TechSpot

Virus fun - GMER won't finish

Solved
By mb2cotter
Oct 31, 2010
Topic Status:
Not open for further replies.
  1. I have another thread going with my PC, but my laptop is also infected. Among other things, it had Google redirect and fake Microsoft Security Alerts. Fortunately, the internet is working on the laptop so I can post this. I ran Malwarebytes and it found some stuff. I then tried to run GMER, but the computer froze. I restarted and ran it again with devices unchecked, but it froze again.

    Here's the MBAM log:

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 5004

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18975

    10/31/2010 2:15:00 PM
    mbam-log-2010-10-31 (14-15-00).txt

    Scan type: Quick scan
    Objects scanned: 138432
    Time elapsed: 12 minute(s), 2 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    C:\Users\Owner\Desktop\mstsc.exe (Trojan.FakeAV) -> Unloaded process successfully.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Trojan.Agent) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Users\Owner\Desktop\mstsc.exe (Trojan.FakeAV) -> Quarantined and deleted successfully.
    C:\Users\Owner\AppData\Roaming\hotfix.exe (Trojan.FakeAV) -> Quarantined and deleted successfully.
     
  2. mb2cotter

    mb2cotter TS Rookie Topic Starter Posts: 49

    Here's the DDs log, with attach log attached:

    DDS (Ver_10-10-31.01) - NTFSx86
    Run by Owner at 17:43:39.05 on Sun 10/31/2010
    Internet Explorer: 8.0.6001.18975
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.958.223 [GMT -6:00]

    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
    C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe
    C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\ContentWatch\Internet Protection\cwtray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
    C:\Users\Owner\Documents\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.erieskies.com/
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=PRESARIO&pf=laptop
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=PRESARIO&pf=laptop
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=c:\windows\system32\userinit.exe
    BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No File
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\18.1.0.37\IPSBHO.DLL
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    EB: {E16DC1FE-7C34-43F2-B754-F3AD12DDF97C} - No File
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [Google Update] "c:\users\owner\appdata\local\google\update\GoogleUpdate.exe" /c
    uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0;

    Trident/4.0; GTB6.4; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" -"http://espn.go.com/free-online-

    games/dcrFrame?swfPath=http://a.espncdn.com/arcade/prod/games/bassfishchallenge/20091228/bass_fishing.dcr&width=640&height=480&sw2=&gameID=134&swlist="
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [cwcptray] c:\program files\contentwatch\internet protection\cwtray.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [CWPhoenixApp] c:\program files\contentwatch\internet protection\updater\Phoenix.exe /r
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12

    \ONENOTEM.EXE
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    LSP: c:\windows\system32\cwalsp.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
    DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

    ============= SERVICES / DRIVERS ===============

    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1201000.025\SymDS.sys [2010-10-30 339504]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1201000.025\SymEFA.sys [2010-10-30 666672]
    R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\bashdefs\20101001.001\BHDrvx86.sys [2010-8-31

    692272]
    R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\ipsdefs\20101028.001\IDSvix86.sys [2010-10-19

    353840]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1201000.025\Ironx86.sys [2010-10-30 134704]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nav\1201000.025\symtdiv.sys [2010-10-30 331312]
    R2 CwAltaService20;ContentWatch;c:\program files\contentwatch\internet protection\cwsvc.exe [2010-2-9 2100544]
    R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\18.1.0.37\ccSvcHst.exe [2010-10-30 126904]
    R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\norton pc checkup\engine\2.0.2.506

    \SymcPCCULaunchSvc.exe [2009-12-9 103280]
    R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\norton pc checkup\engine\2.0.2.506\ccSvcHst.exe [2009-12-9 126392]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-10-31 102448]
    S2 gupdate1ca89b86dfdccc8;Google Update Service (gupdate1ca89b86dfdccc8);c:\program files\google\update\GoogleUpdate.exe [2009-12-30 133104]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-12 21504]
    S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2009-7-24 30560]
    S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-3-20 32408]
    S3 UVC;UVC;c:\windows\system32\drivers\tis_uvc_10015.sys [2008-3-30 43776]

    =============== Created Last 30 ================

    2010-10-31 19:58:33 -------- d-----w- c:\users\owner\appdata\local\CrashDumps
    2010-10-31 05:26:02 -------- d-----w- c:\users\owner\appdata\roaming\Malwarebytes
    2010-10-31 05:25:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-31 05:25:37 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-31 05:25:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-31 05:25:37 -------- d-----w- c:\progra~2\Malwarebytes
    2010-10-30 23:32:02 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2010-10-30 23:32:02 -------- d-----w- c:\program files\Symantec
    2010-10-30 23:31:02 666672 ----a-r- c:\windows\system32\drivers\nav\1201000.025\SymEFA.sys
    2010-10-30 23:31:02 50096 ----a-r- c:\windows\system32\drivers\nav\1201000.025\srtspx.sys
    2010-10-30 23:31:02 489008 ----a-r- c:\windows\system32\drivers\nav\1201000.025\srtsp.sys
    2010-10-30 23:31:02 339504 ----a-r- c:\windows\system32\drivers\nav\1201000.025\SymDS.sys
    2010-10-30 23:31:02 331312 ----a-r- c:\windows\system32\drivers\nav\1201000.025\symtdiv.sys
    2010-10-30 23:31:02 294448 ----a-r- c:\windows\system32\drivers\nav\1201000.025\symnets.sys
    2010-10-30 23:31:02 134704 ----a-r- c:\windows\system32\drivers\nav\1201000.025\Ironx86.sys
    2010-10-30 23:30:25 -------- d-----w- c:\windows\system32\drivers\nav\1201000.025
    2010-10-30 23:30:25 -------- d-----w- c:\windows\system32\drivers\NAV
    2010-10-30 23:30:21 -------- d-----w- c:\program files\Norton AntiVirus
    2010-10-30 23:29:19 29 ----a-w- c:\users\owner\appdata\roaming\boot.bat
    2010-10-30 23:19:07 -------- d-----w- c:\progra~2\PCSettings
    2010-10-30 20:37:34 162 ----a-w- c:\users\owner\appdata\roaming\dkfjasdfshd.bat
    2010-10-30 01:46:30 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{fea8d609-6beb-418e-b289-0c55fdd064d7}\mpengine.dll
    2010-10-27 23:43:20 1696256 ----a-w- c:\windows\system32\gameux.dll
    2010-10-27 23:43:12 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2010-10-27 23:43:10 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2010-10-22 22:42:42 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
    2010-10-22 22:42:41 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2010-10-22 22:41:16 125952 ----a-w- c:\windows\system32\srvsvc.dll
    2010-10-22 22:41:14 304128 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-10-22 22:41:14 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-10-22 22:41:13 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-10-22 22:41:11 17920 ----a-w- c:\windows\system32\netevent.dll
    2010-10-22 22:38:59 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-10-22 22:38:59 197632 ----a-w- c:\program files\internet explorer\IEShims.dll
    2010-10-22 22:38:59 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-10-22 22:38:58 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-10-22 22:34:22 954752 ----a-w- c:\windows\system32\mfc40.dll
    2010-10-22 22:34:21 954288 ----a-w- c:\windows\system32\mfc40u.dll
    2010-10-22 22:34:15 2038272 ----a-w- c:\windows\system32\win32k.sys
    2010-10-22 22:34:12 231424 ----a-w- c:\windows\system32\msshsq.dll
    2010-10-22 22:34:08 867328 ----a-w- c:\windows\system32\wmpmde.dll
    2010-10-22 22:34:03 531968 ----a-w- c:\windows\system32\comctl32.dll

    ==================== Find3M ====================

    2010-10-19 17:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
    2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-08-26 16:37:45 157184 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-26 16:33:06 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
    2010-08-26 16:33:04 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
    2010-08-26 16:33:04 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2010-08-26 16:33:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
    2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-10 15:53:15 274944 ----a-w- c:\windows\system32\schannel.dll

    ============= FINISH: 17:44:54.79 ===============
     

    Attached Files:

  3. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    All logs have to be pasted.
    Please, paste Attach.txt log into your next reply.

    ======================================================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    =======================================================================

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.
     
  4. mb2cotter

    mb2cotter TS Rookie Topic Starter Posts: 49

    Thanks for the help. I appreciate it.
    Here's the attach log:


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-10-31.01)

    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/5/2007 3:34:56 AM
    System Uptime: 10/31/2010 5:18:26 PM (0 hours ago)

    Motherboard: Quanta | | 30D3
    Processor: AMD Athlon(tm) 64 X2 Dual-Core Processor TK-55 | Socket S1 | 1800/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 104 GiB total, 23.106 GiB free.
    D: is FIXED (NTFS) - 8 GiB total, 1.752 GiB free.
    E: is CDROM ()
    F: is Removable

    ==== Disabled Device Manager Items =============

    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description: Flash Disk
    Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_FLASH_DISK&REV_8.07#3147928453A18069D534&0#
    Manufacturer: Generic
    Name: USB DISK
    PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_FLASH_DISK&REV_8.07#3147928453A18069D534&0#
    Service: WUDFRd

    ==== System Restore Points ===================


    ==== Installed Programs ======================

    Activation Assistant for the 2007 Microsoft Office suites
    ActiveCheck component for HP Active Support Library
    Adobe Flash Player 10 ActiveX
    Adobe Reader 8.1.7
    Adobe Shockwave Player 11
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Bonjour
    Conexant HD Audio
    Disney Toontown Online
    ESU for Microsoft Vista
    Google Chrome
    Google Earth
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Update Helper
    Google Updater
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Active Support Library 32 bit components
    HP Customer Experience Enhancements
    HP DVD Play 3.2
    HP Easy Setup - Frontend
    HP Help and Support
    HP Photosmart Essential 2.0
    HP Photosmart Essential2.5
    HP Quick Launch Buttons 6.20 D3
    HP Total Care Advisor
    HP Update
    HP User Guides 0041
    HP Wireless Assistant
    HPAsset component for HP Active Support Library
    HPNetworkAssistant
    IC Capture.AS 2.0
    iTunes
    Java(TM) 6 Update 15
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6
    LG USB Modem driver
    LightScribe 1.4.136.1
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 3.5 SP1
    Microsoft Corporation
    Microsoft LifeCam
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works
    Move Networks Media Player for Internet Explorer
    MSCU for Microsoft Vista
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee autoProducer 6.0
    My HP Games
    Net Nanny Parental Controls
    Norton AntiVirus
    Norton PC Checkup
    NVIDIA Drivers
    Octoshape add-in for Adobe Flash Player
    OGA Notifier 2.0.0048.0
    Pet Vet 3D Animal Hospital
    PSSWCORE
    QuickTime
    RegiStax Version 4
    Rhapsody
    Rhapsody Player Engine
    Roxio Activation Module
    Roxio Creator Audio
    Roxio Creator Basic v9
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator EasyArchive
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio MyDVD Basic v9
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for 2007 Microsoft Office System (KB982312)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Skype web features
    Skype™ 4.1
    Soft Data Fax Modem with SmartCP
    Synaptics Pointing Device Driver
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Veetle TV 0.9.15
    VZAccess Manager
    WildGames
    Windows Live OneCare safety scanner
    WinRAR archiver
    Yahoo! Messenger
    Yahoo! Toolbar
    Yahoo! Toolbar for Internet Explorer

    ==== End Of File ===========================
     
  5. mb2cotter

    mb2cotter TS Rookie Topic Starter Posts: 49

    Here's the TDSS log:

