Malware for sure

jstyle · Feb 6, 2011

Hi there, I just joined and I have the following symptoms

-google redirects me to random webpages when I search
-spybot won't load...just get the hourglass/circle
-windows update won't work
-backed up my registry using ERUNT
-Ran dds.com and got the following log file
-I have the attach file but the log said not to post it unless asked for

**dds.com log info**

DDS (Ver_10-12-12.02) - NTFSx86
Run by hp at 22:18:08.59 on Sat 02/05/2011
Internet Explorer: 8.0.6001.18904
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1982.567 [GMT -5:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe
C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Vuze\Azureus.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\mcupdate.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\RacAgent.exe
C:\Windows\system32\lpremove.exe
C:\Windows\system32\lpksetup.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\hp\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.mrhancock.ca/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.5.0.125\coIEPlg.dll
BHO: CIEDownload Object: {67bcf957-85fc-4036-8dc4-d4d80e00a77b} - c:\program files\smart technologies\smart notebook\NotebookPlugin.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.5.0.125\ips\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.5.0.125\coIEPlg.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [ClamWin] "c:\program files\clamwin\bin\ClamTray.exe" --logon
mRun: [SMART Board Service] c:\program files\smart technologies\smart product drivers\SMARTBoardService.exe
mRun: [SMART SNMP Agent] c:\program files\smart technologies\smart product drivers\SMARTSNMPAgent.exe -e
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\hp\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\smartb~1.lnk - c:\program files\smart technologies\smart product drivers\SMARTBoardTools.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: NameServer = 93.188.164.125,93.188.160.205
TCP: {C7D3F404-1ABE-4855-AB37-AA214A87D281} = 93.188.164.125,93.188.160.205
TCP: {EFC14176-A26F-4B19-8B0B-4D1960B7B5DD} = 93.188.164.125,93.188.160.205
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-2-5 64288]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1205000.07d\SymDS.sys [2011-2-5 340016]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1205000.07d\SymEFA.sys [2011-2-5 652336]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\bashdefs\20110114.001\BHDrvx86.sys [2011-2-5 691248]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\ipsdefs\20110204.001\IDSvix86.sys [2011-2-5 353912]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1205000.07d\Ironx86.sys [2011-2-5 136312]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1205000.07d\symtdiv.sys [2011-2-5 330360]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 1389400]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.5.0.125\ccSvcHst.exe [2011-2-5 130000]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-10-25 1153368]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-8-24 92008]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15264]
R3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\drivers\SMARTMouseFilterx86.sys [2010-11-19 11632]
R3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\drivers\SMARTVHidMini2000x86.sys [2010-11-19 14704]
R3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\drivers\SMARTVTabletPCx86.sys [2010-11-19 19440]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-26 136176]

=============== Created Last 30 ================

2011-02-06 03:16:17 -------- d-----w- C:\Backup
2011-02-06 02:59:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-02-06 02:02:59 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-02-06 02:02:59 -------- d-----w- c:\program files\Symantec
2011-02-06 02:02:42 652336 ----a-r- c:\windows\system32\drivers\nis\1205000.07d\SymEFA.sys
2011-02-06 02:02:42 509560 ----a-r- c:\windows\system32\drivers\nis\1205000.07d\srtsp.sys
2011-02-06 02:02:42 50168 ----a-r- c:\windows\system32\drivers\nis\1205000.07d\srtspx.sys
2011-02-06 02:02:42 340016 ----a-r- c:\windows\system32\drivers\nis\1205000.07d\SymDS.sys
2011-02-06 02:02:42 330360 ----a-r- c:\windows\system32\drivers\nis\1205000.07d\symtdiv.sys
2011-02-06 02:02:42 295032 ----a-r- c:\windows\system32\drivers\nis\1205000.07d\symnets.sys
2011-02-06 02:02:42 136312 ----a-r- c:\windows\system32\drivers\nis\1205000.07d\Ironx86.sys
2011-02-06 02:02:21 -------- d-----w- c:\program files\Norton Internet Security
2011-02-06 02:02:07 -------- d-----w- c:\program files\NortonInstaller
2011-02-06 02:02:07 -------- d-----w- c:\progra~2\NortonInstaller
2011-02-06 00:39:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-02-06 00:36:24 -------- d-----w- c:\program files\WinDirStat
2011-02-05 14:07:44 -------- d-----w- c:\program files\Disk Investigator
2011-01-29 22:00:59 -------- d-----w- c:\program files\iPod
2011-01-25 22:51:14 -------- dc-h--w- c:\progra~2\{42E04EE4-AB57-407A-9691-3FFA8B8FEBBE}
2011-01-21 12:24:27 -------- d-----w- c:\users\hp\appdata\local\Downloaded Installations
2011-01-19 01:17:17 127808 ----a-w- c:\windows\system32\MSWINSCK.OCX
2011-01-19 01:17:17 10752 ----a-w- c:\windows\system32\aamd532.dll
2011-01-19 01:14:03 -------- dc-h--w- c:\progra~2\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2011-01-18 22:43:35 -------- d-----w- c:\program files\Lavasoft
2011-01-18 22:37:50 -------- d-----w- c:\users\hp\appdata\roaming\.clamwin
2011-01-18 22:37:31 -------- d-----w- c:\program files\ClamWin
2011-01-18 22:37:31 -------- d-----w- c:\progra~2\.clamwin

==================== Find3M ====================

2010-11-29 22:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-20 00:59:32 854896 ----a-w- c:\windows\system32\Smart Bulb Saver.scr
2010-11-12 23:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll

============= FINISH: 22:20:57.39 ===============

Sorry I forgot I also get 'windows system host' has stopped or an error has occurred. Thanks again!

ken545 · Feb 6, 2011

:snwelcome:

Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Your computer has been hijacked by the lovely people in the uKraine.

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

jstyle · Feb 6, 2011

I tried it twice. The first time I got the blue death screen and memory dump and the second time I came back and it was frozen...after a restart I saw the log file in c:\

ComboFix 11-02-05.01 - hp 02/06/2011 16:21:26.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1982.861 [GMT -5:00]
Running from: c:\users\hp\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://buy-download.norton.com
.
((((((((((((((((((((((((( Files Created from 2011-01-06 to 2011-02-06 )))))))))))))))))))))))))))))))
.

2011-02-06 21:31 . 2011-02-06 21:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-06 02:12 . 2011-02-06 02:13 -------- d-----w- c:\program files\ERUNT
2011-02-06 02:02 . 2011-02-06 02:02 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-02-06 02:02 . 2011-02-06 02:02 -------- d-----w- c:\program files\Symantec
2011-02-06 02:02 . 2010-12-01 05:24 295032 ----a-r- c:\windows\system32\drivers\NIS\1205000.07D\symnets.sys
2011-02-06 02:02 . 2010-12-01 05:23 330360 ----a-r- c:\windows\system32\drivers\NIS\1205000.07D\symtdiv.sys
2011-02-06 02:02 . 2010-11-23 04:08 509560 ----a-r- c:\windows\system32\drivers\NIS\1205000.07D\srtsp.sys
2011-02-06 02:02 . 2010-11-23 04:08 50168 ----a-r- c:\windows\system32\drivers\NIS\1205000.07D\srtspx.sys
2011-02-06 02:02 . 2010-11-18 02:59 652336 ----a-r- c:\windows\system32\drivers\NIS\1205000.07D\SymEFA.sys
2011-02-06 02:02 . 2010-11-16 01:45 136312 ----a-r- c:\windows\system32\drivers\NIS\1205000.07D\Ironx86.sys
2011-02-06 02:02 . 2010-10-21 02:28 340016 ----a-r- c:\windows\system32\drivers\NIS\1205000.07D\SymDS.sys
2011-02-06 02:02 . 2011-02-06 02:02 -------- d-----w- c:\program files\Norton Internet Security
2011-02-06 02:02 . 2011-02-06 02:02 -------- d-----w- c:\programdata\NortonInstaller
2011-02-06 02:02 . 2011-02-06 02:02 -------- d-----w- c:\program files\NortonInstaller
2011-02-06 00:39 . 2011-02-06 00:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-02-06 00:36 . 2011-02-06 00:36 -------- d-----w- c:\program files\WinDirStat
2011-02-05 14:07 . 2011-02-05 14:07 -------- d-----w- c:\program files\Disk Investigator
2011-01-29 22:00 . 2011-01-29 22:00 -------- d-----w- c:\program files\iPod
2011-01-25 22:51 . 2011-01-25 22:51 -------- dc-h--w- c:\programdata\{42E04EE4-AB57-407A-9691-3FFA8B8FEBBE}
2011-01-21 12:24 . 2011-01-21 12:24 -------- d-----w- c:\users\hp\AppData\Local\Downloaded Installations
2011-01-19 01:17 . 2009-03-24 20:52 127808 ----a-w- c:\windows\system32\MSWINSCK.OCX
2011-01-19 01:17 . 2007-10-07 19:27 10752 ----a-w- c:\windows\system32\aamd532.dll
2011-01-19 01:14 . 2011-02-06 02:51 -------- dc-h--w- c:\programdata\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2011-01-18 22:50 . 2011-02-06 02:49 -------- d-----w- c:\programdata\Lavasoft
2011-01-18 22:43 . 2011-02-06 02:49 -------- d-----w- c:\program files\Lavasoft
2011-01-18 22:37 . 2011-01-18 22:45 -------- d-----w- c:\users\hp\AppData\Roaming\.clamwin
2011-01-18 22:37 . 2011-01-18 22:37 -------- d-----w- c:\programdata\.clamwin
2011-01-18 22:37 . 2011-01-18 22:37 -------- d-----w- c:\program files\ClamWin
2011-01-16 23:56 . 2011-01-16 23:56 -------- d-----w- c:\users\Mcx1

