===========================================================================
    Active Routes:
    If Metric Network Destination Gateway
    1 306 ::1/128 On-link
    10 281 fe80::/64 On-link
    10 281 fe80::a0f3:9220:6649:70f4/128
    On-link
    1 306 ff00::/8 On-link
    10 281 ff00::/8 On-link
    ===========================================================================
    Persistent Routes:
    None

    ================= End of IP Configuration =================================

    ========================= Event log errors: ===============================

    Application errors:
    ==================
    Error: (06/18/2011 09:55:43 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/18/2011 09:42:51 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/18/2011 06:08:01 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/18/2011 02:26:09 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/18/2011 10:42:38 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/18/2011 10:37:50 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/18/2011 10:37:29 AM) (Source: EventSystem) (User: )
    Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

    Error: (06/18/2011 10:34:17 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/18/2011 10:03:07 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/17/2011 08:09:12 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    System errors:
    =============
    Error: (06/18/2011 09:55:44 PM) (Source: Service Control Manager) (User: )
    Description: Beep

    Error: (06/18/2011 09:42:51 PM) (Source: Service Control Manager) (User: )
    Description: Beep

    Error: (06/18/2011 06:08:01 PM) (Source: Service Control Manager) (User: )
    Description: Beep

    Error: (06/18/2011 06:06:25 PM) (Source: Service Control Manager) (User: )
    Description: PEVSystemStart

    Error: (06/18/2011 06:05:46 PM) (Source: Application Popup) (User: )
    Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

    Error: (06/18/2011 06:04:53 PM) (Source: Application Popup) (User: )
    Description: \??\C:\Users\Owner\AppData\Local\Temp\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

    Error: (06/18/2011 05:55:24 PM) (Source: Service Control Manager) (User: )
    Description: PEVSystemStart

    Error: (06/18/2011 05:47:18 PM) (Source: Service Control Manager) (User: )
    Description: HP CUE DeviceDiscovery Service1

    Error: (06/18/2011 05:47:18 PM) (Source: Service Control Manager) (User: )
    Description: hpqcxs081

    Error: (06/18/2011 02:26:09 PM) (Source: Service Control Manager) (User: )
    Description: Beep


    Microsoft Office Sessions:
    =========================

    ========================= End of Event log errors =========================
     
  14. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Again, your connection is fine ("ping" works").
    Something is still blocking your browsers.

    Restart in Safe Mode with Networking and see, if you can your browsers there.
     
  15. KenBrown2

    KenBrown2 TS Rookie Topic Starter Posts: 60

    Unfortuantely, the internet still does not work.
     
  16. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Download Bootkit Remover to your Desktop.

    • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
    • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.

    ================================================================

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  17. KenBrown2

    KenBrown2 TS Rookie Topic Starter Posts: 60

    Booklit Remover


    Bootkit Remover
    (c) 2009 eSage Lab
    www.esagelab.com

    Program version: 1.2.0.0
    OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
    002), 64-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`80100000
    Boot sector MD5 is: c3f4814ee2c87f8f4fc3acd72454a04d

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 Unknown boot code

    Unknown boot code has been found on some of your physical disks.
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>


    Done;
    Press any key to quit...


    OTL


    OTL logfile created on: 6/18/2011 11:08:30 PM - Run 1
    OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Owner\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19088)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.87 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 62.53% Memory free
    7.91 Gb Paging File | 6.37 Gb Available in Paging File | 80.58% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 144.04 Gb Total Space | 70.62 Gb Free Space | 49.03% Space Free | Partition Type: NTFS
    Drive D: | 144.04 Gb Total Space | 143.73 Gb Free Space | 99.78% Space Free | Partition Type: NTFS
    Drive F: | 1.87 Gb Total Space | 1.80 Gb Free Space | 96.64% Space Free | Partition Type: FAT

    Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/06/18 23:03:18 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    PRC - [2011/06/01 23:28:22 | 000,313,160 | ---- | M] (Smilebox, Inc.) -- C:\Users\Owner\AppData\Roaming\Smilebox\SmileboxTray.exe
    PRC - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE
    PRC - [2008/07/20 20:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/06/18 23:03:18 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2008/06/11 14:18:30 | 000,024,576 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe -- (ETService)
    SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2007/10/17 11:37:22 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
    SRV - [2010/09/17 21:14:22 | 000,460,144 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/01/30 01:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
    SRV - [2009/04/07 15:34:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
    SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Disabled | Stopped] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)
    SRV - [2008/11/04 03:41:00 | 000,437,248 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
    SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
    SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
    SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
    SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
    SRV - [2008/09/05 11:52:32 | 003,220,856 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
    SRV - [2008/09/03 13:53:37 | 001,245,064 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
    SRV - [2008/07/20 20:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2008/05/05 18:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2008/02/20 19:02:00 | 000,238,968 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
    SRV - [2007/08/21 06:22:00 | 000,267,096 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
    SRV - [2007/02/12 04:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Disabled | Stopped] -- C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2010/10/26 00:28:39 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
    DRV:64bit: - [2010/10/18 05:15:18 | 007,959,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETwNv64.sys -- (NETwNv64) ___ Intel(R)
    DRV:64bit: - [2010/09/28 16:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
    DRV:64bit: - [2009/05/19 22:01:00 | 000,172,080 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/04/07 15:33:08 | 000,033,072 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\purendis.sys -- (purendis)
    DRV:64bit: - [2009/04/07 15:33:06 | 000,031,536 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\pnarp.sys -- (pnarp)
    DRV:64bit: - [2009/02/19 13:31:42 | 000,028,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\SymIMv.sys -- (SymIM)
    DRV:64bit: - [2009/02/19 13:31:18 | 000,047,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMNDISV.SYS -- (SYMNDISV)
    DRV:64bit: - [2009/02/19 13:31:00 | 000,266,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\SYMTDI.SYS -- (SYMTDI)
    DRV:64bit: - [2009/02/19 13:30:58 | 000,145,456 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMFW.SYS -- (SYMFW)
    DRV:64bit: - [2009/02/19 13:30:58 | 000,028,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMREDRV.SYS -- (SYMREDRV)
    DRV:64bit: - [2009/02/19 13:30:58 | 000,016,432 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMDNS.SYS -- (SYMDNS)
    DRV:64bit: - [2008/11/17 16:50:30 | 004,751,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel(R)
    DRV:64bit: - [2008/11/04 03:40:46 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
    DRV:64bit: - [2008/10/15 08:57:50 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
    DRV:64bit: - [2008/10/15 08:53:44 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -- (CAXHWAZL)
    DRV:64bit: - [2008/10/15 08:52:24 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
    DRV:64bit: - [2008/07/30 17:55:06 | 000,025,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\COH_Mon.sys -- (COH_Mon)
    DRV:64bit: - [2008/07/28 23:44:20 | 000,314,880 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
    DRV:64bit: - [2008/07/20 20:44:54 | 000,402,456 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
    DRV:64bit: - [2008/07/15 04:39:24 | 000,062,296 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\o2mdx64.sys -- (O2MDRDR)
    DRV:64bit: - [2008/07/10 22:29:08 | 007,912,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2008/07/10 05:52:38 | 000,325,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
    DRV:64bit: - [2008/06/29 17:52:44 | 000,126,976 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
    DRV:64bit: - [2008/06/26 19:24:20 | 000,020,520 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
    DRV:64bit: - [2008/06/11 21:29:30 | 000,051,800 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\o2sdx64.sys -- (O2SDRDR)
    DRV:64bit: - [2008/04/29 04:00:00 | 000,392,192 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
    DRV:64bit: - [2008/01/30 22:51:00 | 000,476,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SRTSPL64.SYS -- (SRTSPL)
    DRV:64bit: - [2008/01/30 22:51:00 | 000,440,880 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SRTSP64.SYS -- (SRTSP)
    DRV:64bit: - [2008/01/30 22:51:00 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\SRTSPX64.SYS -- (SRTSPX)
    DRV:64bit: - [2008/01/20 22:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
    DRV:64bit: - [2008/01/20 22:46:57 | 000,286,720 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
    DRV:64bit: - [2008/01/20 22:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
    DRV:64bit: - [2007/07/26 06:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2006/06/18 10:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
    DRV - [2009/04/27 22:14:10 | 000,370,224 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20090709.001\IDSviA64.sys -- (IDSvia64)
    DRV - [2009/04/15 13:09:38 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
    DRV - [2009/04/15 13:09:38 | 000,131,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2008/06/11 14:13:24 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=1008&m=mc7801u
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=1008&m=mc7801u


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1361230698-3698658676-2926581387-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-1361230698-3698658676-2926581387-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.livingston.org/
    IE - HKU\S-1-5-21-1361230698-3698658676-2926581387-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.livingston.org/livingstonps/site/default.asp
    IE - HKU\S-1-5-21-1361230698-3698658676-2926581387-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1361230698-3698658676-2926581387-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Bing"
    FF - prefs.js..browser.startup.homepage: "www.google.com"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
    FF - prefs.js..extensions.enabledItems: {59c6f12b-f004-43e5-9997-08f2123119b6}:2.5.0.3
    FF - prefs.js..keyword.URL: "http://www.oovoostart.com/s/?src=FF-Address&site=Bing&cfg=2-201-0-0&engine_id=1&provider_id=1&product_id=201&country=US&q="
    FF - prefs.js..network.proxy.type: 0

    FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/29 00:41:00 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/11/29 00:42:39 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/11 13:01:01 | 000,000,000 | ---D | M]

