Solved Trojan horses found by virus software but not removed - 8 steps done

[HydePryde]

Hi everyone - I thought I was doing what I was supposed to do as far as keeping my PC safe, but apparently not. My PC got slower and slower (even though I had Symantec Endpoint Protection running constantly), so I finally used Symantec to do a full scan. It came up with multiple viruses, but it was able to deal with most of those. However, it found a couple more today that it can't get rid of or quarantine. Here's an image of the viruses that Symantec found and what it did with them.
http://www.screencast.com/t/kubSWv5um
I'm also wondering if this might be related to the fact that I have this in my recovery drive:
http://www.screencast.com/t/GfjURZeoeM
When I upgraded to Windows 7 from Vista, did I somehow install into the wrong drive? If I did that, would it mean that a bunch of files that need to be monitored/scanned regularly aren't being monitored/scanned because they're on a different drive?
I'm also running into an issue that may or may not be related to these viruses where Firefox crashes constantly (I have uninstalled it, reinstalled it, and updated to Firefox 4) and also takes FOREVER to open. As in, I click the Firefox icon and wait 5-10 minutes for it to open, and sometimes even then it never does. So, of course, I get all impatient with it and click it 4 or 5 times over the course of that 10 minutes, and when it finally opens it opens 4 or 5 windows. Perhaps totally unrelated to the viruses, but I'm including that info just in case.
Thanks in advance for the help; I think I have just enough knowledge to be dangerous, so I'm afraid of screwing things up if I try to fix anything myself.
I followed the 8 steps to the best of my ability, and here are the logs. Let me know if I screwed something up and I'll do it again:

Malwarebytes:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6202

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

3/29/2011 9:08:39 AM
mbam-log-2011-03-29 (09-08-39).txt

Scan type: Quick scan
Objects scanned: 164321
Time elapsed: 6 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER:
GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-03-29 10:33:47
Windows 6.1.7600
Running: 0oettx48.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269be3c19
Reg HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application@Sources MSDMine?STacS
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269be3c19 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\eventlog\Application@Sources MSDMine?STacS

---- EOF - GMER 1.0.15 ----

DDS:
.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Corinne at 10:36:50.63 on Tue 03/29/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4094.2525 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Program Files\WTouch\WTouchService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\WTouch\WTouchUser.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray64.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\TechSmith\Jing\Jing.exe
C:\Windows\System32\StikyNot.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Users\Corinne\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\OEM02Mon.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\splwow64.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Corinne\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Corinne\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Corinne\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Corinne\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Notification Packages = scecli psqlpwd
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
mRun-x64: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray64.exe
mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
mRun-x64: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
mRun-x64: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
mRun-x64: [PLF1330] C:\Windows\PLF1330.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Corinne\AppData\Roaming\Mozilla\Firefox\Profiles\0m3ep9ul.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
FF - component: C:\Users\Corinne\AppData\Roaming\Mozilla\Firefox\Profiles\0m3ep9ul.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll
FF - component: C:\Users\Corinne\AppData\Roaming\Mozilla\Firefox\Profiles\0m3ep9ul.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll
FF - component: C:\Users\Corinne\AppData\Roaming\Mozilla\Firefox\Profiles\0m3ep9ul.default\extensions\engine@conduit.com\components\FFExternalAlert.dll
FF - component: C:\Users\Corinne\AppData\Roaming\Mozilla\Firefox\Profiles\0m3ep9ul.default\extensions\engine@conduit.com\components\RadioWMPCore.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Corinne\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\Corinne\AppData\Roaming\Mozilla\Firefox\Profiles\0m3ep9ul.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
FF - plugin: C:\Users\Corinne\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Corinne\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-10-12 55856]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe [2009-12-28 86016]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2010-12-25 1839776]
R2 TabletServicePen;TabletServicePen;C:\Windows\System32\Pen_Tablet.exe [2010-10-12 5556520]
R2 WTouchService;WTouch Service;C:\Program Files\WTouch\WTouchService.exe [2010-10-12 127784]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-10-10 132656]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-29 136176]
S3 phaudlwr;Philips Audio Filter;C:\Windows\System32\drivers\phaudlwr.sys [2008-5-7 113664]
S3 SPC1330;USB2.0 PC Camera (SPC1330);C:\Windows\System32\drivers\spc1330.sys [2008-8-28 3297920]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2010-10-12 18216]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-26 1255736]
.
=============== Created Last 30 ================
.
2011-03-29 14:15:24 521448 ----a-w- C:\Windows\System32\deployJava1.dll
2011-03-27 18:29:43 -------- d-----w- C:\Windows\pss
2011-03-27 03:12:23 -------- d-----w- C:\Tools
2011-03-27 03:12:22 -------- d-----w- C:\sources
2011-03-27 02:39:01 -------- d-----w- C:\Users\Corinne\AppData\Roaming\Auslogics
2011-03-27 02:38:36 -------- d-----w- C:\Program Files (x86)\Auslogics
2011-03-27 02:13:02 -------- d-----w- C:\Windows\en
2011-03-27 02:10:22 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2011-03-27 02:10:22 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2011-03-27 02:10:19 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2011-03-27 02:10:19 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2011-03-27 02:09:58 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\116f481f1cbec2407\DSETUP.dll
2011-03-27 02:09:58 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\116f481f1cbec2407\DXSETUP.exe
2011-03-27 02:09:58 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\116f481f1cbec2407\dsetup32.dll
