Need Help with System Tool

L

LPlines

New member
Before I begin, please be patient with me as I am not too computer savvy. My computer somehow got System Tool in late 2010, however I used system restore at that time to go back and didn't have any problems again until March 2011. I don't know if System Tool was still hiding in my computer since 2010 despite the system restore or if it came back when another user of my computer downloaded some programs two weeks ago. Since I noticed System Tool a few days ago, I tried once again to use system restore, however it would not go back far enough to before the new downloads. So the computer was ok for about two days and then System Tool popped back up and here I am forced to start the computer up in safe mode. Today I downloaded Spybot, Hijackthis, and Malwarebytes. I ran them all, and used spybot and malwarebytes to "fix" some of the problems, however have not used hijackthis to fix anything yet. I also ran erunt as your forum requested. Here is my DDS:.
DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
Run by Larry at 14:23:10.62 on Mon 03/07/2011
Internet Explorer: 8.0.6001.19019
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1012.337 [GMT -8:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Larry\Desktop\OTL.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Larry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2JZ1FSI4\dds[1].scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.att.net
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=desktop
uSearch Page =
uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80016
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - c:\program files\consumer input\dca-bho.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: @c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dll
TB: {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:\progra~1\inboxt~1\Inbox.dll
TB: {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: MyPoints Point Finder: {89a2510a-b4b6-4683-bec9-1b96700bc7f1} - c:\program files\mypoints point finder\Toolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [PPWebCap] c:\program files\scansoft\paperport\PPWebCap.exe
uRun: [lphc78sj0ej1h] c:\windows\system32\lphc78sj0ej1h.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [ATT-SST] c:\program files\att-sst\mccibrowser.exe -appkey=att-sst -url=file://c:\program files\att-sst\ocb\4f166975-fb23-45c3-9f1f-a45824649e35\Start.htm?VendorID=ATT-SST,isHidden=false,ConnectivityRequired=true,flowId=HOMEPAGE,FlowParams=
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRunOnce: [SpybotDeletingB9396] command.com /c del "c:\program files\free offers from freeze.com\dolphinico.ico"
uRunOnce: [SpybotDeletingD8206] cmd.exe /c del "c:\program files\free offers from freeze.com\dolphinico.ico"
uRunOnce: [SpybotDeletingB251] command.com /c del "c:\program files\free offers from freeze.com\wfallsaw.ico"
uRunOnce: [SpybotDeletingD5128] cmd.exe /c del "c:\program files\free offers from freeze.com\wfallsaw.ico"
uRunOnce: [SpybotDeletingB6297] command.com /c del "c:\windows\BMUpdate.ini"
uRunOnce: [SpybotDeletingD808] cmd.exe /c del "c:\windows\BMUpdate.ini"
uRunOnce: [SpybotDeletingB8315] command.com /c del "c:\program files\free offers from freeze.com\dolphinico.ico"
uRunOnce: [SpybotDeletingD105] cmd.exe /c del "c:\program files\free offers from freeze.com\dolphinico.ico"
uRunOnce: [SpybotDeletingB5469] command.com /c del "c:\program files\free offers from freeze.com\wfallsaw.ico"
uRunOnce: [SpybotDeletingD9285] cmd.exe /c del "c:\program files\free offers from freeze.com\wfallsaw.ico"
uRunOnce: [SpybotDeletingB6858] command.com /c del "c:\windows\BMUpdate.ini"
uRunOnce: [SpybotDeletingD671] cmd.exe /c del "c:\windows\BMUpdate.ini"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [<NO NAME>]
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [lphc78sj0ej1h] c:\windows\system32\lphc78sj0ej1h.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
mRun: [ISW.exe] "c:\program files\at&t\internet security wizard\ISW.exe" /AUTORUN
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [TVEService] "c:\program files\cyberlink\tv enhance\TVEService.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\users\larry\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wincin~1.lnk - c:\program files\sandisk\common\bin\WinCinemaMgr.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wpn111\wpn111.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\remote~1.lnk - c:\program files\indtube\utility\remotetool\inDtube.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: motive.com\patttbc.att
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} -
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-15 136176]
S2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\cyberlink\tv enhance\kernel\tv\TVECapSvc.exe [2010-1-29 344159]
S2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\cyberlink\tv enhance\kernel\tv\TVESched.exe [2010-1-29 118877]
S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2008-1-20 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2008-1-20 251904]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [2008-7-7 362944]
.
=============== Created Last 30 ================
.
2011-03-07 17:35:22 -------- d-----w- c:\users\larry\appdata\roaming\Malwarebytes
2011-03-07 17:33:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-07 17:33:18 -------- d-----w- c:\progra~2\Malwarebytes
2011-03-07 17:33:15 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-07 17:33:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-07 17:17:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-07 17:17:43 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-03-07 16:53:38 -------- d-----w- c:\progra~2\jHaJlMl06300
2011-03-05 16:54:59 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-03-05 16:50:43 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2011-03-05 16:50:42 40448 ----a-w- c:\windows\system32\winrs.exe
2011-03-05 16:50:42 20480 ----a-w- c:\windows\system32\winrshost.exe
2011-03-05 16:50:32 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
2011-03-05 16:50:32 10240 ----a-w- c:\windows\system32\winrssrv.dll
2011-03-05 16:50:22 81408 ----a-w- c:\windows\system32\wevtfwd.dll
2011-03-05 16:50:22 79872 ----a-w- c:\windows\system32\wecutil.exe
2011-03-05 16:50:22 56320 ----a-w- c:\windows\system32\wecapi.dll
2011-03-05 16:50:22 54272 ----a-w- c:\windows\system32\WsmRes.dll
2011-03-05 16:50:22 41472 ----a-w- c:\windows\system32\pwrshplugin.dll
2011-03-05 16:50:22 146944 ----a-w- c:\windows\system32\wecsvc.dll
2011-03-05 16:49:49 201184 ----a-w- c:\windows\system32\winrm.vbs
2011-03-05 16:49:44 145408 ----a-w- c:\windows\system32\WsmAuto.dll
2011-03-05 16:49:43 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2011-03-05 16:49:43 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2011-03-05 16:49:43 241152 ----a-w- c:\windows\system32\winrscmd.dll
2011-03-05 16:49:43 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2011-03-05 16:49:42 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
2011-03-04 20:26:55 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{7ce7d421-6bdc-487b-8987-b44ba3215988}\mpengine.dll
2011-03-04 18:21:05 -------- d-----w- c:\progra~2\lFnDdMo06300
2011-02-23 18:38:37 -------- d-----w- c:\users\larry\appdata\local\HP
2011-02-22 20:46:04 -------- d-----w- c:\progra~2\WEBREG
2011-02-22 20:31:35 -------- d-----w- c:\program files\common files\Hewlett-Packard
2011-02-22 19:49:09 897024 ----a-w- c:\windows\system32\SET3887.tmp
2011-02-22 19:49:09 675840 ----a-w- c:\windows\system32\SET2F70.tmp
2011-02-22 19:49:09 303104 ----a-w- c:\windows\system32\hpovst01.dll
2011-02-22 19:49:09 258048 ----a-w- c:\windows\system32\hpzids01.dll
2011-02-06 19:14:14 -------- d-----w- c:\users\larry\appdata\local\IsolatedStorage
.
==================== Find3M ====================
.
2011-02-03 01:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:57:01 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-18 06:27:04 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-18 06:22:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 06:22:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-18 06:22:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-12-18 06:22:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-12-18 05:25:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-18 04:48:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-12-18 04:47:11 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-14 14:49:23 1169408 ----a-w- c:\windows\system32\sdclt.exe
.
============= FINISH: 14:25:09.90 ===============