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-06 02:40 . 2007-05-04 19:07 50792 ----a-w- c:\windows\system32\drivers\termdd.sys
2010-12-10 14:07 . 2010-12-10 14:07 749832 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-12-02 22:10 . 2010-12-02 22:10 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2010-12-02 22:10 . 2010-12-02 22:10 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-20 01:00 . 2010-11-20 01:00 11632 ----a-w- c:\windows\system32\drivers\SMARTMouseFilterx86.sys
2010-11-20 01:00 . 2010-11-20 01:00 19440 ----a-w- c:\windows\system32\drivers\SMARTVTabletPCx86.sys
2010-11-20 01:00 . 2010-11-20 01:00 14704 ----a-w- c:\windows\system32\drivers\SMARTVHidMini2000x86.sys
2010-11-20 00:59 . 2010-11-20 00:59 854896 ----a-w- c:\windows\system32\Smart Bulb Saver.scr
2010-11-12 23:53 . 2010-06-09 20:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-05-12 1232896]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-01-13 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-02-28 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-28 7770112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-28 81920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-15 202256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-19 468264]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2010-12-06 86016]
"SMART Board Service"="c:\program files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe" [2010-11-20 5419376]
"SMART SNMP Agent"="c:\program files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe" [2010-11-20 1664368]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
SMART Board Tools.lnk - c:\program files\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe [2010-11-19 13310832]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-26 136176]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-12-03 1389400]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-12-03 15264]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-12-03 64288]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1205000.07D\SYMDS.SYS [2010-10-21 340016]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1205000.07D\SYMEFA.SYS [2010-11-18 652336]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110114.001\BHDrvx86.sys [2010-11-23 691248]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110204.001\IDSvix86.sys [2010-11-11 353912]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1205000.07D\Ironx86.SYS [2010-11-16 136312]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\NIS\1205000.07D\SYMTDIV.SYS [2010-12-01 330360]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe [2010-11-24 130000]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-02-06 102448]
S3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx86.sys [2010-11-20 11632]
S3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMini2000x86.sys [2010-11-20 14704]
S3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx86.sys [2010-11-20 19440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-05-19 14:36 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2011-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-26 23:17]

2011-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-26 23:17]

2011-01-11 c:\windows\Tasks\HPCeeScheduleForhp.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-05-04 21:23]

2011-02-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2306492108-1335750355-2601094625-1000.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mrhancock.ca/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKLM-Run-QlbCtrl - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
HKLM-Run-hpWirelessAssistant - %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
HKLM-Run-WAWifiMessage - %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
SafeBoot-klmdb.sys

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-06 16:31
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.5.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-02-06 16:34:26
ComboFix-quarantined-files.txt 2011-02-06 21:34

Pre-Run: 51,252,076,544 bytes free
Post-Run: 51,190,923,264 bytes free

- - End Of File - - A33C0046F81A7AD6C16513F3B150B63D

ken545 · Feb 7, 2011

Hi,

Lets run these programs

Please download ATF Cleaner by Atribune to your desktop.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.

Please download Malwarebytes from Here or Here

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

Post the report please

OTL by OldTimer

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
  Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

jstyle · Feb 7, 2011

I ran ATF Cleaner and that went well.

I ran malwarebytes and it froze 3 times about 90 seconds in. I am going to restart and try again...but for now

I ran OTL and below is the txt files...

OTL logfile created on: 2/6/2011 10:21:43 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\hp\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.96 Gb Total Space | 23.06 Gb Free Space | 16.36% Space Free | Partition Type: NTFS
Drive D: | 8.09 Gb Total Space | 1.49 Gb Free Space | 18.46% Space Free | Partition Type: NTFS

Computer Name: CJS | User Name: hp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\hp\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe (SMART Technologies ULC)
PRC - C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe (SMART Technologies)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.)
PRC - C:\WINDOWS\System32\wisptis.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Users\hp\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\asOEHook.dll (Symantec Corporation)
MOD - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\Microsoft.VC90.CRT\msvcr90.dll (Microsoft Corporation)
MOD - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\Microsoft.VC90.CRT\msvcp90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe (Symantec Corporation)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (hpqcxs08) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)
SRV - (IDriverT) -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)

========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110206.003\NAVEX15.SYS (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110206.003\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (MBAMSwissArmy) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (SYMTDIv) -- C:\Windows\system32\drivers\NIS\1205000.07D\SYMTDIV.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110114.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\system32\drivers\NIS\1205000.07D\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\NIS\1205000.07D\SRTSPX.SYS (Symantec Corporation)
DRV - (SMARTMouseFilterx86) -- C:\WINDOWS\System32\drivers\SMARTMouseFilterx86.sys (SMART Technologies ULC)
DRV - (SMARTVTabletPCx86) -- C:\WINDOWS\System32\drivers\SMARTVTabletPCx86.sys (SMART Technologies ULC)
DRV - (SMARTVHidMini2000x86) -- C:\WINDOWS\System32\drivers\SMARTVHidMini2000x86.sys (SMART Technologies ULC)
DRV - (SymEFA) -- C:\Windows\system32\drivers\NIS\1205000.07D\SYMEFA.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\system32\drivers\NIS\1205000.07D\Ironx86.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110204.001\IDSvix86.sys (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\system32\drivers\NIS\1205000.07D\SYMDS.SYS (Symantec Corporation)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (HdAudAddService) -- C:\WINDOWS\System32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (nvsmu) -- C:\WINDOWS\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (SynTP) -- C:\WINDOWS\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (eabfiltr) -- C:\WINDOWS\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (rimmptsk) -- C:\WINDOWS\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\System32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\System32\drivers\rixdptsk.sys (REDC)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (UMPass) -- C:\WINDOWS\System32\drivers\umpass.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (HSFHWAZL) -- C:\WINDOWS\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NVENETFD) -- C:\WINDOWS\System32\drivers\nvm60x32.sys (NVIDIA Corporation)
DRV - (E1G60) Intel(R) -- C:\WINDOWS\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\WINDOWS\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (ialm) -- C:\WINDOWS\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (XAudio) -- C:\WINDOWS\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HBtnKey) -- C:\WINDOWS\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (BCM43XX) -- C:\WINDOWS\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (BCM43XV) -- C:\WINDOWS\System32\drivers\BCMWL6.SYS (Broadcom Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mrhancock.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/08/15 11:56:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2011/02/05 21:03:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn\ [2011/02/05 21:02:21 | 000,000,000 | ---D | M]

[2010/05/19 13:39:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hp\AppData\Roaming\mozilla\Extensions
[2010/05/19 13:39:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hp\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010/11/27 12:21:59 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM

O1 HOSTS File: ([2011/02/06 16:31:09 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (CIEDownload Object) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\SMART Notebook\NotebookPlugin.dll (SMART Technologies ULC.)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ClamWin] C:\Program Files\ClamWin\bin\ClamTray.exe (alch)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SMART Board Service] C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe (SMART Technologies)
O4 - HKLM..\Run: [SMART SNMP Agent] C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe (SMART Technologies ULC)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\hp\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\hp\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/04 13:59:36 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/06 22:09:57 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\hp\Desktop\OTL.exe
[2011/02/06 22:08:29 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\Malwarebytes
[2011/02/06 22:08:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/02/06 22:08:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/06 22:08:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/02/06 22:07:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/02/06 22:07:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/06 22:07:04 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\hp\Desktop\mbam-setup-1.50.1.1100.exe
[2011/02/06 22:05:14 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\hp\Desktop\ATF-Cleaner.exe
[2011/02/06 19:09:37 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/02/06 19:08:56 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/02/06 15:52:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/02/06 15:52:51 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/02/06 15:52:51 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/02/06 15:52:51 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/02/05 22:49:53 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\SUPERAntiSpyware.com
[2011/02/05 22:49:53 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/02/05 22:16:17 | 000,000,000 | ---D | C] -- C:\Backup
[2011/02/05 21:59:19 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/02/05 21:49:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/02/05 21:28:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/05 21:14:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/02/05 21:12:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/02/05 21:12:59 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/02/05 21:02:59 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/02/05 21:02:59 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/02/05 21:02:21 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2011/02/05 21:02:21 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2011/02/05 21:02:07 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/02/05 21:02:07 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/02/05 19:39:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/02/05 19:39:14 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/02/05 19:36:24 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
[2011/02/05 19:36:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
[2011/02/05 19:36:24 | 000,000,000 | ---D | C] -- C:\Program Files\WinDirStat
[2011/02/05 09:07:44 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Disk Investigator
[2011/02/05 09:07:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disk Investigator
[2011/02/05 09:07:44 | 000,000,000 | ---D | C] -- C:\Program Files\Disk Investigator
[2011/01/29 17:01:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/01/29 17:00:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/01/25 17:51:14 | 000,000,000 | -H-D | C] -- C:\ProgramData\{42E04EE4-AB57-407A-9691-3FFA8B8FEBBE}
[2011/01/21 07:24:27 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Local\Downloaded Installations
[2011/01/18 20:17:17 | 000,127,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSWINSCK.OCX
[2011/01/18 20:17:17 | 000,010,752 | ---- | C] (Almeida & Andrade Ltda) -- C:\Windows\System32\aamd532.dll
[2011/01/18 20:14:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2011/01/18 17:50:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/01/18 17:43:35 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/01/18 17:37:50 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\.clamwin
[2011/01/18 17:37:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClamWin Antivirus
[2011/01/18 17:37:31 | 000,000,000 | ---D | C] -- C:\Program Files\ClamWin
[2011/01/18 17:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\.clamwin
[2011/01/16 18:48:26 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs
[2010/02/03 23:00:00 | 000,139,264 | ---- | C] ( ) -- C:\Windows\sipr3260.dll