2011-03-27 02:09:54 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\fff8b041cbec2406\DSETUP.dll
2011-03-27 02:09:54 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\fff8b041cbec2406\DXSETUP.exe
2011-03-27 02:09:54 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\fff8b041cbec2406\dsetup32.dll
2011-03-27 02:09:36 -------- d-----w- C:\Users\Corinne\AppData\Local\Windows Live
2011-03-25 17:00:22 453456 ----a-w- C:\Windows\SysWow64\d3dx10_41.dll
2011-03-25 17:00:22 4178264 ----a-w- C:\Windows\SysWow64\D3DX9_41.dll
2011-03-25 17:00:22 1846632 ----a-w- C:\Windows\SysWow64\D3DCompiler_41.dll
2011-03-25 17:00:21 517448 ----a-w- C:\Windows\SysWow64\XAudio2_4.dll
2011-03-25 17:00:21 22360 ----a-w- C:\Windows\SysWow64\X3DAudio1_6.dll
2011-03-25 17:00:17 -------- d-----w- C:\Program Files (x86)\Lightworks
2011-03-25 16:48:33 2851328 ----a-w- C:\Windows\System32\themeui.dll.backup
2011-03-25 16:48:32 44544 ----a-w- C:\Windows\System32\themeservice.dll.backup
2011-03-25 16:48:31 332288 ----a-w- C:\Windows\System32\uxtheme.dll.backup
2011-03-20 00:05:00 -------- d-----w- C:\Users\Corinne\AppData\Local\Easy CD-DA Extractor
2011-03-20 00:04:50 -------- d-----w- C:\PROGRA~3\Easy CD-DA Extractor
2011-03-20 00:04:47 -------- d-----w- C:\Program Files\Easy CD-DA Extractor 2010
2011-03-19 22:32:53 -------- d-----w- C:\Users\Corinne\AppData\Local\FLVService
2011-03-19 22:32:42 -------- d-----w- C:\Windows\Freecorder
2011-03-19 22:31:12 -------- d-----w- C:\Program Files\iPod
2011-03-19 22:31:07 -------- d-----w- C:\Program Files\iTunes
2011-03-19 22:28:18 -------- d-----w- C:\Program Files (x86)\ConvertHelper
2011-03-19 22:26:42 -------- d-----w- C:\Users\Corinne\dwhelper
2011-03-18 15:17:44 723968 ----a-w- C:\Windows\System32\EncDec.dll
2011-03-18 15:17:43 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2011-03-18 15:17:42 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2011-03-18 15:17:41 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-03-18 15:17:40 1118720 ----a-w- C:\Windows\System32\sbe.dll
2011-03-18 15:17:39 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
2011-03-18 15:17:38 850432 ----a-w- C:\Windows\SysWow64\sbe.dll
2011-03-18 15:17:37 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2011-03-18 15:17:33 3138048 ----a-w- C:\Windows\System32\mstscax.dll
2011-03-18 15:17:33 2690560 ----a-w- C:\Windows\SysWow64\mstscax.dll
2011-03-18 15:17:32 1097216 ----a-w- C:\Windows\System32\mstsc.exe
2011-03-18 15:17:32 1034240 ----a-w- C:\Windows\SysWow64\mstsc.exe
2011-03-09 12:37:22 -------- d-----w- C:\Users\Corinne\AppData\Roaming\crawl
2011-03-09 12:35:14 -------- d-----w- C:\Program Files (x86)\Crawl
2011-03-08 00:33:12 -------- d-----w- C:\Users\Corinne\AppData\Local\Evernote
2011-03-08 00:32:01 -------- d-----w- C:\Program Files (x86)\Evernote
2011-03-05 02:29:18 -------- d-----w- C:\Program Files (x86)\iTunes
2011-03-05 02:23:10 -------- d-----w- C:\Program Files\Bonjour
2011-03-05 02:23:10 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-03-03 23:18:11 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2011-03-03 23:18:04 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
.
==================== Find3M ====================
.
2011-03-29 14:17:49 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-03-25 16:48:33 2851328 ----a-w- C:\Windows\System32\themeui.dll
2011-03-25 16:48:32 44544 ----a-w- C:\Windows\System32\themeservice.dll
2011-03-25 16:48:31 332288 ----a-w- C:\Windows\System32\uxtheme.dll
2011-02-18 22:36:58 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2011-02-18 22:36:58 4184352 ----a-w- C:\Windows\System32\usbaaplrc.dll
2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll
2011-01-07 08:07:24 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-01-07 08:07:24 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-07 07:31:10 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-01-07 07:31:10 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll
2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 10:37:54.82 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 12/27/2009 1:33:49 PM
System Uptime: 3/29/2011 8:55:58 AM (2 hours ago)
.
Motherboard: Dell Inc. | | 0U8042
Processor: Intel(R) Core(TM)2 Duo CPU T8100 @ 2.10GHz | Microprocessor | 2101/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 285 GiB total, 81.563 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 0.054 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: HID-compliant mouse
Device ID: HID\VID_0A5C&PID_4503&COL01\7&2000BAC2&0&0000
Manufacturer: Microsoft
Name: HID-compliant mouse
PNP Device ID: HID\VID_0A5C&PID_4503&COL01\7&2000BAC2&0&0000
Service: mouhid
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe Acrobat Connect Add-in
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Photoshop Elements 7.0
Adobe Shockwave Player 11.5
Akamai NetSession Interface
Apple Application Support
Apple Software Update
Auslogics Disk Defrag
Bamboo
Barnes & Noble Desktop Reader
CamStudio
Character Builder
ConvertHelper 2.2
Cubis Gold 2
D3DX10
Dell Driver Download Manager
DivX Setup
Dropbox
Dungeon Crawl Stone Soup
Easy CD-DA Extractor 2010
Epson Event Manager
Epson FAX Utility
Epson PC-FAX Driver
EPSON Scan
EpsonNet Print
EpsonNet Setup
Evernote v. 4.2.3
Foxit Reader
Google Apps
Google Chrome
Google Talk Plugin
Google Update Helper
Java Auto Updater
Java(TM) 6 Update 24
Jing
LiveUpdate 3.3 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozaki Blocks Deluxe
Mozilla Firefox 4.0 (x86 en-US)
MSVCRT
Pdf995
Picasa 3
QuickTime
RICOH R5C83x/84x Media Driver Ver.3.53.02
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SigmaTel Audio
Skype™ 5.0
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Uplink Demo (remove only)
VC80CRTRedist - 8.0.50727.4053
WebTablet IE Plugin
WebTablet Netscape Plugin
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
XPS2OneNote
Xvid 1.2.1 final uninstall
.
==== Event Viewer Messages From Past Week ========
.
3/29/2011 8:52:50 AM, Error: Service Control Manager [7031] - The Symantec Settings Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
3/29/2011 8:52:50 AM, Error: Service Control Manager [7031] - The Symantec Event Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 200 milliseconds: Restart the service.
3/29/2011 1:29:07 AM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
3/27/2011 10:45:42 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WTouchService service.
3/26/2011 9:35:14 PM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.
3/26/2011 8:22:38 PM, Error: Service Control Manager [7034] - The Amazon Unbox Video Service service terminated unexpectedly. It has done this 1 time(s).
3/26/2011 11:54:53 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort1.
3/25/2011 3:45:23 PM, Error: Service Control Manager [7023] - The WMI Performance Adapter service terminated with the following error: %%-2147467259
.
==== End Of File ===========================