    2010/10/31 19:11:38.0806 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
    2010/10/31 19:11:38.0806 ================================================================================
    2010/10/31 19:11:38.0806 SystemInfo:
    2010/10/31 19:11:38.0806
    2010/10/31 19:11:38.0806 OS Version: 6.0.6002 ServicePack: 2.0
    2010/10/31 19:11:38.0806 Product type: Workstation
    2010/10/31 19:11:38.0806 ComputerName: OWNER-PC
    2010/10/31 19:11:38.0806 UserName: Owner
    2010/10/31 19:11:38.0806 Windows directory: C:\Windows
    2010/10/31 19:11:38.0806 System windows directory: C:\Windows
    2010/10/31 19:11:38.0806 Processor architecture: Intel x86
    2010/10/31 19:11:38.0806 Number of processors: 2
    2010/10/31 19:11:38.0806 Page size: 0x1000
    2010/10/31 19:11:38.0806 Boot type: Normal boot
    2010/10/31 19:11:38.0806 ================================================================================
    2010/10/31 19:11:39.0726 Initialize success
    2010/10/31 19:11:53.0470 ================================================================================
    2010/10/31 19:11:53.0470 Scan started
    2010/10/31 19:11:53.0470 Mode: Manual;
    2010/10/31 19:11:53.0470 ================================================================================
    2010/10/31 19:11:55.0061 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    2010/10/31 19:11:55.0108 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
    2010/10/31 19:11:55.0170 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
    2010/10/31 19:11:55.0217 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
    2010/10/31 19:11:55.0264 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
    2010/10/31 19:11:55.0358 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
    2010/10/31 19:11:55.0436 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
    2010/10/31 19:11:55.0514 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    2010/10/31 19:11:55.0560 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
    2010/10/31 19:11:55.0623 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
    2010/10/31 19:11:55.0685 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
    2010/10/31 19:11:55.0748 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
    2010/10/31 19:11:55.0810 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
    2010/10/31 19:11:55.0950 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
    2010/10/31 19:11:56.0013 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
    2010/10/31 19:11:56.0091 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    2010/10/31 19:11:56.0138 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    2010/10/31 19:11:56.0278 BCM43XV (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
    2010/10/31 19:11:56.0356 BCM43XX (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
    2010/10/31 19:11:56.0418 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    2010/10/31 19:11:56.0652 BHDrvx86 (5138da8715da5f9823b753b6cb36a9a9) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20101001.001\BHDrvx86.sys
    2010/10/31 19:11:56.0855 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
    2010/10/31 19:11:56.0902 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    2010/10/31 19:11:56.0949 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    2010/10/31 19:11:56.0996 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    2010/10/31 19:11:57.0058 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    2010/10/31 19:11:57.0120 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    2010/10/31 19:11:57.0167 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    2010/10/31 19:11:57.0245 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    2010/10/31 19:11:57.0354 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    2010/10/31 19:11:57.0401 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    2010/10/31 19:11:57.0448 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
    2010/10/31 19:11:57.0495 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    2010/10/31 19:11:57.0604 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    2010/10/31 19:11:57.0651 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
    2010/10/31 19:11:57.0760 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    2010/10/31 19:11:57.0791 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
    2010/10/31 19:11:57.0838 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
    2010/10/31 19:11:57.0947 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
    2010/10/31 19:11:58.0088 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    2010/10/31 19:11:58.0212 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    2010/10/31 19:11:58.0290 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
    2010/10/31 19:11:58.0431 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
    2010/10/31 19:11:58.0540 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
    2010/10/31 19:11:58.0618 eabfiltr (e88b0cfcecf745211bba87f44f85d0dd) C:\Windows\system32\DRIVERS\eabfiltr.sys
    2010/10/31 19:11:58.0727 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    2010/10/31 19:11:58.0868 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    2010/10/31 19:11:59.0039 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
    2010/10/31 19:11:59.0195 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    2010/10/31 19:11:59.0414 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    2010/10/31 19:11:59.0538 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    2010/10/31 19:11:59.0694 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
    2010/10/31 19:11:59.0772 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    2010/10/31 19:11:59.0866 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    2010/10/31 19:11:59.0928 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
    2010/10/31 19:11:59.0991 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    2010/10/31 19:12:00.0116 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    2010/10/31 19:12:00.0178 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
    2010/10/31 19:12:00.0256 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2010/10/31 19:12:00.0412 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys
    2010/10/31 19:12:00.0490 HdAudAddService (07eee11d6e2b78122e17db3878b4c687) C:\Windows\system32\drivers\CHDART.sys
    2010/10/31 19:12:00.0552 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2010/10/31 19:12:00.0599 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    2010/10/31 19:12:00.0630 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    2010/10/31 19:12:00.0677 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
    2010/10/31 19:12:00.0771 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
    2010/10/31 19:12:00.0833 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
    2010/10/31 19:12:00.0911 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
    2010/10/31 19:12:00.0989 HSXHWAZL (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
    2010/10/31 19:12:01.0052 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    2010/10/31 19:12:01.0114 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
    2010/10/31 19:12:01.0176 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    2010/10/31 19:12:01.0270 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
    2010/10/31 19:12:01.0364 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
    2010/10/31 19:12:01.0598 IDSVix86 (ee90168d5578359fe9a295b8611330c0) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20101028.001\IDSvix86.sys
    2010/10/31 19:12:01.0722 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    2010/10/31 19:12:01.0785 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
    2010/10/31 19:12:01.0832 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
    2010/10/31 19:12:01.0910 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2010/10/31 19:12:02.0003 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
    2010/10/31 19:12:02.0081 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    2010/10/31 19:12:02.0144 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    2010/10/31 19:12:02.0206 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
    2010/10/31 19:12:02.0253 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    2010/10/31 19:12:02.0284 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    2010/10/31 19:12:02.0331 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    2010/10/31 19:12:02.0409 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2010/10/31 19:12:02.0456 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
    2010/10/31 19:12:02.0534 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
    2010/10/31 19:12:02.0674 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    2010/10/31 19:12:02.0768 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
    2010/10/31 19:12:02.0861 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
    2010/10/31 19:12:02.0924 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
    2010/10/31 19:12:02.0986 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    2010/10/31 19:12:03.0048 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
    2010/10/31 19:12:03.0111 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
    2010/10/31 19:12:03.0173 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    2010/10/31 19:12:03.0282 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    2010/10/31 19:12:03.0314 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    2010/10/31 19:12:03.0376 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys
    2010/10/31 19:12:03.0423 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    2010/10/31 19:12:03.0470 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
    2010/10/31 19:12:03.0516 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    2010/10/31 19:12:03.0626 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    2010/10/31 19:12:03.0688 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    2010/10/31 19:12:03.0766 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2010/10/31 19:12:03.0813 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2010/10/31 19:12:03.0891 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2010/10/31 19:12:03.0938 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
    2010/10/31 19:12:04.0016 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
    2010/10/31 19:12:04.0078 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    2010/10/31 19:12:04.0218 MSHUSBVideo (29e0ec2a9dc4c7913657a51dfff97856) C:\Windows\system32\Drivers\nx6000.sys
    2010/10/31 19:12:04.0296 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    2010/10/31 19:12:04.0374 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    2010/10/31 19:12:04.0421 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    2010/10/31 19:12:04.0468 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    2010/10/31 19:12:04.0515 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    2010/10/31 19:12:04.0577 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    2010/10/31 19:12:04.0640 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    2010/10/31 19:12:04.0702 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    2010/10/31 19:12:04.0764 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    2010/10/31 19:12:04.0983 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101031.002\NAVENG.SYS
    2010/10/31 19:12:05.0139 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101031.002\NAVEX15.SYS
    2010/10/31 19:12:05.0466 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    2010/10/31 19:12:05.0544 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    2010/10/31 19:12:05.0576 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    2010/10/31 19:12:05.0638 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    2010/10/31 19:12:05.0669 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    2010/10/31 19:12:05.0716 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    2010/10/31 19:12:05.0778 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    2010/10/31 19:12:05.0872 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    2010/10/31 19:12:05.0950 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    2010/10/31 19:12:06.0012 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    2010/10/31 19:12:06.0122 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    2010/10/31 19:12:06.0231 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    2010/10/31 19:12:06.0278 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    2010/10/31 19:12:06.0340 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys
    2010/10/31 19:12:06.0590 nvlddmkm (446864078dbe3059587954cb2d858a9b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    2010/10/31 19:12:06.0808 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
    2010/10/31 19:12:06.0870 nvsmu (9aebc32f9d6e02ebee0369ab296fe7c8) C:\Windows\system32\DRIVERS\nvsmu.sys
    2010/10/31 19:12:06.0917 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
    2010/10/31 19:12:06.0980 nvstor32 (4c93d50bca15b3bfcab07306b258b248) C:\Windows\system32\DRIVERS\nvstor32.sys
    2010/10/31 19:12:07.0011 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
    2010/10/31 19:12:07.0182 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
    2010/10/31 19:12:07.0260 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    2010/10/31 19:12:07.0307 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    2010/10/31 19:12:07.0338 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    2010/10/31 19:12:07.0416 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    2010/10/31 19:12:07.0463 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
    2010/10/31 19:12:07.0526 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    2010/10/31 19:12:07.0604 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    2010/10/31 19:12:07.0806 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    2010/10/31 19:12:07.0869 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
    2010/10/31 19:12:07.0962 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    2010/10/31 19:12:08.0025 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
    2010/10/31 19:12:08.0103 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
    2010/10/31 19:12:08.0181 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    2010/10/31 19:12:08.0243 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    2010/10/31 19:12:08.0274 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    2010/10/31 19:12:08.0337 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2010/10/31 19:12:08.0415 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    2010/10/31 19:12:08.0462 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    2010/10/31 19:12:08.0508 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    2010/10/31 19:12:08.0586 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2010/10/31 19:12:08.0649 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
    2010/10/31 19:12:08.0711 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    2010/10/31 19:12:08.0774 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    2010/10/31 19:12:08.0914 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    2010/10/31 19:12:08.0992 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    2010/10/31 19:12:09.0086 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2010/10/31 19:12:09.0132 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    2010/10/31 19:12:09.0195 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    2010/10/31 19:12:09.0257 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    2010/10/31 19:12:09.0335 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
    2010/10/31 19:12:09.0366 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
    2010/10/31 19:12:09.0413 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
    2010/10/31 19:12:09.0460 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    2010/10/31 19:12:09.0522 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
    2010/10/31 19:12:09.0569 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
    2010/10/31 19:12:09.0632 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
    2010/10/31 19:12:09.0710 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    2010/10/31 19:12:09.0788 SMSIVZAM5 (1e715247efffdda938c085913045d599) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS
    2010/10/31 19:12:09.0850 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    2010/10/31 19:12:09.0959 SRTSP (d0ab8e989935d895f1bed8f607fa0948) C:\Windows\system32\drivers\NAV\1201000.025\SRTSP.SYS
    2010/10/31 19:12:10.0022 SRTSPX (fae9f5558a1f53670e579f9ffb4a67cc) C:\Windows\system32\drivers\NAV\1201000.025\SRTSPX.SYS
    2010/10/31 19:12:10.0100 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
    2010/10/31 19:12:10.0162 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
    2010/10/31 19:12:10.0224 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
    2010/10/31 19:12:10.0318 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    2010/10/31 19:12:10.0365 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    2010/10/31 19:12:10.0443 SymDS (67e83f8c7e80dc898a1d73b38412ba7a) C:\Windows\system32\drivers\NAV\1201000.025\SYMDS.SYS
    2010/10/31 19:12:10.0505 SymEFA (3986a8de371e985ba6c82eb8da3b1e98) C:\Windows\system32\drivers\NAV\1201000.025\SYMEFA.SYS
    2010/10/31 19:12:10.0552 SymEvent (5c76a63fac8a5580c5a1c4a4ed827782) C:\Windows\system32\Drivers\SYMEVENT.SYS
    2010/10/31 19:12:10.0614 SymIRON (8ae632773b5192dce48f4ec8de753863) C:\Windows\system32\drivers\NAV\1201000.025\Ironx86.SYS
    2010/10/31 19:12:10.0646 SYMTDIv (a5fb04f87a9cc3ea6b839fefd6790419) C:\Windows\system32\drivers\NAV\1201000.025\SYMTDIV.SYS
    2010/10/31 19:12:10.0708 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    2010/10/31 19:12:10.0739 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    2010/10/31 19:12:10.0802 SynTP (8327106d1c93e9a7b98e63b9fcc24bb7) C:\Windows\system32\DRIVERS\SynTP.sys
    2010/10/31 19:12:10.0911 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
    2010/10/31 19:12:11.0004 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
    2010/10/31 19:12:11.0051 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    2010/10/31 19:12:11.0098 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    2010/10/31 19:12:11.0160 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    2010/10/31 19:12:11.0223 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    2010/10/31 19:12:11.0270 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    2010/10/31 19:12:11.0363 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2010/10/31 19:12:11.0457 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    2010/10/31 19:12:11.0504 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    2010/10/31 19:12:11.0582 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
    2010/10/31 19:12:11.0660 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    2010/10/31 19:12:11.0722 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
    2010/10/31 19:12:11.0784 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
    2010/10/31 19:12:11.0816 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    2010/10/31 19:12:11.0862 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    2010/10/31 19:12:11.0909 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    2010/10/31 19:12:11.0987 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\Windows\system32\Drivers\usbaapl.sys
    2010/10/31 19:12:12.0034 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
    2010/10/31 19:12:12.0096 usbbus (9419faac6552a51542dbba02971c841c) C:\Windows\system32\DRIVERS\lgusbbus.sys
    2010/10/31 19:12:12.0143 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    2010/10/31 19:12:12.0221 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    2010/10/31 19:12:12.0284 UsbDiag (c0a466fa4ffec464320e159bc1bbdc0c) C:\Windows\system32\DRIVERS\lgusbdiag.sys
    2010/10/31 19:12:12.0330 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    2010/10/31 19:12:12.0393 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    2010/10/31 19:12:12.0486 USBModem (f74a54774a9b0afeb3c40adec68aa600) C:\Windows\system32\DRIVERS\lgusbmodem.sys
    2010/10/31 19:12:12.0518 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
    2010/10/31 19:12:12.0580 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
    2010/10/31 19:12:12.0627 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2010/10/31 19:12:12.0674 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
    2010/10/31 19:12:12.0736 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
    2010/10/31 19:12:12.0783 UVC (ca73b0bdea552ff66477beacd73363de) C:\Windows\system32\drivers\tis_uvc_10015.sys
    2010/10/31 19:12:12.0876 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
    2010/10/31 19:12:12.0954 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    2010/10/31 19:12:12.0986 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
    2010/10/31 19:12:13.0017 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
    2010/10/31 19:12:13.0048 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
    2010/10/31 19:12:13.0095 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    2010/10/31 19:12:13.0157 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    2010/10/31 19:12:13.0235 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    2010/10/31 19:12:13.0282 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
    2010/10/31 19:12:13.0360 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    2010/10/31 19:12:13.0422 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2010/10/31 19:12:13.0438 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2010/10/31 19:12:13.0485 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
    2010/10/31 19:12:13.0547 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    2010/10/31 19:12:13.0719 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
    2010/10/31 19:12:13.0890 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2010/10/31 19:12:14.0000 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
    2010/10/31 19:12:14.0078 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    2010/10/31 19:12:14.0171 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
    2010/10/31 19:12:14.0265 ================================================================================
    2010/10/31 19:12:14.0265 Scan finished
    2010/10/31 19:12:14.0265 ================================================================================
     
  6. mb2cotter

    mb2cotter TS Rookie Topic Starter Posts: 49

    Here's the MBRCheck log. I hit "n" when I was done, but it said it found something:

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 2 (build 6002), 32-bit
    Base Board Manufacturer: Quanta
    BIOS Manufacturer: Hewlett-Packard
    System Manufacturer: Hewlett-Packard
    System Product Name: Presario F700 (GR967UA#ABA)
    Logical Drives Mask: 0x0000003c