========== Files - Modified Within 30 Days ==========

[2011/02/06 22:23:00 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/06 22:10:07 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\hp\Desktop\OTL.exe
[2011/02/06 22:08:11 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/06 22:07:20 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\hp\Desktop\mbam-setup-1.50.1.1100.exe
[2011/02/06 22:05:23 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\hp\Desktop\ATF-Cleaner.exe
[2011/02/06 22:01:22 | 000,000,255 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/02/06 22:01:03 | 000,076,580 | ---- | M] () -- C:\Users\hp\AppData\Roaming\nvModes.001
[2011/02/06 21:59:00 | 000,004,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/06 21:58:59 | 000,004,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/06 21:58:59 | 000,000,874 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/06 21:58:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/06 21:58:47 | 2078,916,608 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/06 19:12:10 | 000,002,305 | ---- | M] () -- C:\Users\hp\Application Data\Microsoft\Internet Explorer\Quick Launch\Safari.lnk
[2011/02/06 16:31:09 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/02/06 16:11:43 | 2078,930,550 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/02/06 15:50:49 | 004,264,054 | R--- | M] () -- C:\Users\hp\Desktop\ComboFix.exe
[2011/02/06 01:58:52 | 000,002,232 | ---- | M] () -- C:\{8907CF2F-C167-4E60-A9EC-A4698E13B7FE}
[2011/02/06 01:29:43 | 000,002,584 | ---- | M] () -- C:\{A250B750-5A06-45AE-9EE8-FC86A47C9B61}
[2011/02/05 23:26:31 | 000,002,400 | ---- | M] () -- C:\{726091D5-C88F-4DEC-BFA3-BD40095BE949}
[2011/02/05 22:25:05 | 000,071,088 | ---- | M] () -- C:\Users\hp\Documents\cc_20110205_222455.reg
[2011/02/05 21:13:02 | 000,000,913 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/02/05 21:02:59 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/02/05 21:02:59 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/02/05 21:02:59 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/02/05 20:56:11 | 000,000,280 | ---- | M] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-2306492108-1335750355-2601094625-1000.job
[2011/02/05 20:53:50 | 000,076,580 | ---- | M] () -- C:\Users\hp\AppData\Roaming\nvModes.dat
[2011/02/05 19:56:04 | 000,216,576 | ---- | M] () -- C:\Users\hp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/05 19:21:38 | 000,002,272 | ---- | M] () -- C:\{2D49DAD0-6E02-4581-A1D0-3D236D680749}
[2011/02/05 18:39:44 | 000,002,408 | ---- | M] () -- C:\{F433D8F5-63C6-4550-BD9B-695EFB044482}
[2011/02/05 18:39:43 | 000,009,656 | ---- | M] () -- C:\{3A31629F-7EE1-47A4-BE03-270693871021}
[2011/02/05 18:27:53 | 000,002,288 | ---- | M] () -- C:\{40C46778-E717-42C0-A28B-681C50168DB0}
[2011/02/05 10:40:59 | 000,102,976 | ---- | M] () -- C:\Users\hp\Documents\cc_20110205_104019.reg
[2011/02/05 10:17:48 | 000,011,808 | ---- | M] () -- C:\{0DEB647F-B05A-4671-A094-F1C515231C92}
[2011/02/05 10:17:48 | 000,002,664 | ---- | M] () -- C:\{7EBA34AF-F909-499A-916A-F45881606E4A}
[2011/02/04 21:29:23 | 000,605,756 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/04 21:29:23 | 000,099,538 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/04 20:13:40 | 000,011,453 | ---- | M] () -- C:\Users\hp\Documents\Brick.docx
[2011/02/04 06:59:53 | 000,007,484 | ---- | M] () -- C:\Users\hp\AppData\Local\d3d9caps.dat
[2011/02/02 11:05:22 | 000,030,384 | ---- | M] () -- C:\{ADB7486A-54E5-45E1-A77A-63FFD8260844}
[2011/01/31 08:23:48 | 000,002,280 | ---- | M] () -- C:\{1BB53319-C996-4F2D-B958-69F6805E0EB1}
[2011/01/31 08:23:34 | 000,030,392 | ---- | M] () -- C:\{A32E979C-5994-4ED5-883B-33435B1646B1}
[2011/01/29 16:54:45 | 000,000,629 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2011/01/28 20:35:04 | 000,000,382 | ---- | M] () -- C:\Users\hp\Desktop\Celia.lnk
[2011/01/27 18:34:30 | 000,030,384 | ---- | M] () -- C:\{C85E3D82-CFD9-4C77-9610-1D45E4AA3BE4}
[2011/01/23 22:48:46 | 000,030,368 | ---- | M] () -- C:\{6BC61279-F3E2-439A-A7FF-5B840C953021}
[2011/01/23 22:45:48 | 000,030,368 | ---- | M] () -- C:\{CA9AE55F-EDB0-40B9-A2B4-2591DAC8BE7D}
[2011/01/23 22:42:50 | 000,030,368 | ---- | M] () -- C:\{808021E5-4016-4CB9-9442-B1391A180F91}
[2011/01/22 10:40:32 | 008,037,633 | ---- | M] () -- C:\Users\hp\Documents\DVD Sleeves.docx
[2011/01/22 09:14:08 | 000,117,568 | ---- | M] () -- C:\Users\hp\Documents\Jonathan Hancock Technology Story.pdf
[2011/01/21 07:29:25 | 000,002,159 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SMART Board Tools.lnk
[2011/01/11 16:08:56 | 000,000,310 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForhp.job
[2011/01/08 10:51:20 | 000,010,593 | ---- | M] () -- C:\Users\hp\Documents\Mortgage Payments.docx