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================================================

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

======================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[HydePryde]

Hi Broni! Thanks so much for the help! I ran both programs, and I'm pasting the log files below. When ComboFix restarted my computer, my antivirus programs automatically re-enabled themselves before ComboFix created the log file. Is that ok?

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: XPS M1330
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 175):
0x02C17000 \SystemRoot\system32\ntoskrnl.exe
0x031F4000 \SystemRoot\system32\hal.dll
0x00BB1000 \SystemRoot\system32\kdcom.dll
0x00C5C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CA0000 \SystemRoot\system32\PSHED.dll
0x00CB4000 \SystemRoot\system32\CLFS.SYS
0x00D12000 \SystemRoot\system32\CI.dll
0x00E86000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F2A000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F39000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F90000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F99000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00FA3000 \SystemRoot\system32\DRIVERS\pci.sys
0x00FD6000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00FE3000 \SystemRoot\System32\drivers\partmgr.sys
0x00E00000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E09000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E15000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00E2A000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FF8000 \SystemRoot\system32\DRIVERS\intelide.sys
0x00DD2000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00DE2000 \SystemRoot\System32\drivers\mountmgr.sys
0x00C00000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00C09000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00C33000 \SystemRoot\system32\DRIVERS\msahci.sys
0x00C3E000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01017000 \SystemRoot\system32\drivers\fltmgr.sys
0x01063000 \SystemRoot\system32\drivers\fileinfo.sys
0x01077000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01204000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01084000 \SystemRoot\System32\Drivers\msrpc.sys
0x013A7000 \SystemRoot\System32\Drivers\ksecdd.sys
0x010E2000 \SystemRoot\System32\Drivers\cng.sys
0x013C1000 \SystemRoot\System32\drivers\pcw.sys
0x013D2000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01463000 \SystemRoot\system32\drivers\ndis.sys
0x01555000 \SystemRoot\system32\drivers\NETIO.SYS
0x015B5000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01603000 \SystemRoot\System32\drivers\tcpip.sys
0x01400000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01155000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0144A000 \SystemRoot\System32\Drivers\spldr.sys
0x011A1000 \SystemRoot\System32\drivers\rdyboost.sys
0x015E0000 \SystemRoot\System32\Drivers\mup.sys
0x015F2000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01848000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01882000 \SystemRoot\system32\DRIVERS\disk.sys
0x01898000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01900000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x0192A000 \SystemRoot\System32\Drivers\SRTSP64.SYS
0x02C00000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
0x019C0000 \SystemRoot\System32\Drivers\SRTSPX64.SYS
0x02DF4000 \SystemRoot\System32\Drivers\Null.SYS
0x019D4000 \SystemRoot\System32\Drivers\Beep.SYS
0x019DB000 \SystemRoot\System32\drivers\vga.sys
0x01800000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01825000 \SystemRoot\System32\drivers\watchdog.sys
0x01835000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0183E000 \SystemRoot\system32\drivers\rdpencdd.sys
0x019E9000 \SystemRoot\system32\drivers\rdprefmp.sys
0x019F2000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01452000 \SystemRoot\System32\Drivers\Npfs.SYS
0x013DC000 \SystemRoot\system32\DRIVERS\tdx.sys
0x011DB000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03A6C000 \SystemRoot\system32\drivers\afd.sys
0x03AF6000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03B3B000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03B44000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03B6A000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03B80000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03B8F000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03BAA000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03A00000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03A51000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03A5D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03C8E000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
0x03D04000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x03D29000 \SystemRoot\System32\drivers\discache.sys
0x03D38000 \SystemRoot\System32\Drivers\dfsc.sys
0x03D56000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03D67000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03D8D000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x04879000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x03E4D000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03F41000 \SystemRoot\System32\drivers\dxgmms1.sys
0x03F87000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x03F94000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03FEA000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03E00000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x0401B000 \SystemRoot\system32\DRIVERS\bcmwl664.sys
0x042C3000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x042D0000 \SystemRoot\system32\DRIVERS\b57nd60a.sys
0x04318000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x04356000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x04376000 \SystemRoot\system32\DRIVERS\rimmpx64.sys
0x0438A000 \SystemRoot\system32\DRIVERS\rimspx64.sys
0x043A1000 \SystemRoot\system32\DRIVERS\rixdpx64.sys
0x03E24000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x04000000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x051C2000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x051D1000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x0400F000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x03E42000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x051DE000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x04014000 \SystemRoot\system32\DRIVERS\wacomvhid.sys
0x04800000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x04819000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x04822000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04838000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x0485C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03DA3000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03DD2000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03C00000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03C21000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04017000 \SystemRoot\system32\DRIVERS\swenum.sys
0x03C3B000 \SystemRoot\system32\DRIVERS\ks.sys
0x051EE000 \SystemRoot\system32\DRIVERS\umbus.sys
0x05604000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0565E000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x0566B000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys
0x05673000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05688000 \SystemRoot\system32\drivers\stwrt64.sys
0x056EC000 \SystemRoot\system32\drivers\portcls.sys
0x05729000 \SystemRoot\system32\drivers\drmk.sys
0x0574B000 \SystemRoot\system32\drivers\ksthunk.sys
0x05751000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0575F000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x0576B000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x05776000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x05789000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x057A6000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x057A8000 \SystemRoot\System32\Drivers\usbvideo.sys
0x057D6000 \SystemRoot\system32\drivers\usbaudio.sys
0x03BBE000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x0606F000 \SystemRoot\System32\Drivers\bthport.sys
0x060FB000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x06109000 \SystemRoot\system32\DRIVERS\KMWDFILTER.sys
0x06115000 \SystemRoot\System32\Drivers\tcusb.sys
0x06128000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x06136000 \SystemRoot\system32\DRIVERS\OEM02Dev.sys
0x06178000 \SystemRoot\system32\DRIVERS\OEM02Vfx.sys
0x06181000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x061AD000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x061BD000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x00000000 \SystemRoot\System32\win32k.sys
0x061DD000 \SystemRoot\System32\drivers\Dxapi.sys
0x061E9000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00580000 \SystemRoot\System32\TSDDD.dll
0x00740000 \SystemRoot\System32\cdd.dll
0x06000000 \SystemRoot\system32\drivers\luafv.sys
0x06023000 \SystemRoot\system32\drivers\WudfPf.sys
0x06044000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x06CE0000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x06D33000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x06D46000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x06D5E000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x06C00000 \SystemRoot\system32\drivers\HTTP.sys
0x06D68000 \SystemRoot\system32\DRIVERS\bowser.sys
0x06D86000 \SystemRoot\System32\drivers\mpsdrv.sys
0x06D9E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x06E28000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x06E76000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x06E99000 \SystemRoot\system32\drivers\peauth.sys
0x06F3F000 \SystemRoot\System32\Drivers\secdrv.SYS
0x06F4A000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x06F77000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06F89000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07896000 \SystemRoot\System32\DRIVERS\srv.sys
0x0792C000 \SystemRoot\System32\Drivers\fastfat.SYS
0x02C36000 \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20110329.040\EX64.SYS
0x07800000 \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20110329.040\ENG64.SYS
0x07820000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x77360000 \Windows\System32\ntdll.dll
0x48270000 \Windows\System32\smss.exe
0xFF680000 \Windows\System32\apisetschema.dll

Processes (total 82):
0 System Idle Process
4 System
228 C:\Windows\System32\smss.exe
376 csrss.exe
436 csrss.exe
444 C:\Windows\System32\wininit.exe
492 C:\Windows\System32\winlogon.exe
536 C:\Windows\System32\services.exe
552 C:\Windows\System32\lsass.exe
560 C:\Windows\System32\lsm.exe
664 C:\Windows\System32\svchost.exe
728 C:\Windows\System32\nvvsvc.exe
764 C:\Windows\System32\svchost.exe
872 C:\Windows\System32\svchost.exe
912 C:\Windows\System32\svchost.exe
952 C:\Windows\System32\svchost.exe
380 C:\Windows\System32\svchost.exe
936 C:\Windows\System32\rundll32.exe
1008 C:\Program Files\WTouch\WTouchService.exe
1032 C:\Windows\System32\wisptis.exe
1248 C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
1404 C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
1624 C:\Windows\System32\svchost.exe
1704 C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
1924 C:\Windows\System32\spoolsv.exe
1188 C:\Windows\System32\svchost.exe
1460 C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
2056 C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
2112 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe
2136 C:\Windows\SysWOW64\svchost.exe
2156 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2184 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
2220 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
2264 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
2284 C:\Windows\System32\svchost.exe
2332 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\stacsv64.exe
2384 C:\Windows\System32\svchost.exe
2484 C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
2552 C:\Windows\System32\Pen_Tablet.exe
2624 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2784 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3012 C:\Windows\System32\taskhost.exe
2468 C:\Windows\System32\wisptis.exe
2764 C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
1128 C:\Program Files\WTouch\WTouchUser.exe
1140 C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe
3316 C:\Windows\System32\WTablet\Pen_TabletUser.exe
3352 C:\Windows\System32\Pen_Tablet.exe
3596 C:\Windows\System32\svchost.exe
3692 C:\Windows\System32\svchost.exe
3940 C:\Windows\System32\rundll32.exe
2752 C:\Windows\System32\dwm.exe
1804 C:\Windows\explorer.exe
4048 C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
3572 C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
1568 C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray64.exe
3484 C:\Windows\System32\rundll32.exe
3184 C:\Windows\System32\rundll32.exe
3812 C:\Program Files (x86)\TechSmith\Jing\Jing.exe
4032 C:\Windows\System32\StikyNot.exe
3068 C:\Users\Corinne\AppData\Roaming\Dropbox\bin\Dropbox.exe
4148 C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
4176 C:\Windows\OEM02Mon.exe
4200 C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
4272 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
4372 C:\Windows\System32\SearchIndexer.exe
4748 C:\Program Files\Windows Media Player\wmpnetwk.exe
2324 C:\Windows\System32\svchost.exe
1304 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
4644 dllhost.exe
1808 C:\Windows\System32\svchost.exe
3888 C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
2732 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
3584 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
4212 C:\Windows\System32\svchost.exe
3772 C:\Windows\splwow64.exe
2036 C:\Windows\System32\SearchProtocolHost.exe
384 C:\Windows\System32\SearchFilterHost.exe
1072 C:\Windows\System32\audiodg.exe
4896 C:\Users\Corinne\Desktop\MBRCheck.exe
4428 C:\Windows\System32\conhost.exe
3292 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`85f00000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`05f00000 (NTFS)