    [2010/07/31 00:21:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
    [2011/05/13 21:07:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c8nzy25t.default\extensions
    [2010/08/09 00:06:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c8nzy25t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/04/25 22:39:52 | 000,000,000 | ---D | M] (ooVoo Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c8nzy25t.default\extensions\{59c6f12b-f004-43e5-9997-08f2123119b6}
    [2011/04/04 23:00:29 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c8nzy25t.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2011/04/25 22:40:05 | 000,002,014 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c8nzy25t.default\searchplugins\bing-zugo.xml
    [2011/05/13 21:07:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2010/10/24 19:42:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/06/11 13:01:01 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
    [2011/06/11 13:01:01 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll
    [2009/11/06 12:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
    [2010/10/24 19:42:12 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    [2009/11/06 12:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

    O1 HOSTS File: ([2011/06/18 18:07:46 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (ooVoo Toolbar) - {59c6f12b-f004-43e5-9997-08f2123119b6} - C:\Program Files (x86)\oovootoolbar\oovootoolbarX.dll ()
    O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (ooVoo Toolbar) - {59c6f12b-f004-43e5-9997-08f2123119b6} - C:\Program Files (x86)\oovootoolbar\oovootoolbarX.dll ()
    O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3:64bit: - HKU\S-1-5-21-1361230698-3698658676-2926581387-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKU\S-1-5-21-1361230698-3698658676-2926581387-1000\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4 - HKLM..\Run: [ccApp] c:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [Trigger New Acer AlaunchX] c:\ACER\Preload\Command\AlaunchX\AppInRun.exe (Acer Inc.)
    O4 - HKU\S-1-5-21-1361230698-3698658676-2926581387-1000..\Run: [SmileboxTray] C:\Users\Owner\AppData\Roaming\Smilebox\SmileboxTray.exe (Smilebox, Inc.)
    O4 - HKLM..\RunOnce: [New Acer AlaunchX] c:\ACER\Preload\Command\AlaunchX\LaunchAlaunchX.exe (Acer Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1361230698-3698658676-2926581387-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1361230698-3698658676-2926581387-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.16.0.cab (SysInfo Class)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.130 167.206.245.129
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
    O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img20.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img20.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.clmp3enc - C:\Program Files (x86)\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.3IV2 - C:\Windows\SysWow64\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/06/18 23:04:29 | 000,083,968 | ---- | C] (eSage Lab) -- C:\Users\Owner\Desktop\remover.exe
    [2011/06/18 23:03:14 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2011/06/18 18:23:54 | 001,441,584 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\TDSSKiller.exe
    [2011/06/18 18:17:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp
    [2011/06/18 18:07:54 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2011/06/18 14:11:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/06/18 14:11:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/06/18 14:11:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/06/18 14:11:31 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/06/18 14:11:28 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/06/18 14:05:28 | 004,130,419 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
    [2011/06/16 22:20:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
    [2011/06/16 22:20:33 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2011/06/16 22:20:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/06/16 22:20:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/06/16 22:20:28 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2011/06/16 22:20:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2011/06/16 20:49:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
    [2011/06/16 20:49:53 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
    [2011/06/10 22:36:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Recorded Lesson
    [2011/05/29 15:40:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\backup-photos
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/06/18 23:08:15 | 000,757,970 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/06/18 23:08:15 | 000,644,102 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/06/18 23:08:15 | 000,117,976 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/06/18 23:03:18 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2011/06/18 23:01:24 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/06/18 23:01:24 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/06/18 23:01:02 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/06/18 23:00:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/06/18 22:51:15 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2011/06/18 22:42:21 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/06/18 18:09:20 | 000,002,072 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.0.lnk
    [2011/06/18 18:07:46 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2011/06/18 17:44:30 | 001,309,375 | ---- | M] () -- C:\Users\Owner\Desktop\tdsskiller.zip
    [2011/06/18 14:05:38 | 004,130,419 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
    [2011/06/18 10:19:16 | 000,369,085 | ---- | M] () -- C:\Users\Owner\Desktop\MiniToolBox.exe
    [2011/06/16 20:50:44 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2011/06/16 19:17:30 | 000,305,984 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2011/06/16 15:28:52 | 001,441,584 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\TDSSKiller.exe
    [2011/06/15 21:20:34 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
    [2011/06/12 20:01:54 | 000,002,651 | ---- | M] () -- C:\Users\Owner\Desktop\Word.lnk
    [2011/05/30 11:21:14 | 000,026,624 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/06/18 17:44:22 | 001,309,375 | ---- | C] () -- C:\Users\Owner\Desktop\tdsskiller.zip
    [2011/06/18 14:11:36 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/06/18 14:11:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/06/18 14:11:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/06/18 14:11:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/06/18 14:11:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/06/18 10:19:14 | 000,369,085 | ---- | C] () -- C:\Users\Owner\Desktop\MiniToolBox.exe
    [2011/06/16 20:50:44 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
    [2010/11/29 00:29:04 | 000,206,165 | ---- | C] () -- C:\Windows\hpoins46.dat
    [2010/10/12 00:21:08 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
    [2010/10/12 00:18:57 | 000,000,034 | -H-- | C] () -- C:\Windows\SysWow64\Converter_sysquict.dat
    [2010/10/11 23:19:22 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
    [2010/07/31 00:21:49 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2010/07/29 12:18:08 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
    [2010/05/13 22:36:23 | 000,026,624 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/01/29 17:21:20 | 000,000,532 | ---- | C] () -- C:\Windows\hpomdl46.dat
    [2009/09/19 11:53:50 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
    [2009/09/19 11:52:56 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
    [2009/09/19 11:52:13 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/05/12 20:25:35 | 000,166,615 | ---- | C] () -- C:\Windows\hpoins31.dat
    [2008/11/30 11:12:27 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
    [2008/09/03 12:56:39 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
    [2008/08/21 22:49:18 | 002,192,024 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
    [2008/08/21 22:49:18 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
    [2008/08/21 22:49:16 | 000,495,376 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
    [2008/06/17 05:23:21 | 000,001,691 | ---- | C] () -- C:\Windows\hpomdl31.dat
    [2008/02/19 02:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\SysWow64\OpenQuicktimeLib.dll
    [2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
    [2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
    [2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