========== Files Created - No Company Name ==========

[2011/02/06 22:08:10 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/06 16:05:48 | 2078,930,550 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/02/06 15:52:51 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/02/06 15:52:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/02/06 15:52:51 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/02/06 15:52:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/02/06 15:52:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/02/06 15:50:14 | 004,264,054 | R--- | C] () -- C:\Users\hp\Desktop\ComboFix.exe
[2011/02/06 01:58:51 | 000,002,232 | ---- | C] () -- C:\{8907CF2F-C167-4E60-A9EC-A4698E13B7FE}
[2011/02/06 01:29:42 | 000,002,584 | ---- | C] () -- C:\{A250B750-5A06-45AE-9EE8-FC86A47C9B61}
[2011/02/05 23:26:30 | 000,002,400 | ---- | C] () -- C:\{726091D5-C88F-4DEC-BFA3-BD40095BE949}
[2011/02/05 22:24:58 | 000,071,088 | ---- | C] () -- C:\Users\hp\Documents\cc_20110205_222455.reg
[2011/02/05 21:13:02 | 000,000,913 | ---- | C] () -- C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/02/05 21:02:59 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/02/05 21:02:59 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/02/05 20:38:44 | 2078,916,608 | -HS- | C] () -- C:\hiberfil.sys
[2011/02/05 19:21:38 | 000,002,272 | ---- | C] () -- C:\{2D49DAD0-6E02-4581-A1D0-3D236D680749}
[2011/02/05 18:39:43 | 000,009,656 | ---- | C] () -- C:\{3A31629F-7EE1-47A4-BE03-270693871021}
[2011/02/05 18:39:43 | 000,002,408 | ---- | C] () -- C:\{F433D8F5-63C6-4550-BD9B-695EFB044482}
[2011/02/05 18:27:53 | 000,002,288 | ---- | C] () -- C:\{40C46778-E717-42C0-A28B-681C50168DB0}
[2011/02/05 10:40:32 | 000,102,976 | ---- | C] () -- C:\Users\hp\Documents\cc_20110205_104019.reg
[2011/02/05 10:17:48 | 000,011,808 | ---- | C] () -- C:\{0DEB647F-B05A-4671-A094-F1C515231C92}
[2011/02/05 10:17:48 | 000,002,664 | ---- | C] () -- C:\{7EBA34AF-F909-499A-916A-F45881606E4A}
[2011/02/04 20:13:40 | 000,011,453 | ---- | C] () -- C:\Users\hp\Documents\Brick.docx
[2011/02/02 11:05:22 | 000,030,384 | ---- | C] () -- C:\{ADB7486A-54E5-45E1-A77A-63FFD8260844}
[2011/01/31 08:23:41 | 000,002,280 | ---- | C] () -- C:\{1BB53319-C996-4F2D-B958-69F6805E0EB1}
[2011/01/31 08:23:34 | 000,030,392 | ---- | C] () -- C:\{A32E979C-5994-4ED5-883B-33435B1646B1}
[2011/01/29 16:54:45 | 000,000,629 | ---- | C] () -- C:\Windows\System32\mapisvc.inf
[2011/01/28 20:35:04 | 000,000,382 | ---- | C] () -- C:\Users\hp\Desktop\Celia.lnk
[2011/01/27 18:34:30 | 000,030,384 | ---- | C] () -- C:\{C85E3D82-CFD9-4C77-9610-1D45E4AA3BE4}
[2011/01/23 22:48:46 | 000,030,368 | ---- | C] () -- C:\{6BC61279-F3E2-439A-A7FF-5B840C953021}
[2011/01/23 22:45:48 | 000,030,368 | ---- | C] () -- C:\{CA9AE55F-EDB0-40B9-A2B4-2591DAC8BE7D}
[2011/01/23 22:42:50 | 000,030,368 | ---- | C] () -- C:\{808021E5-4016-4CB9-9442-B1391A180F91}
[2011/01/22 09:14:05 | 000,117,568 | ---- | C] () -- C:\Users\hp\Documents\Jonathan Hancock Technology Story.pdf
[2011/01/21 07:29:25 | 000,002,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SMART Board Tools.lnk
[2011/01/04 18:52:24 | 000,001,940 | ---- | C] () -- C:\Users\hp\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/09/01 23:53:48 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/06/23 11:35:52 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/06/23 11:35:52 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/06/11 18:08:58 | 000,007,484 | ---- | C] () -- C:\Users\hp\AppData\Local\d3d9caps.dat
[2010/05/14 18:52:23 | 000,000,000 | ---- | C] () -- C:\Users\hp\AppData\Local\FnF4.txt
[2010/05/13 17:38:08 | 000,002,528 | ---- | C] () -- C:\Windows\FCIC.INI
[2010/05/12 15:08:49 | 000,000,000 | ---- | C] () -- C:\Windows\WinInit.ini
[2010/05/12 07:03:23 | 000,216,576 | ---- | C] () -- C:\Users\hp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/16 09:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007/05/04 13:45:22 | 000,004,829 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/02/27 15:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/02/05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/12/14 01:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 01:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 19:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/01/01 23:58:48 | 000,076,580 | ---- | C] () -- C:\Users\hp\AppData\Roaming\nvModes.001
[2006/01/01 23:58:46 | 000,076,580 | ---- | C] () -- C:\Users\hp\AppData\Roaming\nvModes.dat
[2006/01/01 08:34:39 | 000,000,000 | ---- | C] () -- C:\Users\hp\AppData\Local\QSwitch.txt
[2006/01/01 08:34:39 | 000,000,000 | ---- | C] () -- C:\Users\hp\AppData\Local\DSwitch.txt
[2006/01/01 08:34:39 | 000,000,000 | ---- | C] () -- C:\Users\hp\AppData\Local\AtStart.txt
[2005/05/07 07:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

========== LOP Check ==========

[2011/02/06 19:51:47 | 000,032,596 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 2/6/2011 10:21:43 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\hp\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.96 Gb Total Space | 23.06 Gb Free Space | 16.36% Space Free | Partition Type: NTFS
Drive D: | 8.09 Gb Total Space | 1.49 Gb Free Space | 18.46% Space Free | Partition Type: NTFS

Computer Name: CJS | User Name: hp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0BFC200F-C45D-4271-AF34-4CA969225DEB}" = muvee autoProducer 6.0
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{1355416A-967D-47C5-823D-D493C3E0B97C}" = SMART Product Drivers
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24557DC0-0839-496f-82F9-C4EB72EFE4FA}" = HP Deskjet All-In-One Software 8.0
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 B1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{39523EA4-F914-4447-A551-2513766095F5}" = ESU for Microsoft Vista
"{3FFB3B34-D639-4384-9AE9-DDE58430D86F}" = MSCU for Microsoft Vista
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{43523FEF-9D8E-4572-BB11-0E914D366E0A}" = LightScribe Template Labeler
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.6
"{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{47E6A509-37B7-4440-A252-7031E9A898D7}" = SMART Notebook
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5B35C417-2649-11D6-83D1-0050FC01225C}" = FirstClass® Client
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5CA81D12-9EC2-4082-972B-43ECA63F41F2}" = HP Pavilion Webcam Driver for Vista v061.001.00005
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61F25370-7465-4404-BE28-4629BF808699}" = LightScribe Applications
"{657F8B33-CBBB-45F4-9087-274F22C89400}" = DJ_AIO_ProductContext
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DDEABFB-0621-4321-B385-CB86D3A6F90F}" = F4100
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9ECB4705-B9CB-405A-B6D4-33BDF707308E}" = DJ_AIO_Software
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.5
"{ACE22C48-49D7-4531-BE20-5C3D03393AB6}" = F4100_Help
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B0F97FBF-9F98-4522-B65D-8980FE38C726}" = HP User Guide 0042
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6C766E9-B26D-4D54-A22B-A52B069C6C14}" = LightScribe Template Designs - Special Occasion Pack 1
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{DC83F417-8068-4074-BA2F-C4F8AB872556}" = DJ_AIO_Software_min
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"4Videosoft MKV Video Converter_is1" = 4Videosoft MKV Video Converter
"8461-7759-5462-8226" = Vuze
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"ClamWin Free Antivirus_is1" = ClamWin Free Antivirus 0.96.5
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7" = Soft Data Fax Modem with SmartCP
"DC++" = DC++ 0.770
"Disk Investigator" = Disk Investigator 1.51
"DivX Setup.divx.com" = DivX Setup
"DVD Shrink_is1" = DVD Shrink 3.2
"ERUNT_is1" = ERUNT 1.1j
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"ImgBurn" = ImgBurn
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NIS" = Norton Internet Security
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 12.0" = RealPlayer
"Rhapsody" = Rhapsody
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.7.6.2056
"uTorrent" = µTorrent
"WildTangent hplaptop Master Uninstall" = My HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/5/2011 10:21:50 PM | Computer Name = Jonathans | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6000.16386, time stamp
0x4549adc4, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x0001624b, process id 0x9c, application start time
0x01cbc5a46bf6320d.

Error - 2/5/2011 10:23:29 PM | Computer Name = Jonathans | Source = SDWinSec.exe | ID = 0
Description =

Error - 2/5/2011 10:23:30 PM | Computer Name = Jonathans | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe_Winmgmt, version 6.0.6000.16386,
time stamp 0x4549adc4, faulting module ntdll.dll, version 6.0.6000.16386, time stamp
0x4549bdc9, exception code 0xc0000022, fault offset 0x000768b0, process id 0x17c4,
application start time 0x01cbc5a4d7460eed.

Error - 2/5/2011 10:25:50 PM | Computer Name = Jonathans | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6000.16386, time stamp
0x4549adc4, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x0001624b, process id 0xba8, application start time
0x01cbc5a4fb0b588d.

Error - 2/5/2011 10:28:33 PM | Computer Name = Jonathans | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6000.16386, time stamp
0x4549adc4, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x0001624b, process id 0x1204, application start time
0x01cbc5a55b7a7acd.

Error - 2/5/2011 10:30:57 PM | Computer Name = Jonathans | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6000.16386, time stamp
0x4549adc4, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x0001624b, process id 0x9b8, application start time
0x01cbc5a5b1db45cd.

Error - 2/5/2011 10:33:25 PM | Computer Name = Jonathans | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6000.16386, time stamp
0x4549adc4, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x0001624b, process id 0x1248, application start time
0x01cbc5a60a5943ad.

Error - 2/5/2011 10:36:07 PM | Computer Name = Jonathans | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6000.16386, time stamp
0x4549adc4, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x0001624b, process id 0x1528, application start time
0x01cbc5a66abe924d.

Error - 2/5/2011 10:38:37 PM | Computer Name = Jonathans | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6000.16386, time stamp
0x4549adc4, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x0001624b, process id 0x17a8, application start time
0x01cbc5a6c42f5c6d.

Error - 2/5/2011 10:59:10 PM | Computer Name = Jonathans | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

[ System Events ]
Error - 8/30/2010 5:52:23 PM | Computer Name = hp-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
3, function 0. Please contact your system vendor for technical assistance.

Error - 8/30/2010 10:24:41 PM | Computer Name = hp-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
2, function 0. Please contact your system vendor for technical assistance.

Error - 8/30/2010 10:24:41 PM | Computer Name = hp-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
3, function 0. Please contact your system vendor for technical assistance.

Error - 9/3/2010 3:52:27 PM | Computer Name = hp-PC | Source = DCOM | ID = 10010
Description =

Error - 9/3/2010 5:23:05 PM | Computer Name = hp-PC | Source = Print | ID = 22
Description = Failed to upgrade printer settings for printer \\HP-PC\HP Deskjet
F4100 series,0,LocalOnly driver C:\Windows\system32\spool\DRIVERS\W32X86\3\UNIDRVUI.DLL.
Error: 2150. The device settings for the printer are set to those configured by
the manufacturer.

Error - 9/3/2010 5:23:05 PM | Computer Name = hp-PC | Source = Print | ID = 22
Description = Failed to upgrade printer settings for printer HP Deskjet F4100 series,0
driver HP Deskjet F4100 series. Error: 2150. The device settings for the printer
are set to those configured by the manufacturer.