PhysicalDrive0 Model Number: ST9320320AS, Rev: DE04

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

ComboFix 11-03-29.05 - Corinne 03/30/2011 8:20.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4094.2627 [GMT -5:00]
Running from: c:\users\Corinne\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-30 )))))))))))))))))))))))))))))))
.
.
2011-03-30 13:30 . 2011-03-30 13:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-30 13:16 . 2011-03-30 13:16 -------- d-----w- C:\32788R22FWJFW
2011-03-29 14:18 . 2011-03-29 14:18 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-03-29 14:15 . 2011-03-29 14:15 521448 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-29 14:15 . 2011-03-29 14:15 -------- d-----w- c:\program files\Java
2011-03-27 03:12 . 2011-03-27 03:12 -------- d-----w- C:\Tools
2011-03-27 03:12 . 2011-03-27 03:12 -------- d-----w- C:\sources
2011-03-27 02:39 . 2011-03-27 02:39 -------- d-----w- c:\users\Corinne\AppData\Roaming\Auslogics
2011-03-27 02:38 . 2011-03-27 02:38 -------- d-----w- c:\program files (x86)\Auslogics
2011-03-27 02:13 . 2011-03-27 02:13 -------- d-----w- c:\windows\en
2011-03-27 02:10 . 2009-09-04 22:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
2011-03-27 02:10 . 2009-09-04 22:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2011-03-27 02:10 . 2009-09-04 22:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2011-03-27 02:10 . 2009-09-04 22:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-03-27 02:09 . 2011-03-27 02:09 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\116f481f1cbec2407\DSETUP.dll
2011-03-27 02:09 . 2011-03-27 02:09 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\116f481f1cbec2407\DXSETUP.exe
2011-03-27 02:09 . 2011-03-27 02:09 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\116f481f1cbec2407\dsetup32.dll
2011-03-27 02:09 . 2011-03-27 02:09 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\fff8b041cbec2406\DSETUP.dll
2011-03-27 02:09 . 2011-03-27 02:09 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\fff8b041cbec2406\DXSETUP.exe
2011-03-27 02:09 . 2011-03-27 02:09 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\fff8b041cbec2406\dsetup32.dll
2011-03-27 02:09 . 2011-03-27 02:09 -------- d-----w- c:\users\Corinne\AppData\Local\Windows Live
2011-03-25 17:00 . 2009-03-09 20:27 453456 ----a-w- c:\windows\SysWow64\d3dx10_41.dll
2011-03-25 17:00 . 2009-03-09 20:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll
2011-03-25 17:00 . 2009-03-09 20:27 1846632 ----a-w- c:\windows\SysWow64\D3DCompiler_41.dll
2011-03-25 17:00 . 2009-03-16 19:18 517448 ----a-w- c:\windows\SysWow64\XAudio2_4.dll
2011-03-25 17:00 . 2009-03-16 19:18 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_6.dll
2011-03-25 17:00 . 2011-03-25 17:00 -------- d-----w- c:\program files (x86)\Lightworks
2011-03-25 16:48 . 2009-07-14 01:41 2851328 ----a-w- c:\windows\system32\themeui.dll.backup
2011-03-25 16:48 . 2009-07-14 01:41 44544 ----a-w- c:\windows\system32\themeservice.dll.backup
2011-03-25 16:48 . 2009-07-14 01:41 332288 ----a-w- c:\windows\system32\uxtheme.dll.backup
2011-03-20 00:05 . 2011-03-20 00:05 -------- d-----w- c:\users\Corinne\AppData\Local\Easy CD-DA Extractor
2011-03-20 00:04 . 2011-03-20 00:04 -------- d-----w- c:\programdata\Easy CD-DA Extractor
2011-03-20 00:04 . 2011-03-20 00:04 -------- d-----w- c:\program files\Easy CD-DA Extractor 2010
2011-03-19 22:32 . 2011-03-25 18:19 -------- d-----w- c:\users\Corinne\AppData\Local\FLVService
2011-03-19 22:32 . 2011-03-19 22:32 -------- d-----w- c:\windows\Freecorder
2011-03-19 22:31 . 2011-03-19 22:31 -------- d-----w- c:\program files\iPod
2011-03-19 22:31 . 2011-03-19 22:32 -------- d-----w- c:\program files\iTunes
2011-03-19 22:28 . 2011-03-19 22:28 -------- d-----w- c:\program files (x86)\ConvertHelper
2011-03-19 22:26 . 2011-03-19 22:26 -------- d-----w- c:\users\Corinne\dwhelper
2011-03-18 15:17 . 2010-12-23 06:07 723968 ----a-w- c:\windows\system32\EncDec.dll
2011-03-18 15:17 . 2010-12-23 06:07 961024 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-18 15:17 . 2010-12-23 05:28 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2011-03-18 15:17 . 2010-12-23 05:28 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-03-18 15:17 . 2010-12-23 06:07 1118720 ----a-w- c:\windows\system32\sbe.dll
2011-03-18 15:17 . 2010-12-23 06:02 259072 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-18 15:17 . 2010-12-23 05:28 850432 ----a-w- c:\windows\SysWow64\sbe.dll
2011-03-18 15:17 . 2010-12-23 05:24 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2011-03-18 15:17 . 2010-12-18 06:12 3138048 ----a-w- c:\windows\system32\mstscax.dll
2011-03-18 15:17 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\SysWow64\mstscax.dll
2011-03-18 15:17 . 2010-12-18 06:08 1097216 ----a-w- c:\windows\system32\mstsc.exe
2011-03-18 15:17 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\SysWow64\mstsc.exe
2011-03-09 12:37 . 2011-03-09 12:37 -------- d-----w- c:\users\Corinne\AppData\Roaming\crawl
2011-03-09 12:35 . 2011-03-09 12:35 -------- d-----w- c:\program files (x86)\Crawl
2011-03-08 00:33 . 2011-03-08 00:33 -------- d-----w- c:\users\Corinne\AppData\Local\Evernote
2011-03-08 00:32 . 2011-03-08 00:32 -------- d-----w- c:\program files (x86)\Evernote
2011-03-05 02:29 . 2011-03-19 22:32 -------- d-----w- c:\program files (x86)\iTunes
2011-03-05 02:23 . 2011-03-05 02:23 -------- d-----w- c:\program files\Bonjour
2011-03-05 02:23 . 2011-03-05 02:23 -------- d-----w- c:\program files (x86)\Bonjour
2011-03-03 23:18 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2011-03-03 23:18 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-29 14:17 . 2010-06-18 15:01 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-03-27 07:56 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-25 16:48 . 2009-07-13 23:54 2851328 ----a-w- c:\windows\system32\themeui.dll
2011-03-25 16:48 . 2009-07-13 23:54 44544 ----a-w- c:\windows\system32\themeservice.dll
2011-03-25 16:48 . 2009-07-13 23:55 332288 ----a-w- c:\windows\system32\uxtheme.dll
2011-02-18 22:36 . 2011-02-18 22:36 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-02-18 22:36 . 2011-02-18 22:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-01-26 06:53 . 2011-02-09 21:21 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-26 06:53 . 2011-02-09 21:21 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-01-26 06:31 . 2011-02-09 21:21 144384 ----a-w- c:\windows\system32\cdd.dll
2011-01-07 08:07 . 2011-02-23 14:29 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-07 08:07 . 2011-02-23 14:29 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-07 08:06 . 2011-02-09 21:21 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 07:31 . 2011-02-23 14:29 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-01-07 07:31 . 2011-02-23 14:29 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-01-07 07:27 . 2011-02-09 21:21 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-01-07 05:49 . 2011-02-09 21:21 366080 ----a-w- c:\windows\system32\atmfd.dll
2011-01-07 05:33 . 2011-02-09 21:21 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-01-05 06:20 . 2011-02-09 21:21 612352 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 05:37 . 2011-02-09 21:21 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-01-05 04:00 . 2011-02-09 21:22 3127808 ----a-w- c:\windows\system32\win32k.sys
.
.
------- Sigcheck -------
.
[7] 2009-10-31 . B8EC4BD49CE8F6FC457721BFC210B67F . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[-] 2009-10-31 . 3623CD5F2FC258979EC1778177353389 . 2870272 . . [6.1.7600.16385] .. c:\windows\explorer.exe
[7] 2009-10-31 . 9AAAEC8DAC27AA17B053E6352AD233AE . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[7] 2009-08-03 . 700073016DAC1C3D2E7E2CE4223334B6 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[7] 2009-08-03 . F170B4A061C9E026437B193B4D571799 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[7] 2009-07-14 . C235A51CB740E45FFA0EBFB9BAFCDA64 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Corinne\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Corinne\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Corinne\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Jing"="c:\program files (x86)\TechSmith\Jing\Jing.exe" [2010-08-19 3069192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2010-12-26 115560]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\users\Corinne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Corinne\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2011-3-7 969216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-18 136176]
R3 phaudlwr;Philips Audio Filter;c:\windows\system32\DRIVERS\phaudlwr.sys [x]
R3 SPC1330;USB2.0 PC Camera (SPC1330);c:\windows\system32\DRIVERS\spc1330.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe [2007-09-20 86016]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [x]
S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-23 127784]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-09-16 132656]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-29 17:35]
.
2011-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-29 17:35]
.
2011-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2709303148-4094869866-1168905991-1000Core.job
- c:\users\Corinne\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-27 22:27]
.
2011-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2709303148-4094869866-1168905991-1000UA.job
- c:\users\Corinne\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-27 22:27]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\Corinne\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\Corinne\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\Corinne\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-09-10 21:50 3380736 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-09-10 21:50 3380736 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF14103.cfxxe" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-04 15872032]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-04 82464]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-09-04 89120]
"PLF1330"="c:\windows\PLF1330.exe" [2008-07-10 40960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
FF - ProfilePath - c:\users\Corinne\AppData\Roaming\Mozilla\Firefox\Profiles\0m3ep9ul.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
SafeBoot-Symantec Antvirus
HKLM-Run-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray64.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Adobe Acrobat Connect Add-in - c:\users\Corinne\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin\connectaddin.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
.
**************************************************************************
.
Completion time: 2011-03-30 08:43:13 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-30 13:43
.
Pre-Run: 87,498,022,912 bytes free
Post-Run: 87,241,342,976 bytes free
.
- - End Of File - - BE4AB1FE0BA0F86B2985663E1DEA3267