    Kernel Drivers (total 160):
    0x81C0A000 \SystemRoot\system32\ntkrnlpa.exe
    0x81FC3000 \SystemRoot\system32\hal.dll
    0x8060C000 \SystemRoot\system32\kdcom.dll
    0x80613000 \SystemRoot\system32\PSHED.dll
    0x80624000 \SystemRoot\system32\BOOTVID.dll
    0x8062C000 \SystemRoot\system32\CLFS.SYS
    0x8066D000 \SystemRoot\system32\CI.dll
    0x8074D000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x807C9000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x8220F000 \SystemRoot\system32\drivers\acpi.sys
    0x82255000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x8225E000 \SystemRoot\system32\drivers\msisadrv.sys
    0x82266000 \SystemRoot\system32\drivers\pci.sys
    0x8228D000 \SystemRoot\System32\drivers\partmgr.sys
    0x8229C000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x8229F000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x822A9000 \SystemRoot\system32\drivers\volmgr.sys
    0x822B8000 \SystemRoot\System32\drivers\volmgrx.sys
    0x82302000 \SystemRoot\system32\drivers\pciide.sys
    0x82309000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x82317000 \SystemRoot\System32\drivers\mountmgr.sys
    0x82327000 \SystemRoot\system32\drivers\atapi.sys
    0x8232F000 \SystemRoot\system32\drivers\ataport.SYS
    0x8234D000 \SystemRoot\system32\DRIVERS\nvstor32.sys
    0x82367000 \SystemRoot\system32\DRIVERS\storport.sys
    0x823A8000 \SystemRoot\system32\drivers\fltmgr.sys
    0x85E00000 \SystemRoot\system32\drivers\NAV\1201000.025\SYMDS.SYS
    0x85E57000 \SystemRoot\system32\drivers\fileinfo.sys
    0x85E67000 \SystemRoot\system32\drivers\NAV\1201000.025\SYMEFA.SYS
    0x85F10000 \SystemRoot\System32\Drivers\PxHelp20.sys
    0x85F19000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x86003000 \SystemRoot\system32\drivers\ndis.sys
    0x8610E000 \SystemRoot\system32\drivers\msrpc.sys
    0x86139000 \SystemRoot\system32\drivers\NETIO.SYS
    0x86204000 \SystemRoot\System32\drivers\tcpip.sys
    0x862EE000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x8640B000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x8651B000 \SystemRoot\system32\drivers\volsnap.sys
    0x86554000 \SystemRoot\System32\Drivers\spldr.sys
    0x8655C000 \SystemRoot\System32\Drivers\mup.sys
    0x8656B000 \SystemRoot\System32\drivers\ecache.sys
    0x86592000 \SystemRoot\system32\drivers\disk.sys
    0x865A3000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x865C4000 \SystemRoot\system32\drivers\crcdisk.sys
    0x86400000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x86309000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x86312000 \SystemRoot\system32\DRIVERS\amdk8.sys
    0x86322000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x86326000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
    0x86329000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x86339000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x86340000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x86349000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
    0x8AC0E000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x8B051000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x8B0F2000 \SystemRoot\System32\drivers\watchdog.sys
    0x8B0FE000 \SystemRoot\system32\DRIVERS\nvsmu.sys
    0x8B101000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x8B10B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x8B149000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x8B158000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x8B170000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x8B209000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x8B296000 \SystemRoot\system32\DRIVERS\nvm60x32.sys
    0x8B358000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x8B36B000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x8B376000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x8B3A1000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x8B3A3000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x8B3AE000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x8B3DD000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x8B3E8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x8B176000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x8B181000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x8B1A4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x8B1B3000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x8B1C7000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x8B1DC000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x8B200000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x863CF000 \SystemRoot\system32\DRIVERS\ks.sys
    0x8B1EC000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x8AC00000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x8B1F6000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x86174000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x861A9000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x861BA000 \SystemRoot\system32\drivers\CHDART.sys
    0x85F8A000 \SystemRoot\system32\drivers\portcls.sys
    0x85FB7000 \SystemRoot\system32\drivers\drmk.sys
    0x8CE02000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
    0x8CE3F000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
    0x8CF42000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
    0x861E6000 \SystemRoot\system32\drivers\modem.sys
    0x8CFF6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x8B202000 \SystemRoot\System32\Drivers\Null.SYS
    0x863F9000 \SystemRoot\System32\Drivers\Beep.SYS
    0x861F3000 \SystemRoot\System32\drivers\vga.sys
    0x85FDC000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x823DA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x823E2000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x823EA000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x82200000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x823F5000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x807D6000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x8F60A000 \SystemRoot\system32\drivers\NAV\1201000.025\SYMTDIV.SYS
    0x8F662000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
    0x8F688000 \SystemRoot\system32\DRIVERS\smb.sys
    0x8F69C000 \SystemRoot\system32\drivers\afd.sys
    0x8F6E4000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x8F716000 \SystemRoot\system32\drivers\ws2ifsl.sys
    0x8F71F000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x8F735000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x8F743000 \SystemRoot\system32\DRIVERS\eabfiltr.sys
    0x8F745000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x8F758000 \SystemRoot\system32\drivers\NAV\1201000.025\Ironx86.SYS
    0x8F77B000 \SystemRoot\system32\drivers\NAV\1201000.025\SRTSPX.SYS
    0x8F786000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x8F7C2000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x8FA02000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20101028.001\IDSvix86.sys
    0x8FA5D000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    0x8FABB000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    0x8FAD8000 \SystemRoot\System32\Drivers\dfsc.sys
    0x8FAEF000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20101001.001\BHDrvx86.sys
    0x8FB9B000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x8FBA8000 \SystemRoot\System32\Drivers\dump_diskdump.sys
    0x8FBB2000 \SystemRoot\System32\Drivers\dump_nvstor32.sys
    0x81630000 \SystemRoot\System32\win32k.sys
    0x8FBCC000 \SystemRoot\System32\drivers\Dxapi.sys
    0x8FBD6000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x81850000 \SystemRoot\System32\TSDDD.dll
    0x81870000 \SystemRoot\System32\cdd.dll
    0x8FBE5000 \SystemRoot\system32\drivers\luafv.sys
    0x9D801000 \SystemRoot\system32\drivers\spsys.sys
    0x9D8B1000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x9D8C1000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x9D8EB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x9D8F5000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x9D908000 \SystemRoot\system32\drivers\HTTP.sys
    0x9D975000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x9D992000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x9D9AB000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x9D9C0000 \SystemRoot\system32\drivers\mrxdav.sys
    0x9D9E1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x9C005000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x9C03E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x9C056000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x9C07E000 \SystemRoot\System32\DRIVERS\srv.sys
    0x9C0CC000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0x9C0D0000 \SystemRoot\system32\drivers\peauth.sys
    0x9C1AE000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x9C1B8000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x9C1C4000 \SystemRoot\system32\DRIVERS\xaudio.sys
    0x9C1CC000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x8F7D4000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x9C1E2000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x9C1F7000 \??\C:\Users\Owner\AppData\Local\Temp\mbr.sys
    0xB4003000 \SystemRoot\system32\drivers\NAV\1201000.025\SRTSP.SYS
    0xB4084000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101031.002\NAVEX15.SYS
    0xB41D2000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101031.002\NAVENG.SYS
    0xB41E6000 \SystemRoot\system32\drivers\klmd.sys
    0x76E60000 \Windows\System32\ntdll.dll

    Processes (total 69):
    0 System Idle Process
    4 System
    392 C:\Windows\System32\smss.exe
    460 csrss.exe
    512 C:\Windows\System32\wininit.exe
    520 csrss.exe
    556 C:\Windows\System32\services.exe
    572 C:\Windows\System32\lsass.exe
    584 C:\Windows\System32\lsm.exe
    652 C:\Windows\System32\winlogon.exe
    756 C:\Windows\System32\svchost.exe
    816 C:\Windows\System32\svchost.exe
    960 C:\Windows\System32\svchost.exe
    988 C:\Windows\System32\svchost.exe
    1012 C:\Windows\System32\svchost.exe
    1100 C:\Windows\System32\audiodg.exe
    1124 C:\Windows\System32\svchost.exe
    1144 C:\Windows\System32\SLsvc.exe
    1176 C:\Windows\System32\svchost.exe
    1352 C:\Windows\System32\svchost.exe
    1624 C:\Windows\System32\dwm.exe
    1636 C:\Windows\explorer.exe
    1680 C:\Windows\System32\taskeng.exe
    1764 C:\Windows\System32\spoolsv.exe
    1832 C:\Windows\System32\svchost.exe
    1876 C:\Windows\System32\taskeng.exe
    1920 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    1164 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1332 C:\Program Files\Bonjour\mDNSResponder.exe
    1384 C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe
    1800 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    1512 C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    808 C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
    1092 C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe
    2104 C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
    2132 C:\Windows\System32\svchost.exe
    2164 C:\Windows\System32\svchost.exe
    2200 C:\Windows\System32\svchost.exe
    2260 C:\Windows\System32\drivers\XAudio.exe
    2344 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    2684 C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
    2696 WmiPrvSE.exe
    2780 C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
    2976 dllhost.exe
    3040 unsecapp.exe
    3208 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    3224 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    3340 C:\Program Files\Java\jre6\bin\jusched.exe
    3364 C:\Program Files\ContentWatch\Internet Protection\cwtray.exe
    3384 C:\Program Files\iTunes\iTunesHelper.exe
    3420 C:\Windows\ehome\ehtray.exe
    3564 WmiPrvSE.exe
    3604 C:\Windows\System32\rundll32.exe
    3844 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    3928 C:\Windows\ehome\ehmsas.exe
    3156 C:\Program Files\Windows Media Player\wmpnscfg.exe
    2032 C:\Program Files\Windows Media Player\wmpnetwk.exe
    3264 C:\Program Files\iPod\bin\iPodService.exe
    4016 C:\Program Files\Internet Explorer\iexplore.exe
    3912 C:\Program Files\Internet Explorer\iexplore.exe
    1852 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    4048 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    4384 C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe
    5696 C:\Program Files\Internet Explorer\iexplore.exe
    1076 C:\Windows\System32\notepad.exe
    5980 C:\Users\Owner\Documents\TDSSKiller.exe
    5832 C:\Windows\System32\notepad.exe
    6020 dllhost.exe
    5816 C:\Users\Owner\Documents\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000019`eb3ebc00 (NTFS)

    PhysicalDrive0 Model Number: ST9120822AS, Rev: 3.BH

    Size Device Name MBR Status
    --------------------------------------------
    111 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!
     
  7. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Your MBR seems to be infected.

    Please download NTBR by noahdfear and save it to your Desktop.
    File size: 2.44 MB (2,565,432 bytes)

    • Place a blank CD in your CD drive.
    • Double click on NTBR_CD.exe file and a folder of the same name will appear.
    • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
    • Follow the prompts to burn the CD.
    • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
    • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
    • Insert the newly created CD into your infected PC and reboot your computer.
    • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
    • Read the warning and then continue as prompted.
    • You first need to select your keyboard layout - press Enter for English.
    • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
    • On the following screen enter 5 to select Install Standard MBR code.
    • Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
    • When asked to confirm please do so.
    • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
    • Eject the disc and then press ctrl+alt+del to reboot the PC.
    Once rebooted, run MBRCheck again and post its log.
     
  8. mb2cotter

    mb2cotter TS Rookie Topic Starter Posts: 49

    Well that was interesting. I think I did it correctly. When the computer starts up, there's still a warning that pops up that it is blocking some startup programs. I don't know if that's related, but I don't remember it doing that before these problems cropped up.

    Here's the MBR log:

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 2 (build 6002), 32-bit
    Base Board Manufacturer: Quanta
    BIOS Manufacturer: Hewlett-Packard
    System Manufacturer: Hewlett-Packard
    System Product Name: Presario F700 (GR967UA#ABA)
    Logical Drives Mask: 0x0000001c