Error - 9/3/2010 5:35:31 PM | Computer Name = hp-PC | Source = Print | ID = 22
Description = Failed to upgrade printer settings for printer \\HP-PC\HP Deskjet
F4100 series,0,LocalOnly driver C:\Windows\system32\spool\DRIVERS\W32X86\3\UNIDRVUI.DLL.
Error: 1801. The device settings for the printer are set to those configured by
the manufacturer.

Error - 9/3/2010 5:35:31 PM | Computer Name = hp-PC | Source = Print | ID = 22
Description = Failed to upgrade printer settings for printer HP Deskjet F4100 series,0
driver HP Deskjet F4100 series. Error: 1801. The device settings for the printer
are set to those configured by the manufacturer.

Error - 9/6/2010 9:01:16 PM | Computer Name = hp-PC | Source = SRTSP | ID = 524292
Description = Error loading virus definitions.

Error - 9/6/2010 9:54:37 PM | Computer Name = hp-PC | Source = DCOM | ID = 10010
Description =

< End of report >

jstyle · Feb 7, 2011

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5699

Windows 6.0.6000
Internet Explorer 8.0.6001.18904

2/6/2011 11:31:22 PM
mbam-log-2011-02-06 (23-31-22).txt

Scan type: Quick scan
Objects scanned: 166107
Time elapsed: 37 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ken545 · Feb 7, 2011

Have the redirects stopped ?

jstyle · Feb 7, 2011

I just checked and I can now google again and click links without getting redirected. Am I malware free now?

ken545 · Feb 7, 2011

Lets do this to make sure.

Please run this free online virus scanner from ESET

Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

jstyle · Feb 8, 2011

log is...

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

should there be more?

Also is there somewhere where I could read up to what the uKraine was doing with my computer? Just curious and thanks!!

ken545 · Feb 8, 2011

From your DDS log

TCP: {C7D3F404-1ABE-4855-AB37-AA214A87D281} = 93.188.164.125,93.188.160.205
TCP: {EFC14176-A26F-4B19-8B0B-4D1960B7B5DD} = 93.188.164.125,93.188.160.205

93.188.164.125.static.ukrtelegroup.com.ua (93.188.164.125)

93.188.163.0 - 93.188.164.255
Promnet Ltd.

Ondrej Voloshin
Ekaterininskaya str., 41, 65000, Odessa, Ukraine
support@prom-net.com.ua
+380504414402

Hard to say, these people are like roaches that just come out at night. You clicked on a bad link and it infecfed you

Years ago kids and people with nothing else to do wrote viruses, not anymore, all this garbage is written by gangs of cyber criminals.

http://www.google.com/search?q=russ...s=org.mozilla:en-US:official&client=firefox-a

There is a company in St Petersburg Russia called the RBN ( Russian Business Network ) They promote themselves as a legit company when in fact there resposible for about 2/3rds of all this garbage floating around.

These people are mean and nasty , they disappear every once in awhile only to show up later in a different location. They make millions of dollars from not to savvy people buying what they are trying to sell. If your computer is infected by one of there rogue programs and they prompt you to purchase it to remove what it finds ( the only real infection is them ) what you would be doing is giving your credit card to criminals.

Run OTL and post a new log please

jstyle · Feb 10, 2011

Thanks for all of the info!

OTL logfile created on: 2/10/2011 3:55:14 PM - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\hp\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 32.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.96 Gb Total Space | 26.73 Gb Free Space | 18.96% Space Free | Partition Type: NTFS
Drive D: | 8.09 Gb Total Space | 1.47 Gb Free Space | 18.17% Space Free | Partition Type: NTFS
Drive F: | 15.30 Gb Total Space | 15.30 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: CJS | User Name: hp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Users\hp\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\WINDOWS\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\ClamWin\bin\ClamTray.exe (alch)
PRC - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe (SMART Technologies ULC)
PRC - C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe (SMART Technologies)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.)
PRC - C:\WINDOWS\System32\wisptis.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Users\hp\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\asOEHook.dll (Symantec Corporation)
MOD - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\Microsoft.VC90.CRT\msvcr90.dll (Microsoft Corporation)
MOD - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\Microsoft.VC90.CRT\msvcp90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe (Symantec Corporation)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (hpqcxs08) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)
SRV - (IDriverT) -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)

========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110210.003\NAVEX15.SYS (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110210.003\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (SYMTDIv) -- C:\Windows\system32\drivers\NIS\1205000.07D\SYMTDIV.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110114.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\system32\drivers\NIS\1205000.07D\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\NIS\1205000.07D\SRTSPX.SYS (Symantec Corporation)
DRV - (SMARTMouseFilterx86) -- C:\WINDOWS\System32\drivers\SMARTMouseFilterx86.sys (SMART Technologies ULC)
DRV - (SMARTVTabletPCx86) -- C:\WINDOWS\System32\drivers\SMARTVTabletPCx86.sys (SMART Technologies ULC)
DRV - (SMARTVHidMini2000x86) -- C:\WINDOWS\System32\drivers\SMARTVHidMini2000x86.sys (SMART Technologies ULC)
DRV - (SymEFA) -- C:\Windows\system32\drivers\NIS\1205000.07D\SYMEFA.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\system32\drivers\NIS\1205000.07D\Ironx86.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110209.001\IDSvix86.sys (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\system32\drivers\NIS\1205000.07D\SYMDS.SYS (Symantec Corporation)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (HBtnKey) -- C:\WINDOWS\System32\drivers\CPQBttn.sys (Hewlett-Packard Company)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (BCM43XX) -- C:\WINDOWS\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (BCM43XV) -- C:\WINDOWS\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (SynTP) -- C:\WINDOWS\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (CnxtHdAudService) -- C:\WINDOWS\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (XAudio) -- C:\WINDOWS\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV) -- C:\WINDOWS\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\WINDOWS\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (HdAudAddService) -- C:\WINDOWS\System32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (nvsmu) -- C:\WINDOWS\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (eabfiltr) -- C:\WINDOWS\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (rimmptsk) -- C:\WINDOWS\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\System32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\System32\drivers\rixdptsk.sys (REDC)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (UMPass) -- C:\WINDOWS\System32\drivers\umpass.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (HSFHWAZL) -- C:\WINDOWS\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\WINDOWS\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (ialm) -- C:\WINDOWS\System32\drivers\igdkmd32.sys (Intel Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mrhancock.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/08/15 11:56:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2011/02/05 21:03:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn\ [2011/02/05 21:02:21 | 000,000,000 | ---D | M]

[2010/05/19 13:39:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hp\AppData\Roaming\mozilla\Extensions
[2010/05/19 13:39:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hp\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010/11/27 12:21:59 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM

O1 HOSTS File: ([2011/02/06 16:31:09 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (CIEDownload Object) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\SMART Notebook\NotebookPlugin.dll (SMART Technologies ULC.)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ClamWin] C:\Program Files\ClamWin\bin\ClamTray.exe (alch)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SMART Board Service] C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe (SMART Technologies)
O4 - HKLM..\Run: [SMART SNMP Agent] C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe (SMART Technologies ULC)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\hp\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\hp\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/04 13:59:36 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/10 06:51:37 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/02/09 18:12:20 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Local\Apple
[2011/02/08 16:41:51 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/02/07 17:40:57 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Local\Adobe
[2011/02/06 22:48:42 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Local\Apple Computer
[2011/02/06 22:08:29 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\Malwarebytes
[2011/02/06 22:08:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/02/06 22:08:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/06 22:08:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/02/06 22:07:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/02/06 22:07:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/06 19:09:37 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/02/06 19:08:56 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/02/06 15:52:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/02/06 15:52:51 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/02/06 15:52:51 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/02/06 15:52:51 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/02/05 22:49:53 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\SUPERAntiSpyware.com
[2011/02/05 22:49:53 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/02/05 22:16:17 | 000,000,000 | ---D | C] -- C:\Backup
[2011/02/05 21:59:19 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/02/05 21:49:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/02/05 21:28:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/05 21:14:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/02/05 21:12:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/02/05 21:12:59 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/02/05 21:02:59 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/02/05 21:02:59 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/02/05 21:02:21 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2011/02/05 21:02:21 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2011/02/05 21:02:07 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/02/05 21:02:07 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/02/05 19:39:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/02/05 19:39:14 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/02/05 19:36:24 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
[2011/02/05 19:36:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
[2011/02/05 19:36:24 | 000,000,000 | ---D | C] -- C:\Program Files\WinDirStat
[2011/02/05 09:07:44 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Disk Investigator
[2011/02/05 09:07:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disk Investigator
[2011/02/05 09:07:44 | 000,000,000 | ---D | C] -- C:\Program Files\Disk Investigator
[2011/01/29 17:01:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/01/29 17:00:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/01/25 17:51:14 | 000,000,000 | -H-D | C] -- C:\ProgramData\{42E04EE4-AB57-407A-9691-3FFA8B8FEBBE}
[2011/01/21 07:24:27 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Local\Downloaded Installations
[2011/01/18 20:17:17 | 000,127,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSWINSCK.OCX
[2011/01/18 20:17:17 | 000,010,752 | ---- | C] (Almeida & Andrade Ltda) -- C:\Windows\System32\aamd532.dll
[2011/01/18 20:14:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2011/01/18 17:50:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/01/18 17:43:35 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/01/18 17:37:50 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\.clamwin
[2011/01/18 17:37:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClamWin Antivirus
[2011/01/18 17:37:31 | 000,000,000 | ---D | C] -- C:\Program Files\ClamWin
[2011/01/18 17:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\.clamwin
[2011/01/16 18:48:26 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs
[2010/02/03 23:00:00 | 000,139,264 | ---- | C] ( ) -- C:\Windows\sipr3260.dll