 

[Broni]

You did fine

So far, all looks clean.

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[HydePryde]

Well, it won't let me paste them because it says that "The text you have entered is too long," so I'm attaching a Word file with the text of both logs. Thanks

 

[Broni]

No, split the log between couple of replies.

 

[HydePryde]

I tried that the first time around but just the first log by itself is too long. I'm just going to put the first little piece of the first log file here, then do separate posts for the rest.

OTL logfile created on: 3/30/2011 5:47:33 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Corinne\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

[HydePryde]

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 63.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.50 Gb Total Space | 80.72 Gb Free Space | 28.27% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 0.05 Gb Free Space | 0.54% Space Free | Partition Type: NTFS

Computer Name: CORINNE-PC | User Name: Corinne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/30 17:46:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Corinne\Desktop\OTL.exe
PRC - [2010/12/25 20:30:41 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2010/12/25 20:30:39 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2010/12/25 20:30:08 | 001,839,776 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010/12/25 20:30:07 | 000,050,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
PRC - [2010/08/19 16:23:10 | 003,069,192 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Jing\Jing.exe
PRC - [2010/02/26 00:10:20 | 021,979,992 | ---- | M] () -- C:\Users\Corinne\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2007/05/09 17:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe


========== Modules (SafeList) ==========

MOD - [2011/03/30 17:46:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Corinne\Desktop\OTL.exe
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/11/23 18:53:58 | 000,127,784 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV:64bit: - [2009/11/23 18:53:54 | 005,556,520 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/02/15 18:25:42 | 000,122,880 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\stacsv64.exe -- (STacSV)
SRV:64bit: - [2007/09/20 15:31:22 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe -- (AESTFilters)
SRV - [2011/03/29 18:11:45 | 003,229,784 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_a35e6b9.dll -- (Akamai)
SRV - [2010/12/25 20:30:41 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/12/25 20:30:41 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010/12/25 20:30:16 | 003,249,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010/12/25 20:30:10 | 000,428,912 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
SRV - [2010/12/25 20:30:08 | 001,839,776 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/10/12 13:16:06 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/09/07 17:05:51 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2007/12/17 05:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/01/11 05:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/02/18 17:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/12/25 20:34:16 | 000,173,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/12/25 20:30:44 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
DRV:64bit: - [2010/12/25 20:30:44 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2010/12/25 20:30:43 | 000,449,072 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/07/12 13:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/08/27 17:06:34 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2009/07/24 01:11:08 | 000,063,504 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tcusb.sys -- (TcUsb)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/08 00:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/20 13:54:06 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/29 17:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2008/08/28 03:09:58 | 003,297,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\spc1330.sys -- (SPC1330) USB2.0 PC Camera (SPC1330)
DRV:64bit: - [2008/05/07 10:40:14 | 000,113,664 | ---- | M] (Philips Applied Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\phaudlwr.sys -- (phaudlwr)
DRV:64bit: - [2008/02/15 18:27:02 | 000,393,216 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2007/10/10 17:03:00 | 000,266,624 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV:64bit: - [2007/03/26 19:48:24 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/03/19 12:09:36 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2007/03/05 10:55:48 | 000,012,288 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV:64bit: - [2007/02/27 16:10:38 | 000,053,760 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2007/02/16 13:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2011/03/19 13:21:52 | 001,791,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110330.003\EX64.SYS -- (NAVEX15)
DRV - [2011/03/19 13:21:51 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110330.003\ENG64.SYS -- (NAVENG)
DRV - [2010/12/25 20:30:44 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2010/12/25 20:30:44 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2010/12/25 20:30:43 | 000,449,072 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2010/09/16 13:48:02 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/09/16 13:48:02 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2709303148-4094869866-1168905991-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2709303148-4094869866-1168905991-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EB F6 D8 B2 FC C6 CB 01 [binary data]
IE - HKU\S-1-5-21-2709303148-4094869866-1168905991-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2709303148-4094869866-1168905991-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en"
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:5.0.1
FF - prefs.js..extensions.enabledItems: bettergmail2@ginatrapani.org:1.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {5F590AA2-1221-4113-A6F4-A4BB62414FAC}:0.45.6.20100202.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: canitbecheaper@trafficbroker.co.uk:3.0.2
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {21b88860-5e00-44dd-bdac-fca1f791837e}:0.2.0.8
FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.12.21.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.1.3
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.2.1.3

FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/03/27 03:08:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/03/22 13:01:48 | 000,000,000 | ---D | M]