    ========== LOP Check ==========

    [2011/05/15 23:46:36 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Catalina Marketing Corp
    [2010/10/26 00:33:39 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DAEMON Tools Lite
    [2010/10/19 00:17:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ImgBurn
    [2011/04/25 22:40:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ooVoo Details
    [2011/04/09 22:22:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Red Kawa
    [2011/06/12 19:03:11 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Smilebox
    [2009/06/01 22:09:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WildTangent
    [2011/06/18 22:51:15 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2008/09/03 13:52:07 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2011/06/18 18:17:27 | 000,017,078 | ---- | M] () -- C:\ComboFix.txt
    [2008/11/30 10:05:47 | 000,000,000 | ---- | M] () -- C:\detestfrag.txt
    [2010/10/12 01:13:40 | 000,000,000 | ---- | M] () -- C:\foo.txt
    [2008/09/03 13:57:50 | 000,000,165 | ---- | M] () -- C:\Labelprint.log
    [2010/10/12 00:47:13 | 000,001,015 | R--- | M] () -- C:\logFile.xsl
    [2011/06/18 23:00:44 | 171,962,367 | -HS- | M] () -- C:\pagefile.sys
    [2008/10/04 04:27:41 | 000,000,163 | ---- | M] () -- C:\power2go.log
    [2011/03/05 23:10:09 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
    [2011/03/07 22:37:59 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
    [2011/03/13 22:40:45 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
    [2011/03/27 23:03:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
    [2011/04/02 21:27:42 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
    [2011/05/08 21:48:42 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
    [2010/07/03 00:17:09 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
    [2010/07/15 00:23:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
    [2010/07/15 00:44:39 | 000,000,172 | -H-- | M] () -- C:\sqmdata08.sqm
    [2010/08/09 23:38:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
    [2010/09/03 00:04:16 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
    [2010/09/22 22:26:50 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
    [2010/10/08 02:39:01 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
    [2010/10/27 11:34:35 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
    [2010/11/10 03:13:53 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
    [2010/11/26 02:29:01 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
    [2010/12/04 14:39:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
    [2010/12/13 19:48:28 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
    [2011/02/05 22:03:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
    [2011/03/01 01:50:56 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
    [2011/03/05 23:10:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
    [2011/03/07 22:37:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
    [2011/03/13 22:40:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
    [2011/03/27 23:03:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
    [2011/04/02 21:27:42 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
    [2011/05/08 21:48:42 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
    [2010/07/03 00:17:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
    [2010/07/15 00:23:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
    [2010/07/15 00:44:39 | 000,000,172 | -H-- | M] () -- C:\sqmnoopt08.sqm
    [2010/08/09 23:38:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
    [2010/09/03 00:04:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
    [2010/09/22 22:26:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
    [2010/10/08 02:39:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
    [2010/10/27 11:34:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
    [2010/11/10 03:13:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
    [2010/11/26 02:29:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
    [2010/12/04 14:39:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
    [2010/12/13 19:48:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
    [2011/02/05 22:03:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
    [2011/03/01 01:50:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
    [2011/06/18 18:26:06 | 000,065,860 | ---- | M] () -- C:\TDSSKiller.2.5.5.0_18.06.2011_18.24.36_log.txt