    Kernel Drivers (total 156):
    0x81C4D000 \SystemRoot\system32\ntkrnlpa.exe
    0x81C1A000 \SystemRoot\system32\hal.dll
    0x80405000 \SystemRoot\system32\kdcom.dll
    0x8040C000 \SystemRoot\system32\PSHED.dll
    0x8041D000 \SystemRoot\system32\BOOTVID.dll
    0x80425000 \SystemRoot\system32\CLFS.SYS
    0x80466000 \SystemRoot\system32\CI.dll
    0x80546000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x805C2000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x8060C000 \SystemRoot\system32\drivers\acpi.sys
    0x80652000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x8065B000 \SystemRoot\system32\drivers\msisadrv.sys
    0x80663000 \SystemRoot\system32\drivers\pci.sys
    0x8068A000 \SystemRoot\System32\drivers\partmgr.sys
    0x80699000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x8069C000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x806A6000 \SystemRoot\system32\drivers\volmgr.sys
    0x806B5000 \SystemRoot\System32\drivers\volmgrx.sys
    0x806FF000 \SystemRoot\system32\drivers\pciide.sys
    0x80706000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x80714000 \SystemRoot\System32\drivers\mountmgr.sys
    0x80724000 \SystemRoot\system32\drivers\atapi.sys
    0x8072C000 \SystemRoot\system32\drivers\ataport.SYS
    0x8074A000 \SystemRoot\system32\DRIVERS\nvstor32.sys
    0x80764000 \SystemRoot\system32\DRIVERS\storport.sys
    0x807A5000 \SystemRoot\system32\drivers\fltmgr.sys
    0x82209000 \SystemRoot\system32\drivers\NAV\1201000.025\SYMDS.SYS
    0x82260000 \SystemRoot\system32\drivers\fileinfo.sys
    0x82270000 \SystemRoot\system32\drivers\NAV\1201000.025\SYMEFA.SYS
    0x82319000 \SystemRoot\System32\Drivers\PxHelp20.sys
    0x82322000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x85E00000 \SystemRoot\system32\drivers\ndis.sys
    0x85F0B000 \SystemRoot\system32\drivers\msrpc.sys
    0x85F36000 \SystemRoot\system32\drivers\NETIO.SYS
    0x8600B000 \SystemRoot\System32\drivers\tcpip.sys
    0x860F5000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x86208000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x86318000 \SystemRoot\system32\drivers\volsnap.sys
    0x86351000 \SystemRoot\System32\Drivers\spldr.sys
    0x86359000 \SystemRoot\System32\Drivers\mup.sys
    0x86368000 \SystemRoot\System32\drivers\ecache.sys
    0x8638F000 \SystemRoot\system32\drivers\disk.sys
    0x863A0000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x863C1000 \SystemRoot\system32\drivers\crcdisk.sys
    0x86110000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x8611B000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x86124000 \SystemRoot\system32\DRIVERS\amdk8.sys
    0x863FB000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x86200000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
    0x86134000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x86144000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x8614B000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x86154000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
    0x89E08000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x8A24B000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x8A2EC000 \SystemRoot\System32\drivers\watchdog.sys
    0x8A2F8000 \SystemRoot\system32\DRIVERS\nvsmu.sys
    0x8A2FB000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x8A305000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x8A343000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x8A352000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x8A36A000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x8A370000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x8AE0A000 \SystemRoot\system32\DRIVERS\nvm60x32.sys
    0x8AECC000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x8AEDF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x8AEEA000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x8AF15000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x8AF17000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x8AF22000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x8AF51000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x8AF5C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x8AF73000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x8AF7E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x8AFA1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x8AFB0000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x8AFC4000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x8AFD9000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x8AFE9000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x85F71000 \SystemRoot\system32\DRIVERS\ks.sys
    0x8AFEB000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x861DA000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x8AFF5000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x85F9B000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x861E7000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x85FD0000 \SystemRoot\system32\drivers\CHDART.sys
    0x82393000 \SystemRoot\system32\drivers\portcls.sys
    0x823C0000 \SystemRoot\system32\drivers\drmk.sys
    0x8C605000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
    0x8C642000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
    0x8C745000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
    0x823E5000 \SystemRoot\system32\drivers\modem.sys
    0x8AE00000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x8C7F9000 \SystemRoot\System32\Drivers\Null.SYS
    0x89E00000 \SystemRoot\System32\Drivers\Beep.SYS
    0x823F2000 \SystemRoot\System32\drivers\vga.sys
    0x807D7000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x861F8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x86000000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x80600000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x805CF000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x82200000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x805DD000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x8EA06000 \SystemRoot\system32\drivers\NAV\1201000.025\SYMTDIV.SYS
    0x8EA5E000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
    0x8EA84000 \SystemRoot\system32\DRIVERS\smb.sys
    0x8EA98000 \SystemRoot\system32\drivers\afd.sys
    0x8EAE0000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x8EB12000 \SystemRoot\system32\drivers\ws2ifsl.sys
    0x8EB1B000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x8EB31000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x8EB3F000 \SystemRoot\system32\DRIVERS\eabfiltr.sys
    0x8EB41000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x8EB54000 \SystemRoot\system32\drivers\NAV\1201000.025\Ironx86.SYS
    0x8EB77000 \SystemRoot\system32\drivers\NAV\1201000.025\SRTSPX.SYS
    0x8EB82000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x8EBBE000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x8EE0A000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20101028.001\IDSvix86.sys
    0x8EE65000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    0x8EEC3000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    0x8EEE0000 \SystemRoot\System32\Drivers\dfsc.sys
    0x8EEF7000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20101001.001\BHDrvx86.sys
    0x8EFA3000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x8EFB0000 \SystemRoot\System32\Drivers\dump_diskdump.sys
    0x8EFBA000 \SystemRoot\System32\Drivers\dump_nvstor32.sys
    0x81690000 \SystemRoot\System32\win32k.sys
    0x8EFD4000 \SystemRoot\System32\drivers\Dxapi.sys
    0x8EFDE000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x818B0000 \SystemRoot\System32\TSDDD.dll
    0x818D0000 \SystemRoot\System32\cdd.dll
    0x8EBC8000 \SystemRoot\system32\drivers\luafv.sys
    0x9D40C000 \SystemRoot\system32\drivers\spsys.sys
    0x9D4BC000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x9D4CC000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x9D4F6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x9D500000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x9D513000 \SystemRoot\system32\drivers\HTTP.sys
    0x9D580000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x9D59D000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x9D5B6000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x9D5CB000 \SystemRoot\system32\drivers\mrxdav.sys
    0x863CA000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x9EC0A000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x9EC43000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x9EC5B000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x9EC83000 \SystemRoot\System32\DRIVERS\srv.sys
    0x9ECD1000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0x9ECD5000 \SystemRoot\system32\drivers\peauth.sys
    0x9EDB3000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x9EDBD000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x9EDC9000 \SystemRoot\system32\DRIVERS\xaudio.sys
    0xA120F000 \SystemRoot\system32\drivers\NAV\1201000.025\SRTSP.SYS
    0xA1290000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101031.002\NAVEX15.SYS
    0xA13DE000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101031.002\NAVENG.SYS
    0x9EDD1000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x77300000 \Windows\System32\ntdll.dll

    Processes (total 63):
    0 System Idle Process
    4 System
    392 C:\Windows\System32\smss.exe
    516 csrss.exe
    568 C:\Windows\System32\wininit.exe
    576 csrss.exe
    612 C:\Windows\System32\services.exe
    628 C:\Windows\System32\lsass.exe
    636 C:\Windows\System32\lsm.exe
    680 C:\Windows\System32\winlogon.exe
    840 C:\Windows\System32\svchost.exe
    904 C:\Windows\System32\svchost.exe
    1040 C:\Windows\System32\svchost.exe
    1072 C:\Windows\System32\svchost.exe
    1084 C:\Windows\System32\svchost.exe
    1192 C:\Windows\System32\audiodg.exe
    1216 C:\Windows\System32\svchost.exe
    1236 C:\Windows\System32\SLsvc.exe
    1264 C:\Windows\System32\svchost.exe
    1428 C:\Windows\System32\svchost.exe
    1752 C:\Windows\System32\dwm.exe
    1760 C:\Windows\System32\spoolsv.exe
    1796 C:\Windows\explorer.exe
    1804 C:\Windows\System32\taskeng.exe
    1820 C:\Windows\System32\svchost.exe
    1956 C:\Windows\System32\taskeng.exe
    560 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    384 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    1008 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    1948 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1920 C:\Program Files\Bonjour\mDNSResponder.exe
    1568 C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe
    1600 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    1484 C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    900 C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
    2116 C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe
    2216 C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
    2256 C:\Windows\System32\svchost.exe
    2292 C:\Windows\System32\svchost.exe
    2328 C:\Windows\System32\svchost.exe
    2372 C:\Windows\System32\drivers\XAudio.exe
    2564 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    2744 C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
    2820 WmiPrvSE.exe
    2880 C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
    3224 dllhost.exe
    3344 C:\Program Files\Java\jre6\bin\jusched.exe
    3376 C:\Program Files\ContentWatch\Internet Protection\cwtray.exe
    3464 unsecapp.exe
    3488 C:\Program Files\iTunes\iTunesHelper.exe
    3816 WmiPrvSE.exe
    3860 C:\Windows\ehome\ehtray.exe
    1992 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    1000 C:\Windows\System32\rundll32.exe
    876 C:\Windows\ehome\ehmsas.exe
    3592 C:\Program Files\Windows Media Player\wmpnscfg.exe
    2032 C:\Program Files\Windows Media Player\wmpnetwk.exe
    2012 C:\Program Files\iPod\bin\iPodService.exe
    3308 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    2300 C:\Program Files\Internet Explorer\iexplore.exe
    3720 C:\Program Files\Internet Explorer\iexplore.exe
    868 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    2900 C:\Users\Owner\Documents\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000019`eb3ebc00 (NTFS)

    PhysicalDrive0 Model Number: ST9120822AS, Rev: 3.BH

    Size Device Name MBR Status
    --------------------------------------------
    111 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!
     
  9. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Good job :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  10. mb2cotter

    mb2cotter TS Rookie Topic Starter Posts: 49

    Here's the combofix log:

    ComboFix 10-10-31.01 - Owner 10/31/2010 20:32:13.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.958.287 [GMT -6:00]
    Running from: c:\users\Owner\Desktop\ComboFix.exe
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
    c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
    c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\Comfy Cakes.pif
    c:\users\Owner\videos\VirtualDub.exe

    ----- BITS: Possible infected sites -----

    hxxp://buy-download.norton.com
    .
    ((((((((((((((((((((((((( Files Created from 2010-10-01 to 2010-11-01 )))))))))))))))))))))))))))))))
    .

    2010-11-01 02:44 . 2010-11-01 02:44 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-10-30 01:46 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FEA8D609-6BEB-418E-B289-0C55FDD064D7}\mpengine.dll
    2010-10-27 23:43 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
    2010-10-27 23:43 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2010-10-27 23:43 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2010-10-22 22:42 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
    2010-10-22 22:42 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2010-10-22 22:41 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
    2010-10-22 22:41 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-10-22 22:41 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-10-22 22:41 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-10-22 22:41 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
    2010-10-22 22:38 . 2010-09-08 05:56 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-10-22 22:38 . 2010-09-08 05:56 197632 ----a-w- c:\program files\Internet Explorer\IEShims.dll
    2010-10-22 22:38 . 2010-09-08 05:56 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-10-22 22:38 . 2010-09-08 04:25 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-10-22 22:34 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
    2010-10-22 22:34 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
    2010-10-22 22:34 . 2010-08-31 13:27 2038272 ----a-w- c:\windows\system32\win32k.sys
    2010-10-22 22:34 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
    2010-10-22 22:34 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
    2010-10-22 22:34 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
    2010-10-10 17:13 . 2010-10-10 17:13 -------- d-----w- c:\programdata\McAfee

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-19 17:41 . 2009-10-03 13:53 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-08-26 16:33 . 2010-10-27 23:43 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
    2010-08-26 16:33 . 2010-10-27 23:43 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
    2010-08-26 16:33 . 2010-10-27 23:43 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2010-08-26 16:33 . 2010-10-27 23:43 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
    2010-08-17 14:11 . 2010-09-15 15:22 128000 ----a-w- c:\windows\system32\spoolsv.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "Google Update"="c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-09-20 136176]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
    "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
    "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-02-26 90191]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-26 7770112]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-26 81920]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
    "cwcptray"="c:\program files\ContentWatch\Internet Protection\cwtray.exe" [2010-07-03 353600]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
    "CWPhoenixApp"="c:\program files\ContentWatch\Internet Protection\Updater\Phoenix.exe" [2010-07-03 2069824]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

    c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
    backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
    2008-04-15 20:42 70912 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2005-02-17 06:11 49152 ----a-w- c:\program files\Hp\HP Software Update\hpwuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
    2007-03-20 22:23 1773568 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
    2007-03-06 18:28 180224 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
    2007-03-29 00:45 176128 ----a-w- c:\program files\Hp\QuickPlay\QPService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2007-04-30 07:06 77824 ----a-w- c:\program files\Java\jre1.6.0\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    2007-01-13 03:36 827392 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
    2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    R2 gupdate1ca89b86dfdccc8;Google Update Service (gupdate1ca89b86dfdccc8);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 133104]
    R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2009-07-24 30560]
    R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [2009-03-21 32408]
    R3 UVC;UVC;c:\windows\system32\drivers\tis_uvc_10015.sys [2007-11-13 43776]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1201000.025\SYMDS.SYS [2010-06-13 339504]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1201000.025\SYMEFA.SYS [2010-07-29 666672]
    S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20101001.001\BHDrvx86.sys [2010-08-31 692272]
    S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20101028.001\IDSvix86.sys [2010-10-19 353840]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1201000.025\Ironx86.SYS [2010-06-27 134704]
    S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\NAV\1201000.025\SYMTDIV.SYS [2010-07-13 331312]
    S2 CwAltaService20;ContentWatch;c:\program files\ContentWatch\Internet Protection\cwsvc.exe [2010-10-22 2100544]
    S2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe [2010-07-23 126904]
    S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe [2009-12-04 103280]
    S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe [2009-08-24 126392]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-10-30 102448]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder

    2010-11-01 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-27 15:06]

    2010-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 01:27]

    2010-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 01:27]

    2010-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4001749147-688493758-2348254775-1000Core.job
    - c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-27 23:03]

    2010-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4001749147-688493758-2348254775-1000UA.job
    - c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-27 23:03]

    2010-10-10 c:\windows\Tasks\HPCeeScheduleForOwner.job
    - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-04-30 21:23]

    2010-11-01 c:\windows\Tasks\User_Feed_Synchronization-{0292EF70-F177-4E15-8028-F4A865A0A14B}.job
    - c:\windows\system32\msfeedssync.exe [2010-10-22 04:25]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.erieskies.com/
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=PRESARIO&pf=laptop
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    LSP: c:\windows\system32\cwalsp.dll
    DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
    .
    - - - - ORPHANS REMOVED - - - -

    MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
    MSConfigStartUp-IS CfgWiz - c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe
    AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Owner\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-10-31 20:44
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NAV]
    "ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.1.0.37\diMaster.dll\" /prefetch:1"
    --

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCCUJobMgr]
    "ImagePath"="\"c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2010-10-31 20:49:25
    ComboFix-quarantined-files.txt 2010-11-01 02:49

    Pre-Run: 24,659,828,736 bytes free
    Post-Run: 30,495,744,000 bytes free

    - - End Of File - - 47ED66C6934965DE5947B1416B2A6F8D
     
  11. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    It looks pretty decent now :)

    How is computer doing at the moment?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
     
  12. mb2cotter

    mb2cotter TS Rookie Topic Starter Posts: 49

    Here's the extras log:

    OTL Extras logfile created on: 10/31/2010 9:58:26 PM - Run 1
    OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\Owner\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18975)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    958.00 Mb Total Physical Memory | 329.00 Mb Available Physical Memory | 34.00% Memory free
    2.00 Gb Paging File | 1.00 Gb Available in Paging File | 64.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 103.68 Gb Total Space | 29.16 Gb Free Space | 28.13% Space Free | Partition Type: NTFS
    Drive D: | 8.11 Gb Total Space | 1.75 Gb Free Space | 21.60% Space Free | Partition Type: NTFS
    Drive F: | 1004.20 Mb Total Space | 973.66 Mb Free Space | 96.96% Space Free | Partition Type: FAT

    Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01E80CD7-01FF-4548-AD1A-3CFC2EB52130}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{081E2D02-3273-4583-94A1-69D4498CA3EC}" = lport=139 | protocol=6 | dir=in | app=system |
    "{11AB49F0-AE19-4BD0-87C9-8BF75C698D7D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{20421B76-BF9B-4DF6-BDC5-E3C9064CA942}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{2C7B1628-991F-48B6-91DA-B868708CE0FC}" = lport=445 | protocol=6 | dir=in | app=system |
    "{51A5B775-AF4C-4728-BA4B-50E4B987FC06}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{57636780-20B6-4C6F-99CF-08670F5BBDFE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5C82729B-2158-4142-9F30-A9B7D9279BD8}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{7B1103BD-8728-4CDF-984C-18E40C85EC93}" = rport=139 | protocol=6 | dir=out | app=system |
    "{93273F8F-351F-477E-9702-D990660884D5}" = lport=137 | protocol=17 | dir=in | app=system |
    "{985194DC-48F4-4C4E-A572-EA79AF6886E8}" = rport=445 | protocol=6 | dir=out | app=system |
    "{A131CEB1-B773-45E4-99C0-1E62F13C09AE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{A2D838D8-A513-4A14-8004-03370D472E4C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{C2333BB0-D35F-409A-8FEB-1C22129B3239}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{C508C725-EC67-4CE9-B9B7-BA4B2D5F7A95}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{E0B46E36-7498-41CE-88FF-5FDB66E604CC}" = rport=137 | protocol=17 | dir=out | app=system |
    "{FCDAA3B4-8B37-4FC2-A9C7-E5E3E34C936B}" = rport=138 | protocol=17 | dir=out | app=system |
    "{FFDFBF53-5A84-4E04-A6E2-B92628541316}" = lport=138 | protocol=17 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{079A845F-052F-4E7E-91E5-4C3DBA79E52D}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
    "{07D771CF-F180-44BB-81DE-15B39A58CD28}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
    "{0D1A1075-B75C-4DB4-9BA9-0ED125E91C76}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{1601BB11-5CB9-4261-848E-D0D180E8ACD9}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
    "{1A7D7080-D379-4024-B7B7-676F7682DA63}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
    "{256063D9-678E-4ABB-ABDB-1FE5D20159F0}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{2EB80D87-88A9-4C82-90C4-9AEF4D208859}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{3DEE46DF-C72E-4635-B099-29007CF14AC7}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
    "{3EBA888C-79E1-4680-8DF6-98F1D121A453}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
    "{43ADCADE-27A6-44AE-87BC-0B4F6307AA16}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
    "{4F0200F0-E972-4675-9D7D-F12481964368}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{53BF9A30-572A-4DD4-A6C9-6F29A24E319E}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
    "{55A79AB5-CA50-4626-8AF0-1E9A0D04C4DF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{57E812FE-1061-4593-8600-FCA296E589F1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{5D889065-2BBD-4226-A27E-8A0D25680E0F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{6A3B5310-9011-4130-A7F0-4C3C4AC56CFC}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{7EE36B24-665F-41C0-B60F-47A54BA54E16}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{801A7B07-CE80-4D6E-B1A8-B40EFC950025}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{8575548E-B322-4D96-A6DD-6AE9693CD9EF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{8B1EFD3F-0865-45BE-ADA7-CCCC619B71D8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{8EA3AED1-C1B5-4A18-AB62-8AE628E1498A}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{9276FAAB-D0A0-4DBA-9EB0-2D0527DA92B0}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
    "{994D68B8-BCB2-4842-82B9-F01B82FEA5EC}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{9BD6E2B5-F7BE-491E-ADE1-21667DCE93D9}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{A0525A0F-2419-4204-8C78-DD8542617DA0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{A21F3033-C75B-4542-842D-283EEA288485}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
    "{A9251460-71C1-4F7D-B46F-8D2B3391E92E}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{ADE15D3D-D0CC-41D3-A211-07F709F240BF}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{AF6F928D-ECFA-4041-A605-3345C0D3717D}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{B3E8567C-003E-4306-86D5-E269C50C0E7F}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
    "{BB0EDB84-3BE1-4CDC-B9CB-AA34D27F699A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{C883F9C9-206D-4D6D-8848-D4298916C465}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{CC1E154C-9AE8-46C0-A8F4-BE5AEC88B0C9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{DEC36C78-CAB4-4A61-AE62-8C04D43D6850}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
    "{E2718CC5-180C-4CC3-9CF0-80C32E7F32BC}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{F759E9DC-D766-410F-8378-BB1873414031}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "TCP Query User{13005B8F-A92B-422D-9A38-31E0897E3CCA}C:\users\owner\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
    "TCP Query User{261D03A8-F801-4ECC-B197-4759E0730247}C:\program files\hp games\wheel of fortune\wheel of fortune.exe" = protocol=6 | dir=in | app=c:\program files\hp games\wheel of fortune\wheel of fortune.exe |
    "TCP Query User{3B5843B7-2539-44E3-A049-B96EF63B7518}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
    "TCP Query User{678E5E05-7FDA-4B36-8CA8-7033B788E5B9}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "TCP Query User{9C4A35A7-3C9D-4B97-A0CD-D461310A46BC}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
    "TCP Query User{A34CF152-A530-44FA-9AA0-AD3F8FE96C82}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "TCP Query User{AD4CBB3B-25CB-4C09-A590-573FEA2C78CA}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "UDP Query User{03CB8B33-EC50-4F0D-8543-974652807A73}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "UDP Query User{29B728EB-2F7C-4155-9E05-C4533F4C9011}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{614A527D-E807-4E52-9D37-63C4A9D17C99}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
    "UDP Query User{9E8D12B4-1D6D-4BC0-91A5-AFBE3CEE9D92}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{C16FAFE1-87A5-4A4E-8B57-60E6BA553C73}C:\users\owner\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
    "UDP Query User{EC48CFE9-FCF7-4B97-B68F-32CB647D6B83}C:\program files\hp games\wheel of fortune\wheel of fortune.exe" = protocol=17 | dir=in | app=c:\program files\hp games\wheel of fortune\wheel of fortune.exe |
    "UDP Query User{F4239F1F-56FC-4FD6-8653-7B5532AE0472}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
    "{0BFC200F-C45D-4271-AF34-4CA969225DEB}" = muvee autoProducer 6.0
    "{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
    "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
    "{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 15
    "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
    "{2A4D5994-8882-4539-B305-3038A58AAA3F}" = VZAccess Manager
    "{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
    "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
    "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 D3
    "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
    "{36C97B5B-5593-45B8-B50E-DAD87036BD9D}" = Microsoft LifeCam
    "{3FFB3B34-D639-4384-9AE9-DDE58430D86F}" = MSCU for Microsoft Vista
    "{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
    "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
    "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.2
    "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
    "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
    "{58F58158-8DFE-31DA-AC1F-7E5D89A0F74F}" = Google Talk Plugin
    "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
    "{88A548E6-4B09-43E7-AD55-3C7D1B37706D}" = ESU for Microsoft Vista
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
    "{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{9061CEF2-51F5-42C9-8A70-9ED351C6597A}" = HP Help and Support
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
    "{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
    "{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
    "{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.7
    "{AF0B98A9-F7E2-4FF5-88C7-7960EB91752B}" = HP User Guides 0041
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
    "{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
    "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
    "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
    "{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
    "{F6B29003-A078-4491-AFBE-62EFB6CFFE19}" = HP Total Care Advisor
    "{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
    "{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Shockwave Player" = Adobe Shockwave Player 11
    "ALTACPHOME_is1" = Net Nanny Parental Controls
    "CNXT_HDAUDIO" = Conexant HD Audio
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7" = Soft Data Fax Modem with SmartCP
    "Disney Toontown Online" = Disney Toontown Online
    "Google Chrome" = Google Chrome
    "Google Updater" = Google Updater
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "HP Photosmart Essential" = HP Photosmart Essential 2.0
    "ICCaptureAS2_is1" = IC Capture.AS 2.0
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "NAV" = Norton AntiVirus
    "NortonPCCheckup" = Norton PC Checkup
    "NVIDIA Drivers" = NVIDIA Drivers
    "Pet Vet 3D Animal Hospital_is1" = Pet Vet 3D Animal Hospital
    "RegiStax_is1" = RegiStax Version 4
    "Rhapsody" = Rhapsody
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "Veetle TV" = Veetle TV 0.9.15
    "WildTangent hplaptop Master Uninstall" = My HP Games
    "WildTangent wildgames Master Uninstall" = WildGames
    "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
    "WinRAR archiver" = WinRAR archiver
    "Yahoo! Companion" = Yahoo! Toolbar for Internet Explorer
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Toolbar" = Yahoo! Toolbar

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 8/3/2010 6:29:33 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 8/3/2010 6:29:33 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 4992

    Error - 8/3/2010 6:29:33 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 4992

    Error - 8/3/2010 6:29:36 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 8/3/2010 6:29:36 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 8065

    Error - 8/3/2010 6:29:36 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 8065

    Error - 8/3/2010 6:29:39 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 8/3/2010 6:29:39 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 10436

    Error - 8/3/2010 6:29:39 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 10436

    Error - 8/3/2010 6:29:40 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    [ Media Center Events ]
    Error - 2/7/2009 2:33:03 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 5/23/2009 1:27:50 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 6/9/2009 9:06:42 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 10/15/2009 1:29:38 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 11/10/2009 8:39:02 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 7/16/2010 5:29:05 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 7/17/2010 9:36:52 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 7/17/2010 3:42:04 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 7/18/2010 8:25:13 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 8/2/2010 4:29:06 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
    Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
    due to an abandoned mutex.'.

    [ ODiag Events ]
    Error - 1/10/2008 1:30:19 AM | Computer Name = Owner-PC | Source = Microsoft Office 12 Diagnostics | ID = 320
    Description = An unexpected error occurred. Tag: 2kcz. Error code: N/A

    [ OSession Events ]
    Error - 12/26/2007 10:03:34 PM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1753
    seconds with 120 seconds of active time. This session ended with a crash.

    Error - 1/10/2008 1:30:19 AM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 13, Application Name: Microsoft Office OneNote, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10
    seconds with 0 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 8/20/2008 11:13:35 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-Servicing | ID = 4385
    Description =

    Error - 8/20/2008 11:13:35 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-Servicing | ID = 4375
    Description =

    Error - 8/20/2008 11:13:35 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-Servicing | ID = 4385
    Description =

    Error - 8/28/2008 3:52:13 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7011
    Description =

    Error - 9/6/2008 10:23:34 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10010
    Description =

    Error - 9/6/2008 10:41:08 PM | Computer Name = Owner-PC | Source = ACPI | ID = 327686
    Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
    2, function 0. Please contact your system vendor for technical assistance.

    Error - 9/6/2008 10:41:08 PM | Computer Name = Owner-PC | Source = ACPI | ID = 327686
    Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
    3, function 0. Please contact your system vendor for technical assistance.

    Error - 9/10/2008 12:01:00 AM | Computer Name = Owner-PC | Source = DCOM | ID = 10010
    Description =

    Error - 9/10/2008 7:53:36 AM | Computer Name = Owner-PC | Source = ACPI | ID = 327686
    Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
    2, function 0. Please contact your system vendor for technical assistance.

    Error - 9/10/2008 7:53:36 AM | Computer Name = Owner-PC | Source = ACPI | ID = 327686
    Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
    3, function 0. Please contact your system vendor for technical assistance.


    < End of report >
     
  13. mb2cotter

    mb2cotter TS Rookie Topic Starter Posts: 49

    When I post the OTL log the site says the log is too long to post, so I'll split it up:

    OTL logfile created on: 10/31/2010 9:58:26 PM - Run 1
    OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\Owner\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18975)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    958.00 Mb Total Physical Memory | 329.00 Mb Available Physical Memory | 34.00% Memory free
    2.00 Gb Paging File | 1.00 Gb Available in Paging File | 64.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 103.68 Gb Total Space | 29.16 Gb Free Space | 28.13% Space Free | Partition Type: NTFS
    Drive D: | 8.11 Gb Total Space | 1.75 Gb Free Space | 21.60% Space Free | Partition Type: NTFS
    Drive F: | 1004.20 Mb Total Space | 973.66 Mb Free Space | 96.96% Space Free | Partition Type: FAT

    Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/10/31 21:55:04 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    PRC - [2010/10/22 16:19:35 | 002,100,544 | ---- | M] (ContentWatch, Inc.) -- C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe
    PRC - [2010/07/22 23:05:56 | 000,126,904 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
    PRC - [2010/07/03 10:56:27 | 000,353,600 | ---- | M] (ContentWatch, Inc.) -- C:\Program Files\ContentWatch\Internet Protection\cwtray.exe
    PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2009/12/04 14:16:40 | 000,103,280 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe
    PRC - [2009/08/24 16:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
    PRC - [2009/07/24 16:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/10/31 21:55:04 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    MOD - [2010/08/31 09:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/10/22 16:19:35 | 002,100,544 | ---- | M] (ContentWatch, Inc.) [Auto | Running] -- C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe -- (CwAltaService20)
    SRV - [2010/07/22 23:05:56 | 000,126,904 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe -- (NAV)
    SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2009/12/04 14:16:40 | 000,103,280 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
    SRV - [2009/09/24 19:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2009/08/24 16:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe -- (PCCUJobMgr)
    SRV - [2009/07/24 16:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
    SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/03/05 11:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
    SRV - [2004/10/22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
    DRV - [2010/10/30 17:32:02 | 000,126,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2010/10/30 01:00:00 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101031.002\NAVEX15.SYS -- (NAVEX15)
    DRV - [2010/10/30 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2010/10/30 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2010/10/30 01:00:00 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101031.002\NAVENG.SYS -- (NAVENG)
    DRV - [2010/10/19 14:36:22 | 000,353,840 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20101028.001\IDSvix86.sys -- (IDSVix86)
    DRV - [2010/08/31 16:57:04 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20101001.001\BHDrvx86.sys -- (BHDrvx86)
    DRV - [2010/07/28 21:33:05 | 000,666,672 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NAV\1201000.025\SYMEFA.SYS -- (SymEFA)
    DRV - [2010/07/28 20:54:36 | 000,489,008 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\system32\drivers\NAV\1201000.025\SRTSP.SYS -- (SRTSP)
    DRV - [2010/07/28 20:54:36 | 000,050,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1201000.025\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV - [2010/07/12 19:20:20 | 000,331,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1201000.025\SYMTDIV.SYS -- (SYMTDIv)
    DRV - [2010/06/26 22:05:55 | 000,134,704 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1201000.025\Ironx86.SYS -- (SymIRON)
    DRV - [2010/06/13 04:50:57 | 000,339,504 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NAV\1201000.025\SYMDS.SYS -- (SymDS)
    DRV - [2009/07/24 16:05:24 | 000,030,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
    DRV - [2009/04/10 22:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2009/03/20 20:03:36 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
    DRV - [2008/11/11 14:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
    DRV - [2008/11/11 14:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
    DRV - [2008/11/11 14:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
    DRV - [2007/11/13 05:44:10 | 000,043,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tis_uvc_10015.sys -- (UVC)
    DRV - [2007/02/26 13:26:00 | 004,465,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2007/02/21 18:24:48 | 000,159,232 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
    DRV - [2007/02/15 10:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
    DRV - [2007/01/12 21:59:02 | 000,181,432 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
    DRV - [2007/01/03 09:43:12 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
    DRV - [2007/01/03 09:43:12 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
    DRV - [2006/12/21 23:28:56 | 000,100,648 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
    DRV - [2006/11/30 12:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
    DRV - [2006/11/02 03:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
    DRV - [2006/11/02 03:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
    DRV - [2006/11/02 03:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
    DRV - [2006/11/02 03:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
    DRV - [2006/11/02 03:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
    DRV - [2006/11/02 03:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
    DRV - [2006/11/02 03:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
    DRV - [2006/11/02 03:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
    DRV - [2006/11/02 03:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
    DRV - [2006/11/02 03:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
    DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
    DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
    DRV - [2006/11/02 03:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
    DRV - [2006/11/02 03:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
    DRV - [2006/11/02 03:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
    DRV - [2006/11/02 03:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
    DRV - [2006/11/02 03:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
    DRV - [2006/11/02 03:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
    DRV - [2006/11/02 03:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
    DRV - [2006/11/02 03:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2006/11/02 03:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
    DRV - [2006/11/02 03:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
    DRV - [2006/11/02 03:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
    DRV - [2006/11/02 03:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
    DRV - [2006/11/02 03:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
    DRV - [2006/11/02 03:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
    DRV - [2006/11/02 03:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
    DRV - [2006/11/02 03:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
    DRV - [2006/11/02 03:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
    DRV - [2006/11/02 03:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
    DRV - [2006/11/02 03:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
    DRV - [2006/11/02 03:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
    DRV - [2006/11/02 03:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
    DRV - [2006/11/02 03:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
    DRV - [2006/11/02 03:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
    DRV - [2006/11/02 02:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2006/11/02 02:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
    DRV - [2006/11/02 02:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
    DRV - [2006/11/02 02:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
    DRV - [2006/11/02 02:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
    DRV - [2006/11/02 02:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
    DRV - [2006/11/02 01:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
    DRV - [2006/11/02 01:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
    DRV - [2006/11/02 01:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
    DRV - [2006/11/02 01:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
    DRV - [2006/10/18 20:10:57 | 001,380,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
    DRV - [2006/10/18 05:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
    DRV - [2006/10/18 05:08:14 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
    DRV - [2006/10/18 05:08:04 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
    DRV - [2006/08/04 11:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2006/06/28 11:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=PRESARIO&pf=laptop