[2010/06/26 20:46:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Corinne\AppData\Roaming\Mozilla\Extensions
[2011/03/27 03:19:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Corinne\AppData\Roaming\Mozilla\Firefox\Profiles\0m3ep9ul.default\extensions
[2011/03/04 23:41:01 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Corinne\AppData\Roaming\Mozilla\Firefox\Profiles\0m3ep9ul.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2010/08/04 13:02:11 | 000,000,000 | ---D | M] (SmoothWheel (mozdev.org)) -- C:\Users\Corinne\AppData\Roaming\Mozilla\Firefox\Profiles\0m3ep9ul.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
[2011/03/19 13:21:42 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Corinne\AppData\Roaming\Mozilla\Firefox\Profiles\0m3ep9ul.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/26 20:00:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Corinne\AppData\Roaming\Mozilla\Firefox\Profiles\0m3ep9ul.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/03/19 13:21:42 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Corinne\AppData\Roaming\Mozilla\Firefox\Profiles\0m3ep9ul.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011/03/04 23:41:13 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Corinne\AppData\Roaming\Mozilla\Firefox\Profiles\0m3ep9ul.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/03/19 13:21:43 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\Corinne\AppData\Roaming\Mozilla\Firefox\Profiles\0m3ep9ul.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2010/10/28 13:00:58 | 000,000,000 | ---D | M] (ActiveGS) -- C:\Users\Corinne\AppData\Roaming\Mozilla\Firefox\Profiles\0m3ep9ul.default\extensions\activegs@freetoolsassociation.com
[2011/03/04 23:41:05 | 000,000,000 | ---D | M] (InvisibleHand) -- C:\Users\Corinne\AppData\Roaming\Mozilla\Firefox\Profiles\0m3ep9ul.default\extensions\canitbecheaper@trafficbroker.co.uk
[2011/03/19 13:21:43 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Corinne\AppData\Roaming\Mozilla\Firefox\Profiles\0m3ep9ul.default\extensions\personas@christopher.beard
[2011/03/29 18:09:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/03/29 09:18:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\CORINNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0M3EP9UL.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
() (No name found) -- C:\USERS\CORINNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0M3EP9UL.DEFAULT\EXTENSIONS\FIREFOX-EXTENSION@SHAREAHOLIC.COM.XPI
[2011/03/18 12:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2011/03/29 09:17:50 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/03/30 08:37:02 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [PLF1330] C:\Windows\PLF1330.exe (sonix)
O4:64bit: - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-2709303148-4094869866-1168905991-1000..\Run: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe (TechSmith Corporation)
O4 - Startup: C:\Users\Corinne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Corinne\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Users\Corinne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2709303148-4094869866-1168905991-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2709303148-4094869866-1168905991-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\SysNative\vrlogon.dll (UPEK Inc.)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\psfus: DllName - Reg Error: Key error. - C:\Windows\SysNative\psqlpwd.dll (UPEK Inc.)
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.tscc - C:\Windows\SysWOW64\tsccvid64.dll (TechSmith Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.tscc - C:\Windows\SysWOW64\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/03/30 17:45:58 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Corinne\Desktop\OTL.exe
[2011/03/30 09:11:30 | 000,000,000 | ---D | C] -- C:\Users\Corinne\AppData\Roaming\SystemRequirementsLab
[2011/03/30 08:43:15 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/03/30 08:17:01 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/03/30 08:17:01 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/03/30 08:17:01 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/03/30 08:16:57 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/03/30 08:16:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/30 08:16:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/03/30 08:16:21 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/03/29 09:18:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/03/29 09:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/03/29 08:52:02 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Corinne\Desktop\TFC.exe
[2011/03/27 13:29:43 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/03/26 22:12:23 | 000,000,000 | ---D | C] -- C:\Tools
[2011/03/26 22:12:22 | 000,000,000 | ---D | C] -- C:\sources
[2011/03/26 21:39:01 | 000,000,000 | ---D | C] -- C:\Users\Corinne\AppData\Roaming\Auslogics
[2011/03/26 21:38:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2011/03/26 21:38:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics
[2011/03/26 21:13:02 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/03/26 21:09:36 | 000,000,000 | ---D | C] -- C:\Users\Corinne\AppData\Local\Windows Live
[2011/03/26 21:08:36 | 000,000,000 | ---D | C] -- C:\Users\Corinne\Documents\XPS
[2011/03/25 12:05:04 | 000,000,000 | ---D | C] -- C:\Users\Corinne\Documents\Desktop
[2011/03/25 12:01:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightworks
[2011/03/25 12:01:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Lightworks
[2011/03/25 12:00:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lightworks
[2011/03/19 19:05:00 | 000,000,000 | ---D | C] -- C:\Users\Corinne\AppData\Local\Easy CD-DA Extractor
[2011/03/19 19:04:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy CD-DA Extractor 2010
[2011/03/19 19:04:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Easy CD-DA Extractor
[2011/03/19 19:04:47 | 000,000,000 | ---D | C] -- C:\Program Files\Easy CD-DA Extractor 2010
[2011/03/19 17:32:53 | 000,000,000 | ---D | C] -- C:\Users\Corinne\Documents\Freecorder 4
[2011/03/19 17:32:53 | 000,000,000 | ---D | C] -- C:\Users\Corinne\AppData\Local\FLVService
[2011/03/19 17:32:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/03/19 17:32:42 | 000,000,000 | ---D | C] -- C:\Windows\Freecorder
[2011/03/19 17:31:12 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/03/19 17:31:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/03/19 17:28:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ConvertHelper
[2011/03/19 17:26:42 | 000,000,000 | ---D | C] -- C:\Users\Corinne\dwhelper
[2011/03/09 07:37:22 | 000,000,000 | ---D | C] -- C:\Users\Corinne\AppData\Roaming\crawl
[2011/03/09 07:35:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dungeon Crawl Stone Soup
[2011/03/09 07:35:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Crawl
[2011/03/07 19:33:12 | 000,000,000 | ---D | C] -- C:\Users\Corinne\AppData\Local\Evernote
[2011/03/07 19:32:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2011/03/07 19:32:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Evernote
[2011/03/04 21:29:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/03/04 21:23:10 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/03/04 21:23:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour

========== Files - Modified Within 30 Days ==========

[2011/03/30 17:46:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Corinne\Desktop\OTL.exe
[2011/03/30 17:06:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/30 16:57:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2709303148-4094869866-1168905991-1000UA.job
[2011/03/30 15:30:50 | 000,055,487 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/03/30 15:30:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/30 08:39:51 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/30 08:39:51 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/30 08:37:02 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/03/30 08:36:42 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/30 08:31:51 | 3219,677,184 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/30 08:14:55 | 004,309,030 | R--- | M] () -- C:\Users\Corinne\Desktop\ComboFix.exe
[2011/03/30 08:12:35 | 000,080,384 | ---- | M] () -- C:\Users\Corinne\Desktop\MBRCheck.exe
[2011/03/29 10:52:35 | 000,018,833 | ---- | M] () -- C:\Users\Corinne\Desktop\recovery_drive.png
[2011/03/29 10:43:29 | 000,005,471 | ---- | M] () -- C:\Users\Corinne\Desktop\viruses.csv
[2011/03/29 10:39:46 | 000,002,529 | ---- | M] () -- C:\Users\Corinne\Desktop\Attach.zip
[2011/03/29 10:35:38 | 000,625,664 | ---- | M] () -- C:\Users\Corinne\Desktop\dds.scr
[2011/03/29 09:15:39 | 000,301,568 | ---- | M] () -- C:\Users\Corinne\Desktop\0oettx48.exe
[2011/03/29 08:52:16 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Corinne\Desktop\TFC.exe
[2011/03/29 08:52:06 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2709303148-4094869866-1168905991-1000Core.job
[2011/03/07 19:33:25 | 000,001,133 | ---- | M] () -- C:\Users\Corinne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk

========== Files Created - No Company Name ==========

[2011/03/30 08:17:01 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/03/30 08:17:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/03/30 08:17:01 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/03/30 08:17:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/03/30 08:17:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/03/30 08:14:43 | 004,309,030 | R--- | C] () -- C:\Users\Corinne\Desktop\ComboFix.exe
[2011/03/30 08:12:32 | 000,080,384 | ---- | C] () -- C:\Users\Corinne\Desktop\MBRCheck.exe
[2011/03/29 10:52:35 | 000,018,833 | ---- | C] () -- C:\Users\Corinne\Desktop\recovery_drive.png
[2011/03/29 10:43:28 | 000,005,471 | ---- | C] () -- C:\Users\Corinne\Desktop\viruses.csv
[2011/03/29 10:39:46 | 000,002,529 | ---- | C] () -- C:\Users\Corinne\Desktop\Attach.zip
[2011/03/29 10:35:31 | 000,625,664 | ---- | C] () -- C:\Users\Corinne\Desktop\dds.scr
[2011/03/29 09:15:13 | 000,301,568 | ---- | C] () -- C:\Users\Corinne\Desktop\0oettx48.exe
[2011/03/27 03:08:17 | 000,001,152 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/03/26 21:12:42 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/03/26 21:12:24 | 000,001,376 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/03/07 19:33:25 | 000,001,133 | ---- | C] () -- C:\Users\Corinne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
[2010/10/27 20:39:33 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/10/27 20:39:33 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/08/31 11:03:16 | 000,040,960 | ---- | C] () -- C:\Windows\DelPiv.exe
[2010/03/29 18:37:03 | 000,010,752 | ---- | C] () -- C:\Users\Corinne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/03 14:41:49 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010/03/03 14:41:48 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2010/03/03 14:41:48 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2010/03/03 14:41:48 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2010/03/03 14:41:48 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2010/03/03 14:41:48 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2010/03/03 14:41:48 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2010/03/03 14:41:48 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2010/03/03 14:41:48 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2010/03/03 14:41:48 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2010/03/03 14:41:48 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2010/03/03 14:41:48 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2010/03/03 14:41:48 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2010/03/03 14:41:48 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2010/03/03 14:41:48 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2010/03/03 14:41:48 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2010/03/03 14:39:50 | 000,000,063 | ---- | C] () -- C:\Windows\EPWF610.ini
[2010/01/10 10:24:13 | 000,000,092 | ---- | C] () -- C:\Windows\wpd99.drv
[2010/01/10 10:24:10 | 000,047,616 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll
[2010/01/05 14:56:32 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/28 20:26:35 | 000,055,487 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/12/28 19:13:46 | 000,055,487 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/06/17 11:04:00 | 000,851,968 | ---- | C] () -- C:\Windows\SysWow64\Dll_Volume_Ctrl.dll