    < %systemroot%\Fonts\*.com >
    [2006/11/02 11:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 11:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 11:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2010/04/17 12:25:32 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 17:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/01/20 23:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/04/17 11:54:51 | 000,000,286 | -HS- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/06/18 14:05:38 | 004,130,419 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
    [2011/06/18 10:19:16 | 000,369,085 | ---- | M] () -- C:\Users\Owner\Desktop\MiniToolBox.exe
    [2011/06/18 23:03:18 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2010/09/01 15:33:50 | 000,083,968 | ---- | M] (eSage Lab) -- C:\Users\Owner\Desktop\remover.exe
    [2011/06/16 15:28:52 | 001,441,584 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\TDSSKiller.exe
    [2010/10/27 01:59:30 | 282,427,301 | ---- | M] (UBCD4Win Team - Benjamin Burrows ) -- C:\Users\Owner\Desktop\UBCD4WinV360.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2011/06/10 22:51:05 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
    [2011/06/10 22:50:36 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
    [2010/04/17 12:41:32 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
    [2010/04/17 12:41:32 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
    [2011/06/10 22:50:36 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2008/11/30 09:50:14 | 000,000,402 | -HS- | M] () -- C:\Users\Owner\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/07/29 12:18:10 | 008,892,928 | ---- | M] () -- C:\ProgramData\atscie.msi
    [2010/11/29 00:49:01 | 000,001,999 | ---- | M] () -- C:\ProgramData\hpzinstall.log

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
  18. KenBrown2

    KenBrown2 TS Rookie Topic Starter Posts: 60

    Extras


    OTL Extras logfile created on: 6/18/2011 11:08:30 PM - Run 1
    OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Owner\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19088)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.87 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 62.53% Memory free
    7.91 Gb Paging File | 6.37 Gb Available in Paging File | 80.58% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 144.04 Gb Total Space | 70.62 Gb Free Space | 49.03% Space Free | Partition Type: NTFS
    Drive D: | 144.04 Gb Total Space | 143.73 Gb Free Space | 99.78% Space Free | Partition Type: NTFS
    Drive F: | 1.87 Gb Total Space | 1.80 Gb Free Space | 96.64% Space Free | Partition Type: FAT

    Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
    "VistaSp2" = 15 92 4A DB 4C DE CA 01 [binary data]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{05ED9163-0AE2-41AB-8D1B-9938E8C9AC4D}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{12951B43-2D7F-49EB-A340-B5CF48F42712}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 |
    "{19828907-78B8-42A1-931B-89B995D0A6A9}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{19CC42FC-02B1-4266-A38A-E24DDAE444B0}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 |
    "{1D1D6D10-252E-4E8D-B047-36E52757B389}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{27A7E744-8A04-4A56-9726-1E1BCFB100C2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{6241046C-1665-4897-B3F3-19F6506F1399}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
    "{62C50ECD-3A7B-4593-87C9-C27F6C4737FA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7D390F3B-366A-4306-8896-CD287788AC06}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{8F3C3B57-A8D7-4902-B595-65093EC24B19}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{9291E708-8EC1-4BD8-87FB-90C78BC95D4C}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 |
    "{96C62DB0-FE75-4B6B-9350-88D5905F57ED}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{A2A5ED78-8EAF-491F-91EF-928BD7811476}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{B0B3C39F-A657-4826-9BC7-0834A68BF9BD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{B290D6D8-A9C5-4E63-900A-DDEC2137BA47}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 |
    "{B8651DDA-CCD1-45D1-99D3-EDADFD3B4027}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 |
    "{C61950AB-1EE7-4260-81A2-6A8B945394C6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{E3A84D55-A7E1-421D-ADF1-DC32F5F9A6CF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{06311A07-82FD-4AC5-B765-64D374A94633}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
    "{0C8365EF-C84B-4922-9F16-8603DB98EB3C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
    "{0EC0EBA5-CA6B-4F63-8517-2997FB250C54}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
    "{1709ED3E-EA27-4EE3-9364-2B92A85C5E0E}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
    "{22A83AA2-AF3B-4638-897F-89B108094401}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{22D79903-EE26-442D-B733-161B23344831}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
    "{2F824CDD-E1C1-444B-B2CB-D32F4377686F}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
    "{3B47C625-2105-4DDD-93C0-CB7C11A73DE7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
    "{3C59355C-1EC8-4E2E-8F61-718F90A125DE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
    "{4E42FFEF-2399-478D-BE7E-C99527C2ABCA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
    "{505415D6-E591-4C49-9D75-E4CD784611AD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
    "{55FE43EA-C07B-496A-BEB4-E2BB0D2D2355}" = dir=in | app=c:\program files (x86)\msn messenger\livecall.exe |
    "{5BDB2BE2-32E8-4073-A6BC-FF74C004DFFC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
    "{63CB4F37-4200-40EA-8F44-E5751E5C43F1}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
    "{64CA455B-2624-4BDA-A93E-11755BC69BBF}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{752D89B1-B1EB-464E-8A2C-B47DACF7F3BD}" = dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe |
    "{955B42FF-07F9-4147-AF21-62456D1E10E9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{9829B089-D28B-4F9D-928B-902C865D988A}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
    "{9C214C4A-DF15-4811-9F0F-E5BEA0CF8100}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
    "{A5CE3BE8-9BFE-4891-8603-065D82069364}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
    "{AB7FA10F-1F59-42CA-B514-395DE69A804C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{B21235A2-5851-44FD-89BE-DAC67C800E1A}" = dir=in | app=c:\program files (x86)\msn messenger\livecall.exe |
    "{B9456923-F43A-403D-8231-AC85F3441C36}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
    "{C7140A18-D275-4225-B001-558C616012B9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
    "{D27591C6-B87F-46EB-A20B-3AAC9AFFBB1B}" = dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe |
    "{D92B2102-14DF-4BBC-A088-60D6F91B13D8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
    "{E2A8F956-6B38-47C5-A250-4C51C747233D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
    "{E4664850-9A5C-43B7-AD9D-89CC42E19334}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{E4678B48-9DC8-48A5-B937-867C90A5955E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{E5FDCD90-86A9-4150-9D47-44135FC0DCA0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
    "{F48A2CB7-F2DF-40F3-A113-318D1E15A60B}" = dir=in | app=e:\setup\hpznui40.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}" = HP Deskjet F4500 All-in-One Driver Software 14.0 Rel. 6
    "{2B8AD1EE-28D4-42FF-AE4B-856E5862D583}" = ccCommon64
    "{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
    "{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
    "{7BE7B0C4-96BE-4A1F-B868-A48752249E4D}" = SymNet x64
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{90B5B05F-AFDA-4922-A153-45B14200BA77}" = SPBBC 64bit
    "{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
    "{A6F1A083-4B12-47E8-9954-E4820C9A65C2}" = O2Micro Flash Memory Card Reader Driver (x64)
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{B6EFD9A5-2ECE-4C22-BAEC-D16E73EA2013}" = iTunes
    "{BD927EB7-78D3-4DC4-9325-7CBD89D8F0E5}" = GearDrvs
    "{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
    "{C8732DC3-1736-44b2-B741-2D636DE58605}" = HP Photosmart C6300 All-In-One Driver Software 11.0 Rel .4
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D75B1A1F-BBEC-4DF2-ACE4-9B166438A621}" = Symantec Real Time Storage Protection Component (x64)
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "CNXT_AUDIO_HDA" = Conexant HD Audio
    "CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HP Imaging Device Functions" = HP Imaging Device Functions 14.0
    "HP Photosmart Essential" = HP Photosmart Essential 3.0
    "HP Smart Web Printing" = HP Smart Web Printing 4.60
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
    "HPExtendedCapabilities" = HP Customer Participation Program 14.0
    "HPOCR" = OCR Software by I.R.I.S. 11.0
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Shop for HP Supplies" = Shop for HP Supplies
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
    "{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
    "{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}" = Norton 360 HTMLHelp
    "{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
    "{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
    "{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{21829177-4DED-4209-AD08-490B3AC9C01A}" = Norton 360
    "{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2376AAB2-F4D9-48D7-A42B-4E80B8967A8B}" = F4500
    "{24DF7221-644B-4C3A-A478-459502D40522}" = Backup
    "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
    "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
    "{2BA09774-34F7-4A06-8C7E-B69E44CB9EB0}" = DriverBoost
    "{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360
    "{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{32622F02-640A-4335-86FF-557325DC39D4}" = PS_AIO_04_C6300_Software_Min
    "{39098402-3F7A-4257-A4AE-FC1181D1B40B}" = Camera Assistant Software for Gateway
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "{45690715-80A6-4445-B61D-ADEC5888E8CD}" = Symantec Technical Support Controls
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
    "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
    "{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
    "{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
    "{5BA1D11C-B981-4CAA-B2B5-B8ADF413EBA5}" = Pure Networks Platform
    "{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
    "{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{67D15B01-9A6B-0397-002A-D2A015212748}" = FlipShare
    "{6BBBF237-A114-48E6-BBD0-A52BEF9CCFB2}" = Cisco Network Magic
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{70E1E357-E57C-4284-B04E-58196DC27BC1}" = PanoStandAlone
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{7BD42C12-74D1-4804-B24D-D21E25D4E3CF}" = PS_AIO_04_C6300_ProductContext
    "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
    "{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
    "{85498904-0748-45AA-9482-6DB8EA971B91}" = DJ_AIO_06_F4500_SW_MIN
    "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
    "{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
    "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
    "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{99832252-D489-4276-B961-6D505CF0AFAA}" = PS_AIO_04_C6300_Software
    "{99A17B9E-3901-400B-BCD7-2ACD8FFE328B}" = System Requirements Lab for Intel
    "{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}" = Copy
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9EDC4EA1-558A-4297-9BCB-F36E572E6B1D}" = C6300_Help
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
    "{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
    "{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
    "{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
    "{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
    "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
    "{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
    "{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
    "{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
    "{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
    "{D4250558-4DE6-4342-8865-D397FD66076B}" = C6300
    "{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
    "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
    "{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
    "3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "AviSynth" = AviSynth 2.5
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
    "Free Convert to DIVX AVI WMV MP4 MPEG Converter_is1" = Free Convert to DIVX AVI WMV MP4 MPEG Converter 5.8
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "HP Photo Creations" = HP Photo Creations
    "ImgBurn" = ImgBurn
    "KLiteCodecPack_is1" = K-Lite Codec Pack 6.4.0 (Basic)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
    "Marvell Miniport Driver" = Marvell Miniport Driver
    "Money2007b" = Microsoft Money Essentials
    "Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
    "Network MagicUninstall" = Network Magic
    "oovootoolbar" = ooVoo Toolbar
    "PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
    "SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360 (Symantec Corporation)
    "VLC media player" = VLC media player 0.9.2
    "Wii Video 9" = Wii Video 9 6
    "WildTangent gateway Master Uninstall" = Gateway Games
    "WinRAR archiver" = WinRAR archiver
    "Yahoo! Companion" = Yahoo! Toolbar