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.erieskies.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2010/10/30 17:34:15 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2010/10/31 20:44:22 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
    O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\IPSBHO.dll (Symantec Corporation)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O4 - HKLM..\Run: [cwcptray] C:\Program Files\ContentWatch\Internet Protection\cwtray.exe (ContentWatch, Inc.)
    O4 - HKLM..\Run: [CWPhoenixApp] C:\Program Files\ContentWatch\Internet Protection\Updater\Phoenix.exe (ContentWatch, Inc.)
    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\cwalsp.dll (ContentWatch, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\cwalsp.dll (ContentWatch, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\cwalsp.dll (ContentWatch, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\cwalsp.dll (ContentWatch, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\cwalsp.dll (ContentWatch, Inc.)
    O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab (Windows Live OneCare safety scanner control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab (P3DActiveX Control)
    O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.171.3.25 205.171.2.25
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O24 - Desktop BackupWallPaper: C:\Users\Owner\Desktop\ryan bus.jpg
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/04/30 00:43:24 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2005/09/11 09:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/10/31 21:55:04 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2010/10/31 20:49:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2010/10/31 20:49:29 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2010/10/31 20:28:47 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2010/10/31 20:28:47 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2010/10/31 20:28:47 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2010/10/31 20:28:12 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2010/10/31 20:27:25 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/10/31 20:27:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2010/10/31 19:36:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\NTBR_CD
    [2010/10/31 19:32:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\NTBR_CD
    [2010/10/31 13:58:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\CrashDumps
    [2010/10/31 09:15:01 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Documents\TFC.exe
    [2010/10/30 23:26:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
    [2010/10/30 23:25:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/10/30 23:25:37 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/10/30 23:25:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/10/30 23:25:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/10/30 22:57:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\tdsskiller
    [2010/10/30 21:35:12 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\mbam-setup-1.46.exe
    [2010/10/30 17:35:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Symantec
    [2010/10/30 17:32:02 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
    [2010/10/30 17:32:02 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
    [2010/10/30 17:31:02 | 000,666,672 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1201000.025\SymEFA.sys
    [2010/10/30 17:31:02 | 000,489,008 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1201000.025\srtsp.sys
    [2010/10/30 17:31:02 | 000,339,504 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1201000.025\SymDS.sys
    [2010/10/30 17:31:02 | 000,331,312 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1201000.025\symtdiv.sys
    [2010/10/30 17:31:02 | 000,294,448 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1201000.025\symnets.sys
    [2010/10/30 17:31:02 | 000,134,704 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1201000.025\Ironx86.sys
    [2010/10/30 17:31:02 | 000,050,096 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1201000.025\srtspx.sys
    [2010/10/30 17:30:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV
    [2010/10/30 17:30:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV\1201000.025
    [2010/10/30 17:30:21 | 000,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus
    [2010/10/30 17:19:07 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings
    [2010/10/26 11:30:08 | 001,317,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Owner\Documents\TDSSKiller.exe
    [2010/10/23 03:03:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Mozilla
    [2010/10/10 11:13:32 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee

    ========== Files - Modified Within 30 Days ==========

    [2010/10/31 22:02:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0292EF70-F177-4E15-8028-F4A865A0A14B}.job
    [2010/10/31 21:55:04 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2010/10/31 21:46:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2010/10/31 21:35:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/10/31 21:26:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4001749147-688493758-2348254775-1000UA.job
    [2010/10/31 21:26:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4001749147-688493758-2348254775-1000Core.job
    [2010/10/31 20:44:22 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2010/10/31 20:17:40 | 003,896,823 | R--- | M] () -- C:\Users\Owner\Desktop\ComboFix.exe
    [2010/10/31 20:06:13 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
    [2010/10/31 20:05:43 | 000,013,025 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\nvModes.001
    [2010/10/31 20:03:50 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/10/31 20:03:50 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/10/31 20:03:48 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2010/10/31 20:03:30 | 1005,174,784 | -HS- | M] () -- C:\hiberfil.sys
    [2010/10/31 19:36:07 | 002,565,432 | ---- | M] () -- C:\Users\Owner\Desktop\NTBR_CD.exe
    [2010/10/31 13:58:49 | 000,000,162 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\dkfjasdfshd.bat
    [2010/10/31 10:34:25 | 000,085,504 | ---- | M] () -- C:\Windows\MBR.exe
    [2010/10/31 09:24:17 | 000,626,176 | ---- | M] () -- C:\Users\Owner\Documents\dds.scr
    [2010/10/31 09:23:37 | 000,294,912 | ---- | M] () -- C:\Users\Owner\Documents\j6poz0es.exe
    [2010/10/31 09:16:49 | 000,294,912 | ---- | M] () -- C:\Users\Owner\Documents\qxhi09iu.exe
    [2010/10/31 09:15:05 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Documents\TFC.exe
    [2010/10/30 23:25:44 | 000,000,854 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/10/30 22:57:46 | 001,317,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Owner\Documents\TDSSKiller.exe
    [2010/10/30 22:57:21 | 000,080,384 | ---- | M] () -- C:\Users\Owner\Documents\MBRCheck.exe
    [2010/10/30 22:56:38 | 001,207,026 | ---- | M] () -- C:\Users\Owner\Documents\tdsskiller.zip
    [2010/10/30 21:35:12 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\mbam-setup-1.46.exe
    [2010/10/30 21:27:06 | 000,294,400 | ---- | M] () -- C:\Users\Owner\Desktop\exeHelper.com
    [2010/10/30 21:23:55 | 000,364,032 | ---- | M] () -- C:\Users\Owner\Desktop\rkill.com
    [2010/10/30 21:16:54 | 000,316,348 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010/10/30 21:16:54 | 000,110,554 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010/10/30 17:33:16 | 002,154,466 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1201000.025\Cat.DB
    [2010/10/30 17:32:02 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
    [2010/10/30 17:32:02 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
    [2010/10/30 17:32:02 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
    [2010/10/30 17:31:20 | 000,002,161 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
    [2010/10/30 17:31:04 | 000,000,883 | ---- | M] () -- C:\Users\Owner\Desktop\Norton Installation Files.lnk
    [2010/10/30 17:29:19 | 000,000,029 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\boot.bat
    [2010/10/30 13:34:50 | 000,013,025 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\nvModes.dat
    [2010/10/23 04:04:43 | 000,352,584 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2010/10/10 09:19:06 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOwner.job

    ========== Files Created - No Company Name ==========

    [2010/10/31 20:28:47 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2010/10/31 20:28:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2010/10/31 20:28:47 | 000,085,504 | ---- | C] () -- C:\Windows\MBR.exe
    [2010/10/31 20:28:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2010/10/31 20:28:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2010/10/31 20:17:40 | 003,896,823 | R--- | C] () -- C:\Users\Owner\Desktop\ComboFix.exe
    [2010/10/31 19:36:07 | 002,565,432 | ---- | C] () -- C:\Users\Owner\Desktop\NTBR_CD.exe
    [2010/10/31 09:24:05 | 000,626,176 | ---- | C] () -- C:\Users\Owner\Documents\dds.scr
    [2010/10/31 09:23:33 | 000,294,912 | ---- | C] () -- C:\Users\Owner\Documents\j6poz0es.exe
    [2010/10/31 09:16:47 | 000,294,912 | ---- | C] () -- C:\Users\Owner\Documents\qxhi09iu.exe
    [2010/10/30 23:25:44 | 000,000,854 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/10/30 22:57:21 | 000,080,384 | ---- | C] () -- C:\Users\Owner\Documents\MBRCheck.exe
    [2010/10/30 22:56:36 | 001,207,026 | ---- | C] () -- C:\Users\Owner\Documents\tdsskiller.zip
    [2010/10/30 21:27:06 | 000,294,400 | ---- | C] () -- C:\Users\Owner\Desktop\exeHelper.com
    [2010/10/30 21:23:46 | 000,364,032 | ---- | C] () -- C:\Users\Owner\Desktop\rkill.com
    [2010/10/30 17:32:07 | 002,154,466 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1201000.025\Cat.DB
    [2010/10/30 17:32:02 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
    [2010/10/30 17:32:02 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
    [2010/10/30 17:31:20 | 000,002,161 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
    [2010/10/30 17:30:31 | 000,003,373 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1201000.025\SymEFA.inf
    [2010/10/30 17:30:31 | 000,002,792 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1201000.025\SymDS.inf
    [2010/10/30 17:30:31 | 000,001,473 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1201000.025\SymNetV.inf
    [2010/10/30 17:30:31 | 000,001,445 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1201000.025\SymNet.inf
    [2010/10/30 17:30:31 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1201000.025\srtspx.inf
    [2010/10/30 17:30:31 | 000,001,383 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1201000.025\srtsp.inf
    [2010/10/30 17:30:31 | 000,000,741 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1201000.025\Iron.inf
    [2010/10/30 17:30:25 | 000,007,787 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1201000.025\symnetv.cat
    [2010/10/30 17:30:25 | 000,007,446 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1201000.025\SymNet.cat
    [2010/10/30 17:30:25 | 000,007,444 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1201000.025\SymEFA.cat
    [2010/10/30 17:30:25 | 000,007,442 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1201000.025\srtspx.cat
    [2010/10/30 17:30:25 | 000,007,438 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1201000.025\SymDS.cat
    [2010/10/30 17:30:25 | 000,007,438 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1201000.025\srtsp.cat
    [2010/10/30 17:30:25 | 000,007,438 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1201000.025\iron.cat
    [2010/10/30 17:30:25 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1201000.025\isolate.ini
    [2010/10/30 17:29:19 | 000,000,029 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\boot.bat
    [2010/10/30 15:07:05 | 000,000,883 | ---- | C] () -- C:\Users\Owner\Desktop\Norton Installation Files.lnk
    [2010/10/30 14:37:34 | 000,000,162 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\dkfjasdfshd.bat
    [2010/02/09 22:32:40 | 000,975,872 | ---- | C] () -- C:\Windows\System32\libxml2_CW.dll
    [2010/02/09 22:32:40 | 000,151,552 | ---- | C] () -- C:\Windows\System32\libexpat.dll
    [2010/02/09 22:32:37 | 001,073,152 | ---- | C] () -- C:\Windows\System32\wxcode_msw28u_wxcurl_CW.dll
    [2010/02/09 22:32:37 | 000,524,288 | ---- | C] () -- C:\Windows\System32\wxmsw28u_xrc_vc_CW.dll
    [2010/02/09 22:32:37 | 000,499,712 | ---- | C] () -- C:\Windows\System32\wxmsw28u_html_vc_CW.dll
    [2010/02/09 22:32:37 | 000,110,592 | ---- | C] () -- C:\Windows\System32\wxmsw28u_media_vc_CW.dll
    [2010/02/09 22:32:37 | 000,081,920 | ---- | C] () -- C:\Windows\System32\wxcode_msw28u_wxjson_CW.dll
    [2010/02/09 22:32:36 | 002,916,352 | ---- | C] () -- C:\Windows\System32\wxmsw28u_core_vc_CW.dll
    [2010/02/09 22:32:36 | 001,236,992 | ---- | C] () -- C:\Windows\System32\wxbase28u_vc_CW.dll
    [2010/02/09 22:32:36 | 000,716,800 | ---- | C] () -- C:\Windows\System32\wxmsw28u_adv_vc_CW.dll
    [2010/02/09 22:32:36 | 000,135,168 | ---- | C] () -- C:\Windows\System32\wxbase28u_xml_vc_CW.dll
    [2010/02/09 22:32:36 | 000,135,168 | ---- | C] () -- C:\Windows\System32\wxbase28u_net_vc_CW.dll
    [2009/12/30 19:30:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2009/09/24 08:56:25 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/03/20 16:42:37 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
    [2008/04/05 17:30:44 | 000,015,360 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/03/30 15:07:53 | 000,147,968 | ---- | C] () -- C:\Windows\System32\DeBayerTransform.dll
    [2008/03/30 15:07:53 | 000,043,776 | ---- | C] () -- C:\Windows\System32\drivers\tis_uvc_10015.sys
    [2008/03/30 15:07:53 | 000,006,144 | ---- | C] () -- C:\Windows\System32\drvcoinst2.dll
    [2008/03/30 15:07:52 | 000,174,592 | ---- | C] () -- C:\Windows\System32\uvc_page_x86.dll
    [2007/12/26 16:07:52 | 000,013,025 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\nvModes.001
    [2007/12/26 13:45:37 | 000,013,025 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\nvModes.dat
    [2007/11/19 15:41:48 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\QSwitch.txt
    [2007/11/19 15:41:48 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\DSwitch.txt
    [2007/11/19 15:41:48 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\AtStart.txt
    [2007/04/30 00:28:25 | 000,000,320 | ---- | C] () -- C:\ProgramData\hpzinstall.log
    [2007/02/27 14:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
    [2006/12/14 00:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
    [2006/12/14 00:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
    [2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 04:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
    [2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/03/09 18:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