========== LOP Check ==========

[2010/09/29 10:44:28 | 000,000,000 | ---D | M] -- C:\Users\Corinne\AppData\Roaming\.minecraft
[2011/03/26 21:39:01 | 000,000,000 | ---D | M] -- C:\Users\Corinne\AppData\Roaming\Auslogics
[2010/08/14 10:05:02 | 000,000,000 | ---D | M] -- C:\Users\Corinne\AppData\Roaming\Barnes & Noble
[2011/03/09 07:37:22 | 000,000,000 | ---D | M] -- C:\Users\Corinne\AppData\Roaming\crawl
[2011/03/30 09:20:46 | 000,000,000 | ---D | M] -- C:\Users\Corinne\AppData\Roaming\Dropbox
[2010/03/03 15:21:21 | 000,000,000 | ---D | M] -- C:\Users\Corinne\AppData\Roaming\Epson
[2009/12/30 09:29:26 | 000,000,000 | ---D | M] -- C:\Users\Corinne\AppData\Roaming\Foxit
[2010/11/24 13:44:51 | 000,000,000 | ---D | M] -- C:\Users\Corinne\AppData\Roaming\Foxit Software
[2010/08/27 10:22:08 | 000,000,000 | ---D | M] -- C:\Users\Corinne\AppData\Roaming\OpenOffice.org
[2010/01/10 10:25:54 | 000,000,000 | ---D | M] -- C:\Users\Corinne\AppData\Roaming\pdf995
[2011/03/03 18:25:06 | 000,000,000 | ---D | M] -- C:\Users\Corinne\AppData\Roaming\PrimoPDF
[2011/03/30 09:11:30 | 000,000,000 | ---D | M] -- C:\Users\Corinne\AppData\Roaming\SystemRequirementsLab
[2010/10/12 09:26:09 | 000,000,000 | ---D | M] -- C:\Users\Corinne\AppData\Roaming\WTouch
[2010/06/21 15:20:52 | 000,025,420 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/05/24 17:54:10 | 000,006,129 | ---- | M] () -- C:\0x0409.ini
[2010/05/24 17:54:14 | 001,896,960 | ---- | M] () -- C:\Amazon Unbox Video.msi
[2009/07/13 20:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009/12/27 16:45:16 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/03/30 08:43:13 | 000,022,589 | ---- | M] () -- C:\ComboFix.txt
[2008/10/23 02:50:17 | 000,004,875 | RH-- | M] () -- C:\dell.sdr
[2009/12/11 15:55:39 | 001,331,029 | ---- | M] () -- C:\directory.txt
[2010/09/27 11:12:08 | 000,000,090 | ---- | M] () -- C:\error.log
[2011/03/30 08:31:51 | 3219,677,184 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/04 12:06:15 | 000,000,528 | R--- | M] () -- C:\MediaID.bin
[2006/12/01 23:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2011/03/30 08:31:59 | 4292,907,008 | -HS- | M] () -- C:\pagefile.sys
[2007/11/07 08:50:40 | 001,927,956 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:53:12 | 000,242,176 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\Fonts\*.com >
[2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 15:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/09/23 00:32:56 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2010/05/02 08:10:02 | 000,001,670 | -HS- | M] () -- C:\Users\Corinne\AppData\Roaming\Microsoft\LastFlashConfig.wfc

< %PROGRAMFILES%\*.* >
[2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >
[2010/05/24 17:57:34 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\IsolatedStorage\5xyg3bo1.pd1\1qd2zmrm.sn0\Url.udynpsygivp3gt3szhdxwfdfjmzqp5t0\Url.y115muuzdi3qxix11mkqpehmywhq4upe\Files\bak

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/12/27 17:25:50 | 000,000,221 | -HS- | M] () -- C:\Users\Corinne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/03/29 09:15:39 | 000,301,568 | ---- | M] () -- C:\Users\Corinne\Desktop\0oettx48.exe
[2011/03/30 08:14:55 | 004,309,030 | R--- | M] () -- C:\Users\Corinne\Desktop\ComboFix.exe
[2011/03/29 09:16:53 | 016,754,464 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Corinne\Desktop\jre-6u24-windows-i586-s.exe
[2011/03/30 08:12:35 | 000,080,384 | ---- | M] () -- C:\Users\Corinne\Desktop\MBRCheck.exe
[2011/03/30 17:46:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Corinne\Desktop\OTL.exe
[2011/03/29 08:52:16 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Corinne\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2010/01/12 14:37:42 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2010/01/12 14:37:42 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2010/01/12 14:37:42 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2010/01/12 14:37:42 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2010/01/12 14:37:42 | 000,786,432 | ---- | M] () -- C:\Windows\security\database\edbtmp.log
[2010/01/12 14:37:42 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/11/26 13:58:19 | 000,000,402 | -HS- | M] () -- C:\Users\Corinne\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/03/30 15:30:50 | 000,055,487 | ---- | M] () -- C:\ProgramData\nvModes.001

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:4769CB2A

< End of report >

 

[HydePryde]

OTL Extras logfile created on: 3/30/2011 5:47:33 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Corinne\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 63.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.50 Gb Total Space | 80.72 Gb Free Space | 28.27% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 0.05 Gb Free Space | 0.54% Space Free | Partition Type: NTFS

Computer Name: CORINNE-PC | User Name: Corinne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2709303148-4094869866-1168905991-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{2F01EBAF-CA43-417B-A494-76E753F8200D}" = TouchChip USB Driver 2.18
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9545E9DB-6F4C-4404-BF25-E221BE8B44C5}" = iTunes
"{A2289997-10A3-48F2-AA03-99180D761661}" = Fingerprint Reader Suite 5.6
"{B1FB7D5C-20CE-4CB6-8F39-306EFDA8290C}" = Symantec Endpoint Protection
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"EPSON WorkForce 610 Series" = EPSON WorkForce 610 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{005F78AF-110D-398A-8430-BE98950A1E22}" = Google Talk Plugin
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2AD738DC-FC24-4342-A2DA-BB6DCCF6B048}" = Jing
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Media Driver Ver.3.53.02
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{626C034B-50B8-47BD-AF93-EEFD0FA78FF4}" = Character Builder
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6DD7A9DA-6732-47D2-8362-6A12BD0EA053}" = XPS2OneNote
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{C8E95BF5-C07F-4D98-BB42-F58FC98BC03E}" = Google Apps
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2DEA9D8-2C39-42DA-B2A8-E91AF5D09490}" = Mozaki Blocks Deluxe
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"BN_DesktopReader" = Barnes & Noble Desktop Reader
"CamStudio" = CamStudio
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Crawl" = Dungeon Crawl Stone Soup
"Cubis Gold 2" = Cubis Gold 2
"DivX Setup.divx.com" = DivX Setup
"Easy CD-DA Extractor 2010" = Easy CD-DA Extractor 2010
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"Foxit Reader" = Foxit Reader
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"Pdf995" = Pdf995
"Pen Tablet Driver" = Bamboo
"Picasa 3" = Picasa 3
"Uplink Demo" = Uplink Demo (remove only)
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WinLiveSuite" = Windows Live Essentials
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2709303148-4094869866-1168905991-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"f031ef6ac137efc5" = Dell Driver Download Manager
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/29/2011 2:29:27 AM | Computer Name = Corinne-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6193

Error - 3/29/2011 9:42:22 AM | Computer Name = Corinne-PC | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 3/29/2011 9:50:38 AM | Computer Name = Corinne-PC | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan Horse in File: C:\Users\Corinne\AppData\Local\Temp\DWH1D6F.tmp
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied.
Action Description: The file was left unchanged.