========== Files - Modified Within 30 Days ==========

[2011/02/10 15:34:45 | 000,155,116 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/02/10 15:34:23 | 000,000,255 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/02/10 15:33:24 | 000,004,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/10 15:33:24 | 000,004,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/10 15:33:24 | 000,000,874 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/10 15:33:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/10 15:33:11 | 2078,916,608 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/09 19:55:43 | 000,216,576 | ---- | M] () -- C:\Users\hp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/09 19:23:01 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/08 16:40:25 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/02/07 20:23:40 | 000,155,116 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/02/07 20:22:49 | 000,000,680 | ---- | M] () -- C:\Users\hp\AppData\Local\d3d9caps.dat
[2011/02/06 22:43:31 | 000,618,648 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/06 22:43:31 | 000,104,024 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/06 22:40:06 | 000,873,310 | ---- | M] () -- C:\Windows\System32\oem53.inf
[2011/02/06 22:01:03 | 000,076,580 | ---- | M] () -- C:\Users\hp\AppData\Roaming\nvModes.001
[2011/02/06 19:12:10 | 000,002,305 | ---- | M] () -- C:\Users\hp\Application Data\Microsoft\Internet Explorer\Quick Launch\Safari.lnk
[2011/02/06 16:31:09 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/02/06 16:11:43 | 2078,930,550 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/02/06 01:58:52 | 000,002,232 | ---- | M] () -- C:\{8907CF2F-C167-4E60-A9EC-A4698E13B7FE}
[2011/02/06 01:29:43 | 000,002,584 | ---- | M] () -- C:\{A250B750-5A06-45AE-9EE8-FC86A47C9B61}
[2011/02/05 23:26:31 | 000,002,400 | ---- | M] () -- C:\{726091D5-C88F-4DEC-BFA3-BD40095BE949}
[2011/02/05 22:25:05 | 000,071,088 | ---- | M] () -- C:\Users\hp\Documents\cc_20110205_222455.reg
[2011/02/05 21:13:02 | 000,000,913 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/02/05 21:02:59 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/02/05 21:02:59 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/02/05 21:02:59 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/02/05 20:56:11 | 000,000,280 | ---- | M] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-2306492108-1335750355-2601094625-1000.job
[2011/02/05 20:53:50 | 000,076,580 | ---- | M] () -- C:\Users\hp\AppData\Roaming\nvModes.dat
[2011/02/05 19:21:38 | 000,002,272 | ---- | M] () -- C:\{2D49DAD0-6E02-4581-A1D0-3D236D680749}
[2011/02/05 18:39:44 | 000,002,408 | ---- | M] () -- C:\{F433D8F5-63C6-4550-BD9B-695EFB044482}
[2011/02/05 18:39:43 | 000,009,656 | ---- | M] () -- C:\{3A31629F-7EE1-47A4-BE03-270693871021}
[2011/02/05 18:27:53 | 000,002,288 | ---- | M] () -- C:\{40C46778-E717-42C0-A28B-681C50168DB0}
[2011/02/05 10:40:59 | 000,102,976 | ---- | M] () -- C:\Users\hp\Documents\cc_20110205_104019.reg
[2011/02/05 10:17:48 | 000,011,808 | ---- | M] () -- C:\{0DEB647F-B05A-4671-A094-F1C515231C92}
[2011/02/05 10:17:48 | 000,002,664 | ---- | M] () -- C:\{7EBA34AF-F909-499A-916A-F45881606E4A}
[2011/02/04 20:13:40 | 000,011,453 | ---- | M] () -- C:\Users\hp\Documents\Brick.docx
[2011/02/02 11:05:22 | 000,030,384 | ---- | M] () -- C:\{ADB7486A-54E5-45E1-A77A-63FFD8260844}
[2011/01/31 08:23:48 | 000,002,280 | ---- | M] () -- C:\{1BB53319-C996-4F2D-B958-69F6805E0EB1}
[2011/01/31 08:23:34 | 000,030,392 | ---- | M] () -- C:\{A32E979C-5994-4ED5-883B-33435B1646B1}
[2011/01/29 16:54:45 | 000,000,629 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2011/01/28 20:35:04 | 000,000,382 | ---- | M] () -- C:\Users\hp\Desktop\Celia.lnk
[2011/01/27 18:34:30 | 000,030,384 | ---- | M] () -- C:\{C85E3D82-CFD9-4C77-9610-1D45E4AA3BE4}
[2011/01/23 22:48:46 | 000,030,368 | ---- | M] () -- C:\{6BC61279-F3E2-439A-A7FF-5B840C953021}
[2011/01/23 22:45:48 | 000,030,368 | ---- | M] () -- C:\{CA9AE55F-EDB0-40B9-A2B4-2591DAC8BE7D}
[2011/01/23 22:42:50 | 000,030,368 | ---- | M] () -- C:\{808021E5-4016-4CB9-9442-B1391A180F91}
[2011/01/22 10:40:32 | 008,037,633 | ---- | M] () -- C:\Users\hp\Documents\DVD Sleeves.docx
[2011/01/22 09:14:08 | 000,117,568 | ---- | M] () -- C:\Users\hp\Documents\Jonathan Hancock Technology Story.pdf
[2011/01/21 07:29:25 | 000,002,159 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SMART Board Tools.lnk
[2011/01/11 16:08:56 | 000,000,310 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForhp.job

========== Files Created - No Company Name ==========

[2011/02/06 22:43:27 | 000,155,116 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011/02/06 22:43:27 | 000,155,116 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011/02/06 22:40:20 | 000,873,310 | ---- | C] () -- C:\Windows\System32\oem53.inf
[2011/02/06 22:39:01 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011/02/06 16:05:48 | 2078,930,550 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/02/06 15:52:51 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/02/06 15:52:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/02/06 15:52:51 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/02/06 15:52:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/02/06 15:52:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/02/06 01:58:51 | 000,002,232 | ---- | C] () -- C:\{8907CF2F-C167-4E60-A9EC-A4698E13B7FE}
[2011/02/06 01:29:42 | 000,002,584 | ---- | C] () -- C:\{A250B750-5A06-45AE-9EE8-FC86A47C9B61}
[2011/02/05 23:26:30 | 000,002,400 | ---- | C] () -- C:\{726091D5-C88F-4DEC-BFA3-BD40095BE949}
[2011/02/05 22:24:58 | 000,071,088 | ---- | C] () -- C:\Users\hp\Documents\cc_20110205_222455.reg
[2011/02/05 21:13:02 | 000,000,913 | ---- | C] () -- C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/02/05 21:02:59 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/02/05 21:02:59 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/02/05 20:38:44 | 2078,916,608 | -HS- | C] () -- C:\hiberfil.sys
[2011/02/05 19:21:38 | 000,002,272 | ---- | C] () -- C:\{2D49DAD0-6E02-4581-A1D0-3D236D680749}
[2011/02/05 18:39:43 | 000,009,656 | ---- | C] () -- C:\{3A31629F-7EE1-47A4-BE03-270693871021}
[2011/02/05 18:39:43 | 000,002,408 | ---- | C] () -- C:\{F433D8F5-63C6-4550-BD9B-695EFB044482}
[2011/02/05 18:27:53 | 000,002,288 | ---- | C] () -- C:\{40C46778-E717-42C0-A28B-681C50168DB0}
[2011/02/05 10:40:32 | 000,102,976 | ---- | C] () -- C:\Users\hp\Documents\cc_20110205_104019.reg
[2011/02/05 10:17:48 | 000,011,808 | ---- | C] () -- C:\{0DEB647F-B05A-4671-A094-F1C515231C92}
[2011/02/05 10:17:48 | 000,002,664 | ---- | C] () -- C:\{7EBA34AF-F909-499A-916A-F45881606E4A}
[2011/02/04 20:13:40 | 000,011,453 | ---- | C] () -- C:\Users\hp\Documents\Brick.docx
[2011/02/02 11:05:22 | 000,030,384 | ---- | C] () -- C:\{ADB7486A-54E5-45E1-A77A-63FFD8260844}
[2011/01/31 08:23:41 | 000,002,280 | ---- | C] () -- C:\{1BB53319-C996-4F2D-B958-69F6805E0EB1}
[2011/01/31 08:23:34 | 000,030,392 | ---- | C] () -- C:\{A32E979C-5994-4ED5-883B-33435B1646B1}
[2011/01/29 16:54:45 | 000,000,629 | ---- | C] () -- C:\Windows\System32\mapisvc.inf
[2011/01/28 20:35:04 | 000,000,382 | ---- | C] () -- C:\Users\hp\Desktop\Celia.lnk
[2011/01/27 18:34:30 | 000,030,384 | ---- | C] () -- C:\{C85E3D82-CFD9-4C77-9610-1D45E4AA3BE4}
[2011/01/23 22:48:46 | 000,030,368 | ---- | C] () -- C:\{6BC61279-F3E2-439A-A7FF-5B840C953021}
[2011/01/23 22:45:48 | 000,030,368 | ---- | C] () -- C:\{CA9AE55F-EDB0-40B9-A2B4-2591DAC8BE7D}
[2011/01/23 22:42:50 | 000,030,368 | ---- | C] () -- C:\{808021E5-4016-4CB9-9442-B1391A180F91}
[2011/01/22 09:14:05 | 000,117,568 | ---- | C] () -- C:\Users\hp\Documents\Jonathan Hancock Technology Story.pdf
[2011/01/21 07:29:25 | 000,002,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SMART Board Tools.lnk
[2011/01/04 18:52:24 | 000,001,940 | ---- | C] () -- C:\Users\hp\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/09/01 23:53:48 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/06/23 11:35:52 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/06/23 11:35:52 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/06/11 18:08:58 | 000,000,680 | ---- | C] () -- C:\Users\hp\AppData\Local\d3d9caps.dat
[2010/05/14 18:52:23 | 000,000,000 | ---- | C] () -- C:\Users\hp\AppData\Local\FnF4.txt
[2010/05/13 17:38:08 | 000,002,528 | ---- | C] () -- C:\Windows\FCIC.INI
[2010/05/12 15:08:49 | 000,000,000 | ---- | C] () -- C:\Windows\WinInit.ini
[2010/05/12 07:03:23 | 000,216,576 | ---- | C] () -- C:\Users\hp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/16 09:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007/05/04 13:45:22 | 000,004,829 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/02/27 15:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/02/05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/12/14 01:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 01:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 19:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/01/01 23:58:48 | 000,076,580 | ---- | C] () -- C:\Users\hp\AppData\Roaming\nvModes.001
[2006/01/01 23:58:46 | 000,076,580 | ---- | C] () -- C:\Users\hp\AppData\Roaming\nvModes.dat
[2006/01/01 08:34:39 | 000,000,000 | ---- | C] () -- C:\Users\hp\AppData\Local\QSwitch.txt
[2006/01/01 08:34:39 | 000,000,000 | ---- | C] () -- C:\Users\hp\AppData\Local\DSwitch.txt
[2006/01/01 08:34:39 | 000,000,000 | ---- | C] () -- C:\Users\hp\AppData\Local\AtStart.txt
[2005/05/07 07:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