    ========== LOP Check ==========

    [2008/03/30 15:13:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\IC Capture.AS 2.0
    [2009/06/26 12:49:28 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\muvee Technologies
    [2007/12/31 11:03:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PlayFirst
    [2009/12/09 22:34:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Tific
    [2008/04/13 08:28:23 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WildTangent
    [2010/10/31 19:58:58 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2010/10/31 22:02:00 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{0292EF70-F177-4E15-8028-F4A865A0A14B}.job

    ========== Purity Check ==========
     
  14. mb2cotter

    mb2cotter TS Rookie Topic Starter Posts: 49

    Here's the rest of OTL:

    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2007/04/30 00:43:24 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
    [2009/04/11 00:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2010/10/31 20:49:26 | 000,013,998 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/18 15:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2010/10/31 20:03:30 | 1005,174,784 | -HS- | M] () -- C:\hiberfil.sys
    [2010/10/31 20:03:28 | 1318,973,440 | -HS- | M] () -- C:\pagefile.sys
    [2010/10/31 19:32:57 | 000,062,024 | ---- | M] () -- C:\TDSSKiller.2.4.5.1_31.10.2010_19.11.38_log.txt
    [2008/01/05 21:00:16 | 000,000,146 | ---- | M] () -- C:\YServer.txt

    < %systemroot%\Fonts\*.com >
    [2006/11/02 06:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 06:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 06:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/10/31 10:26:03 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 15:37:34 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2006/11/02 06:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
    [2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/10/12 23:42:09 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2006/11/02 04:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2006/11/02 04:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2006/11/02 04:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 04:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 04:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/04/07 22:47:39 | 000,000,344 | -HS- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2010/10/31 20:17:40 | 003,896,823 | R--- | M] () -- C:\Users\Owner\Desktop\ComboFix.exe
    [2010/10/30 21:35:12 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\mbam-setup-1.46.exe
    [2010/10/31 19:36:07 | 002,565,432 | ---- | M] () -- C:\Users\Owner\Desktop\NTBR_CD.exe
    [2010/10/31 21:55:04 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2007/11/19 16:48:26 | 000,000,402 | -HS- | M] () -- C:\Users\Owner\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2007/04/30 00:28:57 | 000,000,320 | ---- | M] () -- C:\ProgramData\hpzinstall.log

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
  15. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Vista would like to have at least 2GB of RAM to run smoothly.

    ==========================================================================

    Update your Java version: http://java.com/en/download/index.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java installations...

    Please download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ===================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      
      
      :Services
      
      :Reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
      "DisableMonitoring" =-
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring" =-
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
      "DisableMonitoring" =-
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =====================================================================

    Last scans....

    Download Security Check from HERE, and save it to your Desktop.

    * Double-click SecurityCheck.exe
    * Follow the onscreen instructions inside of the black box.
    * A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    =======================================================

    Download Temp File Cleaner (TFC)
    Double click on TFC.exe to run the program.
    Click on Start button to begin cleaning process.
    TFC will close all running programs, and it may ask you to restart computer.

    ========================================================

    Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • IMPORTANT! UN-check Remove found threats
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
     
  16. mb2cotter

    mb2cotter TS Rookie Topic Starter Posts: 49

    I still get the "blocked startup programs" message when I restart the computer, but I don't think I see anything too scary on the list of startup programs. I'm not sure how to tell if any of them are bad. I'm not getting redirected on Google. I don't see any obvious problems.
     
  17. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    I'd like to know EXACT message and...do you know, what is the source of that message?
     
  18. mb2cotter

    mb2cotter TS Rookie Topic Starter Posts: 49

    There's an icon in the lower right for "blocked startup programs". When I double click it it gives me some options: "show or remove blocked startup programs", "run blocked program", help (which send me to windows help{) or exit. The blocked program appears to be Malwarebytes Anti-malware.
     
  19. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    I see. That would be this:
    Try "run blocked program" and it shouldn't bother you after next restart.
     
  20. mb2cotter

    mb2cotter TS Rookie Topic Starter Posts: 49

    OTL logfile created on: 10/31/2010 10:57:53 PM - Run 2
    OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\Owner\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18975)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    958.00 Mb Total Physical Memory | 391.00 Mb Available Physical Memory | 41.00% Memory free
    2.00 Gb Paging File | 1.00 Gb Available in Paging File | 66.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 103.68 Gb Total Space | 28.68 Gb Free Space | 27.66% Space Free | Partition Type: NTFS
    Drive D: | 8.11 Gb Total Space | 1.75 Gb Free Space | 21.60% Space Free | Partition Type: NTFS
    Drive F: | 1004.20 Mb Total Space | 972.86 Mb Free Space | 96.88% Space Free | Partition Type: FAT

    Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/10/31 21:55:04 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    PRC - [2010/10/22 16:19:35 | 002,100,544 | ---- | M] (ContentWatch, Inc.) -- C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe
    PRC - [2010/07/22 23:05:56 | 000,126,904 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
    PRC - [2010/07/03 10:56:27 | 000,353,600 | ---- | M] (ContentWatch, Inc.) -- C:\Program Files\ContentWatch\Internet Protection\cwtray.exe
    PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2009/12/04 14:16:40 | 000,103,280 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe
    PRC - [2009/08/24 16:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
    PRC - [2009/07/24 16:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/10/31 21:55:04 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    MOD - [2010/08/31 09:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/10/22 16:19:35 | 002,100,544 | ---- | M] (ContentWatch, Inc.) [Auto | Running] -- C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe -- (CwAltaService20)
    SRV - [2010/07/22 23:05:56 | 000,126,904 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe -- (NAV)
    SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2009/12/04 14:16:40 | 000,103,280 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
    SRV - [2009/09/24 19:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2009/08/24 16:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe -- (PCCUJobMgr)
    SRV - [2009/07/24 16:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
    SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/03/05 11:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
    SRV - [2004/10/22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Owner\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
    DRV - [2010/10/30 17:32:02 | 000,126,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2010/10/30 01:00:00 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101031.002\NAVEX15.SYS -- (NAVEX15)
    DRV - [2010/10/30 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2010/10/30 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2010/10/30 01:00:00 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101031.002\NAVENG.SYS -- (NAVENG)
    DRV - [2010/10/19 14:36:22 | 000,353,840 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20101028.001\IDSvix86.sys -- (IDSVix86)
    DRV - [2010/08/31 16:57:04 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20101001.001\BHDrvx86.sys -- (BHDrvx86)
    DRV - [2010/07/28 21:33:05 | 000,666,672 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NAV\1201000.025\SYMEFA.SYS -- (SymEFA)
    DRV - [2010/07/28 20:54:36 | 000,489,008 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\system32\drivers\NAV\1201000.025\SRTSP.SYS -- (SRTSP)
    DRV - [2010/07/28 20:54:36 | 000,050,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1201000.025\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV - [2010/07/12 19:20:20 | 000,331,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1201000.025\SYMTDIV.SYS -- (SYMTDIv)
    DRV - [2010/06/26 22:05:55 | 000,134,704 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1201000.025\Ironx86.SYS -- (SymIRON)
    DRV - [2010/06/13 04:50:57 | 000,339,504 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NAV\1201000.025\SYMDS.SYS -- (SymDS)
    DRV - [2009/07/24 16:05:24 | 000,030,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
    DRV - [2009/04/10 22:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2009/03/20 20:03:36 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
    DRV - [2008/11/11 14:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
    DRV - [2008/11/11 14:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
    DRV - [2008/11/11 14:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
    DRV - [2007/11/13 05:44:10 | 000,043,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tis_uvc_10015.sys -- (UVC)
    DRV - [2007/02/26 13:26:00 | 004,465,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2007/02/21 18:24:48 | 000,159,232 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
    DRV - [2007/02/15 10:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
    DRV - [2007/01/12 21:59:02 | 000,181,432 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
    DRV - [2007/01/03 09:43:12 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
    DRV - [2007/01/03 09:43:12 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
    DRV - [2006/12/21 23:28:56 | 000,100,648 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
    DRV - [2006/11/30 12:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
    DRV - [2006/11/02 03:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
    DRV - [2006/11/02 03:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
    DRV - [2006/11/02 03:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
    DRV - [2006/11/02 03:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
    DRV - [2006/11/02 03:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
    DRV - [2006/11/02 03:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
    DRV - [2006/11/02 03:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
    DRV - [2006/11/02 03:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
    DRV - [2006/11/02 03:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
    DRV - [2006/11/02 03:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
    DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
    DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
    DRV - [2006/11/02 03:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
    DRV - [2006/11/02 03:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
    DRV - [2006/11/02 03:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
    DRV - [2006/11/02 03:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
    DRV - [2006/11/02 03:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
    DRV - [2006/11/02 03:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
    DRV - [2006/11/02 03:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
    DRV - [2006/11/02 03:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2006/11/02 03:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
    DRV - [2006/11/02 03:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
    DRV - [2006/11/02 03:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
    DRV - [2006/11/02 03:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
    DRV - [2006/11/02 03:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
    DRV - [2006/11/02 03:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
    DRV - [2006/11/02 03:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
    DRV - [2006/11/02 03:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
    DRV - [2006/11/02 03:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
    DRV - [2006/11/02 03:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
    DRV - [2006/11/02 03:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
    DRV - [2006/11/02 03:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
    DRV - [2006/11/02 03:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
    DRV - [2006/11/02 03:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
    DRV - [2006/11/02 03:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
    DRV - [2006/11/02 02:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2006/11/02 02:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
    DRV - [2006/11/02 02:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
    DRV - [2006/11/02 02:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
    DRV - [2006/11/02 02:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
    DRV - [2006/11/02 02:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
    DRV - [2006/11/02 01:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
    DRV - [2006/11/02 01:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
    DRV - [2006/11/02 01:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
    DRV - [2006/11/02 01:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
    DRV - [2006/10/18 20:10:57 | 001,380,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
    DRV - [2006/10/18 05:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
    DRV - [2006/10/18 05:08:14 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
    DRV - [2006/10/18 05:08:04 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
    DRV - [2006/08/04 11:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2006/06/28 11:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=PRESARIO&pf=laptop

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.erieskies.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2010/10/30 17:34:15 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2010/10/31 20:44:22 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
    O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\IPSBHO.dll (Symantec Corporation)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O4 - HKLM..\Run: [cwcptray] C:\Program Files\ContentWatch\Internet Protection\cwtray.exe (ContentWatch, Inc.)
    O4 - HKLM..\Run: [CWPhoenixApp] C:\Program Files\ContentWatch\Internet Protection\Updater\Phoenix.exe (ContentWatch, Inc.)
    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\cwalsp.dll (ContentWatch, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\cwalsp.dll (ContentWatch, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\cwalsp.dll (ContentWatch, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\cwalsp.dll (ContentWatch, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\cwalsp.dll (ContentWatch, Inc.)
    O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab (Windows Live OneCare safety scanner control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab (P3DActiveX Control)
    O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.171.3.25 205.171.2.25
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O24 - Desktop BackupWallPaper: C:\Users\Owner\Desktop\ryan bus.jpg
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/04/30 00:43:24 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2005/09/11 09:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/10/31 22:51:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\JavaRa
    [2010/10/31 22:43:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2010/10/31 21:55:04 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2010/10/31 20:49:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2010/10/31 20:49:29 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2010/10/31 20:28:47 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2010/10/31 20:28:47 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2010/10/31 20:28:47 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2010/10/31 20:28:12 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2010/10/31 20:27:25 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/10/31 20:27:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2010/10/31 19:36:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\NTBR_CD
    [2010/10/31 19:32:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\NTBR_CD
    [2010/10/31 13:58:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\CrashDumps
    [2010/10/31 09:15:01 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Documents\TFC.exe
    [2010/10/30 23:26:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
    [2010/10/30 23:25:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/10/30 23:25:37 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/10/30 23:25:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/10/30 23:25:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/10/30 22:57:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\tdsskiller
    [2010/10/30 21:35:12 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\mbam-setup-1.46.exe
    [2010/10/30 17:35:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Symantec
    [2010/10/30 17:32:02 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
    [2010/10/30 17:32:02 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
    [2010/10/30 17:31:02 | 000,666,672 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1201000.025\SymEFA.sys
    [2010/10/30 17:31:02 | 000,489,008 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1201000.025\srtsp.sys
    [2010/10/30 17:31:02 | 000,339,504 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1201000.025\SymDS.sys
    [2010/10/30 17:31:02 | 000,331,312 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1201000.025\symtdiv.sys
    [2010/10/30 17:31:02 | 000,294,448 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1201000.025\symnets.sys
    [2010/10/30 17:31:02 | 000,134,704 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1201000.025\Ironx86.sys
    [2010/10/30 17:31:02 | 000,050,096 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1201000.025\srtspx.sys
    [2010/10/30 17:30:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV
    [2010/10/30 17:30:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV\1201000.025
    [2010/10/30 17:30:21 | 000,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus
    [2010/10/30 17:19:07 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings
    [2010/10/26 11:30:08 | 001,317,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Owner\Documents\TDSSKiller.exe
    [2010/10/23 03:03:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Mozilla
    [2010/10/10 11:13:32 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee