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1361230698-3698658676-2926581387-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Smilebox" = Smilebox

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 8/11/2010 9:13:34 PM | Computer Name = Owner-PC | Source = Application Hang | ID = 1002
    Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Problem Reports and Solutions control panel. Process
    ID: 660 Start Time: 01cb39aef0de9858 Termination Time: 0

    Error - 8/11/2010 9:15:51 PM | Computer Name = Owner-PC | Source = Application Hang | ID = 1002
    Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Problem Reports and Solutions control panel. Process
    ID: 13e0 Start Time: 01cb39bb9612a900 Termination Time: 0

    Error - 8/11/2010 9:20:23 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 8/12/2010 5:59:49 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 8/12/2010 8:03:19 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 8/12/2010 9:24:27 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 8/12/2010 9:24:27 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 8/12/2010 9:24:37 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 8/12/2010 9:24:37 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 8/13/2010 10:04:43 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
    Description =

    [ System Events ]
    Error - 6/18/2011 10:53:03 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 6/18/2011 10:58:32 PM | Computer Name = Owner-PC | Source = sptd | ID = 262148
    Description = Driver detected an internal error in its data structures for .

    Error - 6/18/2011 10:59:16 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10005
    Description =

    Error - 6/18/2011 10:59:25 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10005
    Description =

    Error - 6/18/2011 10:59:28 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10005
    Description =

    Error - 6/18/2011 10:59:30 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10005
    Description =

    Error - 6/18/2011 10:59:31 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10005
    Description =

    Error - 6/18/2011 10:59:40 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
    Description =

    Error - 6/18/2011 10:59:40 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 6/18/2011 11:01:25 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026
    Description =


    < End of report >
     
  19. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    If you have Vista/7 DVD...

    start with step 2

    If you don't have Vista/7 DVD...

    1. Create Vista/7 Recovery Disc.

    Option 1 :
    Vista: http://www.vistax64.com/tutorials/141820-create-recovery-disc.html (Option Two)
    Windows 7: http://www.guidingtech.com/3816/system-repair-recovery-disc-windows-7/

    Option 2:
    Download Vista Recovery Disc iso image: http://neosmart.net/blog/2008/windows-vista-recovery-disc-download/
    Download Windows 7 Recovery Disc iso image: http://neosmart.net/blog/2009/windows-7-system-repair-discs/
    Burn it to CD, or DVD: http://neosmart.net/wiki/display/G/Burning+ISO+Images+to+a+CD+or+DVD

    2. Boot from created disk. You may need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)

    Vista users. At first screen click on Repair your computer:
    [​IMG]

    Windows 7 users. At first screen click on Install now:
    [​IMG]
    Select your language and click next:
    [​IMG]
    Click the button for "Use recovery tools":
    [​IMG]

    The following applies to both, Vista and Windows 7 users.

    This will bring you to a new screen where the repair process will look for all Windows Vista/7 installations on your computer. When done you will be presented with the System Recovery Options dialog box:
    [​IMG]
    After this, it will present you with a list of options including startup repair, system restore and command prompt:
    [​IMG]
    Select Command Prompt

    Type in:
    bootrec /fixmbr (<--- there is a "space" after "bootrec")
    and then press Enter

    Once completed then type Exit, press Enter and restart computer.

    Post fresh aswMBR log.
     