========== LOP Check ==========

[2011/02/10 07:17:15 | 000,032,596 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

ken545 · Feb 10, 2011

Hi,

You have a bunch of these entries in your OTL log, not sure what they are but when they dont Google there most times bad

You need to enable windows to Show all Files and Folders
Instructions for your Operating System HERE

C:\{2D49DAD0-6E02-4581-A1D0-3D236D680749} <-- Delete this, but leave it you recycle bin. Reboot and see if there are any problems

jstyle · Feb 12, 2011

I moved that file to the recycling bin. Should I run OTL again? Also I have many of those files under C:\ and they seem to be growing in number. Also I've started getting random poker pop ups here and there when I click a link from a site.

ken545 · Feb 12, 2011

Lets take a peek at one of those files

Download and Run SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
Code:
```
:file
C:\{C85E3D82-CFD9-4C77-9610-1D45E4AA3BE4}
```
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Scan With RootKitUnHooker

Please choose one link and download Rootkit Unhooker and save it to your desktop.
Link 1
Link 2
Link 3
Now double-click on RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan.
Check (Tick) Drivers and Stealth
Uncheck the rest. then click OK
When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
Wait till the scanner has finished and then click File > Save Report.
Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in your next reply.

Note** you may get the following warning, just click OK and continue.

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

jstyle · Feb 12, 2011

My computer started fine with the file in the recycle bin.

I ran systemlook...

SystemLook 04.09.10 by jpshortstuff
Log created at 13:06 on 12/02/2011 by hp
Administrator - Elevation successful

No Context: C:\{C85E3D82-CFD9-4C77-9610-1D45E4AA3BE4}

-= EOF =-

I ran RootKitUnhooker...