Error - 3/29/2011 9:05:23 PM | Computer Name = Corinne-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 3/30/2011 4:30:09 PM | Computer Name = Corinne-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/30/2011 4:30:09 PM | Computer Name = Corinne-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1482

Error - 3/30/2011 4:30:09 PM | Computer Name = Corinne-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1482

Error - 3/30/2011 4:30:10 PM | Computer Name = Corinne-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/30/2011 4:30:10 PM | Computer Name = Corinne-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2605

Error - 3/30/2011 4:30:10 PM | Computer Name = Corinne-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2605

[ OSession Events ]
Error - 1/14/2010 2:01:25 PM | Computer Name = Corinne-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 61385
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/19/2010 9:24:24 PM | Computer Name = Corinne-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2997
seconds with 2940 seconds of active time. This session ended with a crash.

Error - 12/8/2010 7:51:14 PM | Computer Name = Corinne-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2/3/2011 12:15:12 AM | Computer Name = Corinne-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Installer service failed to start due to the following
error: %%1053

Error - 2/3/2011 12:15:17 AM | Computer Name = Corinne-PC | Source = DCOM | ID = 10005
Description =

Error - 2/3/2011 6:27:22 AM | Computer Name = Corinne-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 2/3/2011 3:11:10 PM | Computer Name = Corinne-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Installer service to connect.

Error - 2/3/2011 3:11:10 PM | Computer Name = Corinne-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Installer service failed to start due to the following
error: %%1053

Error - 2/3/2011 8:19:17 PM | Computer Name = Corinne-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 2/4/2011 2:35:20 AM | Computer Name = Corinne-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 2/4/2011 6:44:33 PM | Computer Name = Corinne-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 2/5/2011 10:21:08 PM | Computer Name = Corinne-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 2/7/2011 2:51:38 PM | Computer Name = Corinne-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.


< End of report >

 

[Broni]

You did well
Let me take a look....

 

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
  O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
  O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
  [2010/01/05 14:56:32 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
  @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:4769CB2A
  
  
  :Services
  
  :Reg
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
  "DisableMonitoring" =-
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.
  
  =================================================================
  
  Last scans....
  
  1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    
    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.
  
  
  2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.
  
  
  3. Please run a free online scan with the ESET Online Scanner
  
  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.

 

[HydePryde]

Ok, I think I did everything correctly. I'm going to paste the log files below. The ESET Scanner didn't find anything, so there's no log file. Before using it, I disabled my antivirus software. However, while it was running, my antivirus software reenabled itself and showed this message:
http://screencast.com/t/4I5Wrzud
I disabled it again (scan was still running), and let the scan keep going. The same message from my antivirus popped up again a while later, although this time my antivirus still showed it was disabled this time. So, not sure what that was about...
Here are the logs:

All processes killed
========== OTL ==========
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\ProgramData\ezsidmv.dat moved successfully.
ADS C:\ProgramData\TEMP:4769CB2A deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Corinne
->Temp folder emptied: 6756460 bytes
->Temporary Internet Files folder emptied: 1482827 bytes
->Java cache emptied: 276100 bytes
->FireFox cache emptied: 49453248 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 34340 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 244650 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 984512519 bytes

Total Files Cleaned = 994.00 mb


[EMPTYFLASH]

User: All Users

User: Corinne
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04042011_085357

Files\Folders moved on Reboot...
C:\Users\Corinne\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\WERD02A.tmp.resp not found!

Registry entries deleted on Reboot...

Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 24
Out of date Java installed!
Adobe Flash Player 10.2.153.1
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
``````````End of Log````````````

 

[HydePryde]

Also, I forgot to mention that Windows updated itself yesterday, just in case that makes a difference...This is what it did:
http://screencast.com/t/8Zzg9p3Cz5t

 

[Broni]

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

 

[HydePryde]

Ok, I'm pasting the log you requested below. However, I was trying to complete the remaining steps and got stuck at the Windows Update one. It said I had one important update, so I downloaded it and tried to install it, but I got this error:
http://screencast.com/t/AqmFMFoz
I followed the directions Windows gave me to try and fix it, but the settings were already correct.
I haven't gone ahead with the rest of the steps yet because I wasn't sure if I needed to do them in order.

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Corinne
->Temp folder emptied: 170814 bytes
->Temporary Internet Files folder emptied: 841873 bytes
->Java cache emptied: 48954 bytes
->FireFox cache emptied: 202566639 bytes
->Google Chrome cache emptied: 6270632 bytes
->Flash cache emptied: 7094 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1216 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 200.00 mb


[EMPTYFLASH]

User: All Users

User: Corinne
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Error creating restore point.

OTL by OldTimer - Version 3.2.22.3 log created on 04042011_180328

Files\Folders moved on Reboot...
C:\Users\Corinne\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

 

[Broni]

You can go ahead with other steps.
Thank you for asking though

Try to install that update one more time.
If still no go, click on "Review important updates" and let me know, what update it is.

 

[HydePryde]

Ok, I'm working on the various steps now. I clicked on the link you gave: http://www.bleepingcomputer.com/forums/topic2520.html
and I see lots of replies, but not the original post (I just see an ad where the original post should be). Do I have to sign up for an account there or something to see the original post?

 

[Broni]

No. The link opens to the very first page for me.
Try to restart your browser.
Try different browser.

 

[HydePryde]

Got it - I tried it on 3 different browsers with no luck, but once I registered for the site I was able to view it.

 

[Broni]

There was/is some glitch on BC site, already reported. They're working on it.

12. Please, let me know, how your computer is doing.

 

[HydePryde]

Almost done About to start Auslogics Disk Defrag. I read the stuff from BleepingComputer fully, and have taken all suggestions as far as programs to use. I'm still working on getting Firefox to open in less than 3-5 minutes and to not freeze constantly, but I've posted on the Firefox forum and hope to find some help there. Overall, things seem to be MUCH better, and my antivirus shows NO threats! You are a lifesaver!!!! I was seriously about to go buy a new computer because I was just so frustrated with it. Now I feel much better about it, and I have a solid plan for not letting it happen again!
Thank you so much!!!!

 

[Broni]

Way to go!!

Good luck and stay safe

 

[HydePryde]

Aaak! I set my antivirus to do a full scan last night, and when I woke up this morning it had found another Trojan that it couldn't delete or quarantine! I did everything I was supposed to do, I thought...Help!
Here's the info:

DWHEF94.tmp
Trojan Horse
Log only
File
C:\Users\Corinne\AppData\Local\Temp\
The file was left unchanged.
4/5/2011 7:49

By the way, I was able to get Windows to update successfully, but when I restarted this morning to complete the install, it did that black screen with CHKDSK for about 15 minutes...

 

[Broni]

Run TFC to clean temporary file, then re-run your AV program.

Also, run chkdsk:
1. Click Start, click Run, type chkdsk /f /r, and then click OK.
2. At the command prompt, type Y to let the disk scanner run when you restart the computer.
3. Restart the computer.
4. Chkdsk will run.

 

[HydePryde]

I ran TFC and then re-ran the AV program, but it didn't clean the file. Symantec still found a trojan horse that it couldn't clean or quarantine. I tried to run chkdsk, but the command prompt flashed open for half a second but never opened long enough for me to do steps 2-4.