  20. KenBrown2

    KenBrown2 TS Rookie Topic Starter Posts: 60

    Unable to use the internet. Here is the aswMBR log after the steps you had listed in your last post:

    aswMBR


    aswMBR version 0.9.6.399 Copyright(c) 2011 AVAST Software
    Run date: 2011-06-18 14:07:03
    -----------------------------
    14:07:03.897 OS Version: Windows x64 6.0.6002 Service Pack 2
    14:07:03.897 Number of processors: 2 586 0xF0D
    14:07:03.897 ComputerName: OWNER-PC UserName: Owner
    14:07:05.036 Initialize success
    14:07:19.778 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    14:07:19.778 Disk 0 Vendor: Hitachi_ FB4O Size: 305245MB BusType: 3
    14:07:19.778 Disk 0 MBR read error 0
    14:07:19.778 Disk 0 MBR scan
    14:07:19.794 Disk 0 unknown MBR code
    14:07:19.794 MBR BIOS signature not found 0
    14:07:19.794 Service scanning
    14:07:20.979 Disk 0 trace - called modules:
    14:07:20.995 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys sprl.sys hal.dll
    14:07:20.995 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004ee9260]
    14:07:20.995 3 CLASSPNP.SYS[fffffa60011d5c33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004c8f050]
    14:07:20.995 Scan finished successfully
    14:07:48.352 Disk 0 MBR has been saved successfully to "F:\Ken\Virus\Francescas_Logs\MBR.dat"
    14:07:48.367 The log file has been saved successfully to "F:\Ken\Virus\Francescas_Logs\aswMBR.txt"


    aswMBR version 0.9.6.399 Copyright(c) 2011 AVAST Software
    Run date: 2011-06-19 21:57:41
    -----------------------------
    21:57:41.711 OS Version: Windows x64 6.0.6002 Service Pack 2
    21:57:41.711 Number of processors: 2 586 0xF0D
    21:57:41.711 ComputerName: OWNER-PC UserName: Owner
    21:57:43.130 Initialize success
    21:57:46.250 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    21:57:46.250 Disk 0 Vendor: Hitachi_ FB4O Size: 305245MB BusType: 3
    21:57:46.266 Disk 0 MBR read error 0
    21:57:46.266 Disk 0 MBR scan
    21:57:46.266 Disk 0 unknown MBR code
    21:57:46.282 MBR BIOS signature not found 0
    21:57:46.282 Service scanning
    21:57:48.232 Disk 0 trace - called modules:
    21:57:48.263 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys spuq.sys hal.dll
    21:57:48.263 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004efd190]
    21:57:48.278 3 CLASSPNP.SYS[fffffa6001403c33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004c45050]
    21:57:48.278 Scan finished successfully
    21:58:07.794 Disk 0 MBR has been saved successfully to "F:\Ken\Virus\Francescas_Logs\MBR.dat"
    21:58:07.794 The log file has been saved successfully to "F:\Ken\Virus\Francescas_Logs\aswMBR.txt"
     
  21. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Let's try some basic steps...

    Make sure, your computer is set to obtain IP address automatically.
    1. Go Start>Settings>Control Panel (Vista/7 users: Start>Control Panel)
    2. Double click Network Connections (Vista/7 users: Network and Sharing Center)
    3. Vista/7 users - From the list of tasks on the left, click Manage network connections.
    4. For a wired network connection, right-click Local Area Connection, and then select Properties.
    For a wireless network connection, right-click Wireless Network Connection, and then select Properties.
    5. From the General tab (Vista/7 users: Networking tab), click Internet Protocol (TCP/IP), make sure it is checked, and then click Properties
    6. Click Obtain an IP Address Automatically, and then click OK.

    If that doesn't work...
    Turn off computer. Disconnect router, and modem from power source for 1 minute. At the same time disconnect ethernet cable as well.
    Reconnect everything.
    Restart computer.

    If that doesn't work, bypass router, and connect computer straight to the modem.

    If that doesn't work...
    Go Start>Run (Start search in Vista), type in:
    cmd
    Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

    In Command Prompt window, type in following commands, and hit Enter after each one:
    ipconfig /flushdns
    ipconfig /registerdns
    ipconfig /release
    ipconfig /renew
    net stop "dns client"
    net start "dns client"


    Restart computer.

    If that doesn't work...
    Go Start>Run (Start search in Vista and 7), type in:
    cmd
    Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

    At Command Prompt, type in:
    netsh int ip reset reset.log
    Hit Enter.
    Type in:
    netsh winsock reset catalog
    Hit Enter.

    Restart computer.
     
  22. KenBrown2

    KenBrown2 TS Rookie Topic Starter Posts: 60

    Unfortunately, still no luck. Both the wireless and ethernet don't work. Thank you for your help thus far!

    Ken
     
  23. Broni

    Broni Malware Annihilator Posts: 52,892   +344

  24. KenBrown2

    KenBrown2 TS Rookie Topic Starter Posts: 60

    Broni,

    I don't think you understand how much I love you. Removing Norton did the trick! I think I'm going to stick with avast from now on. If any issues pop back up in the next few days, I will post again to this thread.

    But until then...Thank you once again for your technical expertise!!

    Ken
     
  25. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Thank you for giving me good night sleep over your issue :)

    Good job!

    Let's finish our cleaning process.

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...