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6000
Number of processors #2
==============================================
>Drivers
==============================================
0x8E0CE000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 7544832 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 179.91 )
0x81C00000 C:\Windows\system32\ntkrnlpa.exe 3805184 bytes (Microsoft Corporation, NT Kernel & System)
0x81C00000 PnpManager 3805184 bytes
0x81C00000 RAW 3805184 bytes
0x81C00000 WMIxWDM 3805184 bytes
0x97000000 Win32k 2097152 bytes
0x97000000 C:\Windows\System32\win32k.sys 2097152 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xA30B5000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110211.033\NAVEX15.SYS 1355776 bytes (Symantec Corporation, AV Engine)
0x8DEB8000 C:\Windows\system32\DRIVERS\bcmwl6.sys 1343488 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0x876F8000 C:\Windows\System32\Drivers\Ntfs.sys 1081344 bytes (Microsoft Corporation, NT File System Driver)
0x874FC000 C:\Windows\system32\drivers\ndis.sys 1064960 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8EC3C000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
0x8E900000 C:\Windows\system32\DRIVERS\nvmfdx32.sys 1048576 bytes (NVIDIA Corporation, NVIDIA MCP Networking Function Driver.)
0x8051F000 C:\Windows\system32\CI.dll 921600 bytes (Microsoft Corporation, Code Integrity Module)
0x9AD22000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8EE35000 C:\Windows\System32\drivers\tcpip.sys 872448 bytes (Microsoft Corporation, TCP/IP Driver)
0x8EF4B000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x8F844000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110114.001\BHDrvx86.sys 704512 bytes (Symantec Corporation, BASH Driver)
0x8063D000 C:\Windows\system32\drivers\NIS\1205000.07D\SYMEFA.SYS 671744 bytes (Symantec Corporation, Symantec Extended File Attributes)
0x8B223000 C:\Windows\System32\drivers\dxgkrnl.sys 643072 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x9C4B2000 C:\Windows\system32\drivers\spsys.sys 581632 bytes (Microsoft Corporation, security processor)
0xA187B000 C:\Windows\system32\drivers\NIS\1205000.07D\SRTSP.SYS 544768 bytes (Symantec Corporation, Symantec AutoProtect)
0x804A4000 C:\Windows\system32\drivers\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)
0x87459000 C:\Windows\System32\Drivers\ksecdd.sys 434176 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x9ED97000 C:\Windows\system32\drivers\HTTP.sys 430080 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8F907000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0x8F965000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110211.002\IDSvix86.sys 372736 bytes (Symantec Corporation, IDS Core Driver)
0x8F1A8000 C:\Windows\system32\drivers\NIS\1205000.07D\SYMTDIV.SYS 360448 bytes (Symantec Corporation, Network Dispatch Driver)
0x80700000 C:\Windows\system32\drivers\NIS\1205000.07D\SYMDS.SYS 356352 bytes (Symantec Corporation, Symantec Data Store)
0x8DE2D000 C:\Windows\system32\DRIVERS\rixdptsk.sys 331776 bytes (REDC, RICOH XD SM Driver)
0x9EC2C000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)
0x99E20000 C:\Windows\System32\ATMFD.DLL 311296 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x8040D000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8F127000 C:\Windows\system32\drivers\afd.sys 290816 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x8022A000 C:\Windows\system32\drivers\acpi.sys 274432 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80788000 C:\Windows\system32\DRIVERS\storport.sys 262144 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8ED3F000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 253952 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0x8B433000 C:\Windows\system32\DRIVERS\USBPORT.SYS 249856 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8027A000 C:\Windows\system32\CLFS.SYS 241664 bytes (Microsoft Corporation, Common Log File System Driver)
0x8F030000 C:\Windows\system32\DRIVERS\rdbss.sys 241664 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x9ECB3000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x874C3000 C:\Windows\system32\drivers\NETIO.SYS 233472 bytes (Microsoft Corporation, Network I/O Subsystem)
0x87423000 C:\Windows\system32\drivers\volsnap.sys 221184 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x81FA1000 ACPI_HAL 212992 bytes
0x81FA1000 C:\Windows\system32\hal.dll 212992 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8E862000 C:\Windows\system32\DRIVERS\usbhub.sys 212992 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x8F0F5000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8EDCF000 C:\Windows\system32\drivers\CHDRT32.sys 200704 bytes (Conexant Systems Inc., High Definition Audio Function Driver)
0x80757000 C:\Windows\system32\drivers\fltmgr.sys 200704 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8E09E000 C:\Windows\system32\DRIVERS\SynTP.sys 196608 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0xA180D000 C:\Windows\System32\Drivers\RDPWD.SYS 188416 bytes (Microsoft Corporation, RDP Terminal Stack Driver)
0x8EDA2000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8E073000 C:\Windows\system32\DRIVERS\msiscsi.sys 176128 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x80609000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x9C9BB000 C:\Windows\system32\DRIVERS\nwifi.sys 176128 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x8E8D6000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x8F182000 C:\Windows\system32\Drivers\SYMEVENT.SYS 155648 bytes (Symantec Corporation, Symantec Event Library)
0x8ED7D000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x876D3000 C:\Windows\System32\drivers\ecache.sys 151552 bytes (Microsoft Corporation, Special Memory Device Cache)
0x8047F000 C:\Windows\system32\drivers\pci.sys 151552 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8F09A000 C:\Windows\system32\drivers\NIS\1205000.07D\Ironx86.SYS 147456 bytes (Symantec Corporation, Iron Driver)
0x9EC7D000 C:\Windows\System32\DRIVERS\srv2.sys 147456 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8E039000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8F06B000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x876A1000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8EC1B000 C:\Windows\System32\Drivers\usbvideo.sys 135168 bytes (Microsoft Corporation, USB Video Class Driver)
0x8EF2A000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x9ED0A000 C:\Windows\system32\drivers\mrxdav.sys 131072 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x807E2000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x9ECEC000 C:\Windows\system32\DRIVERS\mrxsmb.sys 122880 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8F013000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0x99705000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x9E20C000 C:\Windows\System32\DRIVERS\srvnet.sys 110592 bytes (Microsoft Corporation, Server Network driver)
0x89C3C000 C:\Windows\System32\Drivers\dump_nvstor32.sys 106496 bytes
0x807C8000 C:\Windows\system32\DRIVERS\nvstor32.sys 106496 bytes (NVIDIA Corporation, NVIDIA® nForce(TM) Sata Performance Driver)
0x9ED3E000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8EE1C000 C:\Windows\System32\drivers\fwpkclnt.sys 102400 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8B41B000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x8DEA0000 C:\Windows\system32\DRIVERS\sdbus.sys 98304 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0x8F8F0000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Client MUP Surrogate Driver)
0x8E05C000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8E80B000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xABB2A000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8F0DF000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8EE07000 C:\Windows\system32\DRIVERS\tdx.sys 86016 bytes (Microsoft Corporation, TDI Translation Driver)
0x9ED2A000 C:\Windows\System32\drivers\mpsdrv.sys 81920 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x9B00C000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110211.033\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
0x8DE7E000 C:\Windows\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0x8F16E000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8DE08000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x8E026000 C:\Windows\system32\DRIVERS\raspptp.sys 77824 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x9C9A8000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8F0BE000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8DE1B000 C:\Windows\system32\DRIVERS\HDAudBus.sys 73728 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x9ECA1000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 73728 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x876C2000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x806F0000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x89D20000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x99400000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x80465000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x89D60000 C:\Windows\System32\Drivers\NDProxy.SYS 65536 bytes (Microsoft Corporation, NDIS Proxy)
0x89D30000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8B5B5000 C:\Windows\system32\DRIVERS\amdk8.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x806E1000 C:\Windows\system32\DRIVERS\Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0x880E8000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x87405000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x87414000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8B5C4000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8B5D3000 C:\Windows\system32\DRIVERS\termdd.sys 61440 bytes (Microsoft Corporation, Terminal Server Driver)
0x8020A000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8B40D000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x99E10000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8F0D1000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8EC01000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x80457000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8DE92000 C:\Windows\system32\DRIVERS\rimmptsk.sys 57344 bytes (REDC, RICOH MMC Driver)
0x8B208000 C:\Windows\system32\DRIVERS\usbehci.sys 57344 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8FF4A000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8E009000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8B400000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8B216000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x8026D000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x9C880000 C:\Windows\System32\DRIVERS\tssecsrv.sys 49152 bytes (Microsoft Corporation, TS Security Filter Driver)
0x8EC0F000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8B35B000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8B366000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8B392000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8B37C000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8B39D000 C:\Windows\system32\drivers\NIS\1205000.07D\SRTSPX.SYS 45056 bytes (Symantec Corporation, Symantec AutoProtect)
0x8841E000 C:\Windows\System32\drivers\tcpipreg.sys 45056 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8B371000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8B3A8000 C:\Windows\system32\drivers\tdtcp.sys 45056 bytes (Microsoft Corporation, TCP Transport Driver)
0x8B350000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x80475000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x8B48E000 C:\Windows\System32\Drivers\dump_diskdump.sys 40960 bytes
0x8B498000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8B470000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8B4F2000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8B47A000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x8B4E8000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x89C32000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0x8B2C0000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x87698000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8B2E4000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8B2C9000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x880F7000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x802BD000 C:\Windows\system32\PSHED.dll 36864 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x80634000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x8B2F6000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x99E00000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8B2D2000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8B2DB000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x80221000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x80405000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x802B5000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x802C6000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x88068000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x80219000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x88038000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x88080000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x88000000 C:\Windows\system32\DRIVERS\SMARTMouseFilterx86.sys 32768 bytes (SMART Technologies ULC, Mouse Upper Filter Driver)
0x80601000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x95EB0000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x8847D000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x88453000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x88476000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x80200000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x89CA0000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x89CAC000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0x89C84000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x9F294000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x89C9C000 C:\Windows\system32\DRIVERS\SMARTVTabletPCx86.sys 16384 bytes (SMART Technologies ULC, Driver for SMART Virtual TabletPC HID Device)
0x80207000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x88501000 C:\Windows\system32\DRIVERS\cpqbttn.sys 12288 bytes (Hewlett-Packard Company, HP Tablet PC Key Button HID Driver)
0x8851F000 C:\Windows\system32\DRIVERS\nvsmu.sys 12288 bytes (NVIDIA Corporation, NVIDIA® nForce(TM) SMU Microcontroller Driver)
0x88519000 C:\Windows\system32\DRIVERS\SMARTVHidMini2000x86.sys 12288 bytes (SMART Technologies ULC, Driver for SMART HID Device)
0x88545000 C:\Windows\system32\DRIVERS\eabfiltr.sys 8192 bytes (Hewlett-Packard Development Company, L.P., QLB PS/2 Keyboard filter driver)
0x8853D000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8853B000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x009E0000 Hidden Image-->HP.ActiveSupportLibrary.dll [ EPROCESS 0x83D54B20 ] PID: 4800, 110592 bytes

ken545 · Feb 12, 2011

Not sure that those entries are about that System Look couldn't find. But I am checking into them

You need to enable windows to show all files and folders, instructions Here

Go to VirusTotal and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see. If the site says this file has been checked before, have them check it again

C:\{40C46778-E717-42C0-A28B-681C50168DB0}

If the site is busy you can try this one
http://virusscan.jotti.org/en

jstyle · Feb 13, 2011

I have my windows files showing...is there something you aren't seeing?

jotti.org

'found nothing' with that file

for virus total I am currently #155

jstyle · Feb 13, 2011

AhnLab-V3 2011.02.06.00 2011.02.06 -
AntiVir 7.11.3.53 2011.02.13 -
Antiy-AVL 2.0.3.7 2011.02.13 -
Avast 4.8.1351.0 2011.02.13 -
Avast5 5.0.677.0 2011.02.13 -
AVG 10.0.0.1190 2011.02.13 -
BitDefender 7.2 2011.02.13 -
CAT-QuickHeal 11.00 2011.02.13 -
ClamAV 0.96.4.0 2011.02.13 -
Commtouch 5.2.11.5 2011.02.12 -
Comodo 7676 2011.02.13 -
DrWeb 5.0.2.03300 2011.02.13 -
Emsisoft 5.1.0.2 2011.02.13 -
eSafe 7.0.17.0 2011.02.13 -
eTrust-Vet 36.1.8154 2011.02.11 -
F-Prot 4.6.2.117 2011.02.04 -
F-Secure 9.0.16160.0 2011.02.13 -
Fortinet 4.2.254.0 2011.02.13 -
GData 21 2011.02.13 -
Ikarus T3.1.1.97.0 2011.02.13 -
Jiangmin 13.0.900 2011.02.13 -
K7AntiVirus 9.83.3839 2011.02.13 -
Kaspersky 7.0.0.125 2011.02.13 -
McAfee 5.400.0.1158 2011.02.13 -
McAfee-GW-Edition 2010.1C 2011.02.13 -
Microsoft 1.6502 2011.02.13 -
NOD32 5871 2011.02.13 -
Norman 6.07.03 None.. -
nProtect 2011-01-27.01 2011.02.02 -
Panda 10.0.3.5 2011.02.13 -
PCTools 7.0.3.5 2011.02.13 -
Prevx 3.0 2011.02.13 -
Rising 23.44.06.06 2011.02.13 -
Sophos 4.61.0 2011.02.13 -
SUPERAntiSpyware 4.40.0.1006 2011.02.13 -
Symantec 20101.3.0.103 2011.02.13 -
TheHacker 6.7.0.1.130 2011.02.13 -
TrendMicro 9.200.0.1012 2011.02.13 -
TrendMicro-HouseCall 9.200.0.1012 2011.02.13 -
VBA32 3.12.14.3 2011.02.11 -
VIPRE 8408 2011.02.13 -
ViRobot 2011.2.12.4307 2011.02.13 -
VirusBuster 13.6.198.0 2011.02.13 -

Additional Info

MD5 : 9bca06ed5456f7bfd5705996d67aad66
SHA1 : a2f013aed6d5438f0ac4ab0f7edad40290338aa1
SHA256: 82ea406be2ac84f8daca8f0e1843f298f7f0173ac637cd54852c9582aa580c25
ssdeep: 48:6lqXkDorWBZXB10+GcDjs5sVDuHk/DtRXCFshNeWxBC7IxrQxT+yeB:KqXkDoqO+GI4sV9/D
txCyZxBC0xrxyU
File size : 2288 bytes
First seen: 2011-02-13 19:42:10
Last seen : 2011-02-13 19:42:10
TrID:
Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

ken545 · Feb 13, 2011

Looks like those entries are ok but I really don't know what there related to

How are things running now ?

Malware for sure

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member

New member

Emeritus-Security Expert