    ========== Files - Modified Within 30 Days ==========

    [2010/10/31 22:57:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0292EF70-F177-4E15-8028-F4A865A0A14B}.job
    [2010/10/31 22:51:01 | 000,205,540 | ---- | M] () -- C:\Users\Owner\Documents\JavaRa.zip
    [2010/10/31 22:46:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2010/10/31 22:28:16 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
    [2010/10/31 22:26:43 | 000,013,025 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\nvModes.001
    [2010/10/31 22:26:16 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4001749147-688493758-2348254775-1000UA.job
    [2010/10/31 22:25:54 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/10/31 22:25:54 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/10/31 22:25:51 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2010/10/31 22:25:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/10/31 22:25:41 | 1005,174,784 | -HS- | M] () -- C:\hiberfil.sys
    [2010/10/31 21:55:04 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2010/10/31 21:26:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4001749147-688493758-2348254775-1000Core.job
    [2010/10/31 20:44:22 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2010/10/31 20:17:40 | 003,896,823 | R--- | M] () -- C:\Users\Owner\Desktop\ComboFix.exe
    [2010/10/31 19:36:07 | 002,565,432 | ---- | M] () -- C:\Users\Owner\Desktop\NTBR_CD.exe
    [2010/10/31 13:58:49 | 000,000,162 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\dkfjasdfshd.bat
    [2010/10/31 10:34:25 | 000,085,504 | ---- | M] () -- C:\Windows\MBR.exe
    [2010/10/31 09:24:17 | 000,626,176 | ---- | M] () -- C:\Users\Owner\Documents\dds.scr
    [2010/10/31 09:23:37 | 000,294,912 | ---- | M] () -- C:\Users\Owner\Documents\j6poz0es.exe
    [2010/10/31 09:16:49 | 000,294,912 | ---- | M] () -- C:\Users\Owner\Documents\qxhi09iu.exe
    [2010/10/31 09:15:05 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Documents\TFC.exe
    [2010/10/30 23:25:44 | 000,000,854 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/10/30 22:57:46 | 001,317,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Owner\Documents\TDSSKiller.exe
    [2010/10/30 22:57:21 | 000,080,384 | ---- | M] () -- C:\Users\Owner\Documents\MBRCheck.exe
    [2010/10/30 22:56:38 | 001,207,026 | ---- | M] () -- C:\Users\Owner\Documents\tdsskiller.zip
    [2010/10/30 21:35:12 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\mbam-setup-1.46.exe
    [2010/10/30 21:27:06 | 000,294,400 | ---- | M] () -- C:\Users\Owner\Desktop\exeHelper.com
    [2010/10/30 21:23:55 | 000,364,032 | ---- | M] () -- C:\Users\Owner\Desktop\rkill.com
    [2010/10/30 21:16:54 | 000,316,348 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010/10/30 21:16:54 | 000,110,554 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010/10/30 17:33:16 | 002,154,466 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1201000.025\Cat.DB
    [2010/10/30 17:32:02 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
    [2010/10/30 17:32:02 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
    [2010/10/30 17:32:02 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
    [2010/10/30 17:31:20 | 000,002,161 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
    [2010/10/30 17:31:04 | 000,000,883 | ---- | M] () -- C:\Users\Owner\Desktop\Norton Installation Files.lnk
    [2010/10/30 17:29:19 | 000,000,029 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\boot.bat
    [2010/10/30 13:34:50 | 000,013,025 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\nvModes.dat
    [2010/10/23 04:04:43 | 000,352,584 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2010/10/10 09:19:06 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOwner.job

    ========== Files Created - No Company Name ==========

    [2010/10/31 22:51:00 | 000,205,540 | ---- | C] () -- C:\Users\Owner\Documents\JavaRa.zip
    [2010/10/31 20:28:47 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2010/10/31 20:28:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2010/10/31 20:28:47 | 000,085,504 | ---- | C] () -- C:\Windows\MBR.exe
    [2010/10/31 20:28:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2010/10/31 20:28:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2010/10/31 20:17:40 | 003,896,823 | R--- | C] () -- C:\Users\Owner\Desktop\ComboFix.exe
    [2010/10/31 19:36:07 | 002,565,432 | ---- | C] () -- C:\Users\Owner\Desktop\NTBR_CD.exe
    [2010/10/31 09:24:05 | 000,626,176 | ---- | C] () -- C:\Users\Owner\Documents\dds.scr
    [2010/10/31 09:23:33 | 000,294,912 | ---- | C] () -- C:\Users\Owner\Documents\j6poz0es.exe
    [2010/10/31 09:16:47 | 000,294,912 | ---- | C] () -- C:\Users\Owner\Documents\qxhi09iu.exe
    [2010/10/30 23:25:44 | 000,000,854 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/10/30 22:57:21 | 000,080,384 | ---- | C] () -- C:\Users\Owner\Documents\MBRCheck.exe
    [2010/10/30 22:56:36 | 001,207,026 | ---- | C] () -- C:\Users\Owner\Documents\tdsskiller.zip
    [2010/10/30 21:27:06 | 000,294,400 | ---- | C] () -- C:\Users\Owner\Desktop\exeHelper.com
    [2010/10/30 21:23:46 | 000,364,032 | ---- | C] () -- C:\Users\Owner\Desktop\rkill.com
    [2010/10/30 17:32:07 | 002,154,466 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1201000.025\Cat.DB
    [2010/10/30 17:32:02 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
    [2010/10/30 17:32:02 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
    [2010/10/30 17:31:20 | 000,002,161 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
    [2010/10/30 17:30:31 | 000,003,373 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1201000.025\SymEFA.inf
    [2010/10/30 17:30:31 | 000,002,792 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1201000.025\SymDS.inf
    [2010/10/30 17:30:31 | 000,001,473 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1201000.025\SymNetV.inf
    [2010/10/30 17:30:31 | 000,001,445 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1201000.025\SymNet.inf
    [2010/10/30 17:30:31 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1201000.025\srtspx.inf
    [2010/10/30 17:30:31 | 000,001,383 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1201000.025\srtsp.inf
    [2010/10/30 17:30:31 | 000,000,741 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1201000.025\Iron.inf
    [2010/10/30 17:30:25 | 000,007,787 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1201000.025\symnetv.cat
    [2010/10/30 17:30:25 | 000,007,446 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1201000.025\SymNet.cat
    [2010/10/30 17:30:25 | 000,007,444 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1201000.025\SymEFA.cat
    [2010/10/30 17:30:25 | 000,007,442 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1201000.025\srtspx.cat
    [2010/10/30 17:30:25 | 000,007,438 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1201000.025\SymDS.cat
    [2010/10/30 17:30:25 | 000,007,438 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1201000.025\srtsp.cat
    [2010/10/30 17:30:25 | 000,007,438 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1201000.025\iron.cat
    [2010/10/30 17:30:25 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1201000.025\isolate.ini
    [2010/10/30 17:29:19 | 000,000,029 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\boot.bat
    [2010/10/30 15:07:05 | 000,000,883 | ---- | C] () -- C:\Users\Owner\Desktop\Norton Installation Files.lnk
    [2010/10/30 14:37:34 | 000,000,162 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\dkfjasdfshd.bat
    [2010/02/09 22:32:40 | 000,975,872 | ---- | C] () -- C:\Windows\System32\libxml2_CW.dll
    [2010/02/09 22:32:40 | 000,151,552 | ---- | C] () -- C:\Windows\System32\libexpat.dll
    [2010/02/09 22:32:37 | 001,073,152 | ---- | C] () -- C:\Windows\System32\wxcode_msw28u_wxcurl_CW.dll
    [2010/02/09 22:32:37 | 000,524,288 | ---- | C] () -- C:\Windows\System32\wxmsw28u_xrc_vc_CW.dll
    [2010/02/09 22:32:37 | 000,499,712 | ---- | C] () -- C:\Windows\System32\wxmsw28u_html_vc_CW.dll
    [2010/02/09 22:32:37 | 000,110,592 | ---- | C] () -- C:\Windows\System32\wxmsw28u_media_vc_CW.dll
    [2010/02/09 22:32:37 | 000,081,920 | ---- | C] () -- C:\Windows\System32\wxcode_msw28u_wxjson_CW.dll
    [2010/02/09 22:32:36 | 002,916,352 | ---- | C] () -- C:\Windows\System32\wxmsw28u_core_vc_CW.dll
    [2010/02/09 22:32:36 | 001,236,992 | ---- | C] () -- C:\Windows\System32\wxbase28u_vc_CW.dll
    [2010/02/09 22:32:36 | 000,716,800 | ---- | C] () -- C:\Windows\System32\wxmsw28u_adv_vc_CW.dll
    [2010/02/09 22:32:36 | 000,135,168 | ---- | C] () -- C:\Windows\System32\wxbase28u_xml_vc_CW.dll
    [2010/02/09 22:32:36 | 000,135,168 | ---- | C] () -- C:\Windows\System32\wxbase28u_net_vc_CW.dll
    [2009/12/30 19:30:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2009/09/24 08:56:25 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/03/20 16:42:37 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
    [2008/04/05 17:30:44 | 000,015,360 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/03/30 15:07:53 | 000,147,968 | ---- | C] () -- C:\Windows\System32\DeBayerTransform.dll
    [2008/03/30 15:07:53 | 000,043,776 | ---- | C] () -- C:\Windows\System32\drivers\tis_uvc_10015.sys
    [2008/03/30 15:07:53 | 000,006,144 | ---- | C] () -- C:\Windows\System32\drvcoinst2.dll
    [2008/03/30 15:07:52 | 000,174,592 | ---- | C] () -- C:\Windows\System32\uvc_page_x86.dll
    [2007/12/26 16:07:52 | 000,013,025 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\nvModes.001
    [2007/12/26 13:45:37 | 000,013,025 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\nvModes.dat
    [2007/11/19 15:41:48 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\QSwitch.txt
    [2007/11/19 15:41:48 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\DSwitch.txt
    [2007/11/19 15:41:48 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\AtStart.txt
    [2007/04/30 00:28:25 | 000,000,320 | ---- | C] () -- C:\ProgramData\hpzinstall.log
    [2007/02/27 14:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
    [2006/12/14 00:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
    [2006/12/14 00:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
    [2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 04:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
    [2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/03/09 18:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

    ========== LOP Check ==========

    [2008/03/30 15:13:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\IC Capture.AS 2.0
    [2009/06/26 12:49:28 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\muvee Technologies
    [2007/12/31 11:03:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PlayFirst
    [2009/12/09 22:34:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Tific
    [2008/04/13 08:28:23 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WildTangent
    [2010/10/31 22:24:11 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2010/10/31 22:57:00 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{0292EF70-F177-4E15-8028-F4A865A0A14B}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < :OTL >

    < O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found. >

    < O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. >

    < O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.) >
    Invalid Switch: ultrashim.cab (Reg Error: Key error.)


    < O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) >
    Invalid Switch: gp.cab (Reg Error: Key error.)


    < O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found >

    < >

    < >

    < :Services >

    < >

    < :Reg >

    < [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] >

    < "DisableMonitoring" =- >

    < [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] >

    < "DisableMonitoring" =- >

    < [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] >

    < "DisableMonitoring" =- >

    < >

    < :Files >

    < >

    < :Commands >

    < [purity] >

    < [emptytemp] >

    < [emptyflash] >

    < [Reboot] >

    < End of report >
     
  21. mb2cotter

    mb2cotter TS Rookie Topic Starter Posts: 49

    Results of screen317's Security Check version 0.99.5
    Windows Vista Service Pack 2 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Norton AntiVirus
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 22
    Java(TM) SE Runtime Environment 6
    Java(TM) 6 Update 7
    Out of date Java installed!
    Adobe Flash Player
    Adobe Reader 8.1.7
    Out of date Adobe Reader installed!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Norton ccSvcHst.exe
    ````````````````````````````````
    DNS Vulnerability Check:


    ``````````End of Log````````````
     
  22. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

  23. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    You posted wrong OTL log.
    I suppose, you pressed "Scan" button, instead of "Fix" button.
    Please, re-run OTL fix from my reply #15 and post a fix log, not scan log.

    You didn't follow another instruction from the same reply, regarding running JavaRa to remove old Java versions.

    Please, pay better attention.

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
    On this page:

    [​IMG]

    make sure, you have both boxes UN-checked AND (important!) click on Decline button.

    When done with EVERYTHING....

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how is your computer doing.
     
  24. mb2cotter

    mb2cotter TS Rookie Topic Starter Posts: 49

    Here's the correct OTL log. Sorry about that. Not sure what happened with the JavaRa deal. I know I ran it yesterday. Perhaps it didn't finish or had an error and I didn't realize it.

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\Windows\Downloaded Program Files\erma.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring deleted successfully.
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56502 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Owner
    ->Temp folder emptied: 10654768 bytes
    ->Temporary Internet Files folder emptied: 29113644 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 944 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 90 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 38.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Owner
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.17.2 log created on 11012010_185028

    Files\Folders moved on Reboot...
    C:\Users\Owner\AppData\Local\Temp\ehmsas.txt moved successfully.
    File\Folder C:\Users\Owner\AppData\Local\Temp\~DF6646.tmp not found!
    File\Folder C:\Users\Owner\AppData\Local\Temp\~DF6654.tmp not found!
    File\Folder C:\Users\Owner\AppData\Local\Temp\~DF6680.tmp not found!
    File\Folder C:\Users\Owner\AppData\Local\Temp\~DF668E.tmp not found!
    File\Folder C:\Users\Owner\AppData\Local\Temp\~DF66C8.tmp not found!
    File\Folder C:\Users\Owner\AppData\Local\Temp\~DF66D6.tmp not found!
    C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VXILL4RI\activex[1].htm moved successfully.
    C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TN96DQHB\sh26[1].html moved successfully.
    C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TN96DQHB\style-nurse[1].htc moved successfully.
    C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NN284JPE\topic155853[2].html moved successfully.
    C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M3C6SBWV\6747404[1].htm moved successfully.

    Registry entries deleted on Reboot...
     
  25. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Regarding Java, just make sure, these two are uninstalled:
    Give me a final word, when done with everything...
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.