Also, here is the Attach. txt
 
:snwelcome:


Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

I am still seeing some malware on your system

With Vista, when running these programs you need to Right Click on the program and select RUN AS ADMINISTRATOR

Please download ATF Cleaner by Atribune to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.





Please download Malwarebytes from Here or Here

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
    MBAMCapture.jpg
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
 
Here is the Malwarebytes log...yesterday when I scanned the computer with malwarebytes I was using a different user account (in safe mode) that hadn't been attacked by System Tool yet , today when I scanned and produced this log I was under my own user account which had been attacked by System Tools on the same computer.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5981

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.19019

3/8/2011 9:02:13 AM
mbam-log-2011-03-08 (09-02-13).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 381881
Time elapsed: 1 hour(s), 30 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{8BCB5337-EC01-4E38-840C-A964F174255B} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEBF} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEC0} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A7C84E2-E95C-43C6-8DD3-03ABCD0EB60E} (Adware.SmartShopper) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\jHaJlMl06300 (Rogue.SystemTool.M) -> Value: jHaJlMl06300 -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\jhajlml06300\jhajlml06300.exe (Rogue.SystemTool.M) -> Quarantined and deleted successfully.
 
Hi,

Reboot your computer and lets run a couple of programs, the first will check for a Rootkit and the second will give a more indepth look at your system.

With Vista you need to right click on the program and select RUN AS ADMINISTRATOR


Scan With RootKitUnHooker

  • Please choose one link and download Rootkit Unhooker and save it to your desktop.
    Link 1
    Link 2
    Link 3
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers and Stealth
  • Uncheck the rest. then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished and then click File > Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of the report and paste it in your next reply.

Note** you may get the following warning, just click OK and continue.

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"






OTL by OldTimer
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Click the "Scan All Users" checkbox.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
 
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8A200000 C:\Windows\system32\DRIVERS\igdkmd32.sys 7065600 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x8244C000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
0x8244C000 PnpManager 3907584 bytes
0x8244C000 RAW 3907584 bytes
0x8244C000 WMIxWDM 3907584 bytes
0x8B60C000 C:\Windows\system32\drivers\RTKVHDA.sys 2150400 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0x92870000 Win32k 2109440 bytes
0x92870000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8660A000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x82A7C000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8B003000 C:\Windows\system32\DRIVERS\HSX_DP.sys 1056768 bytes (Conexant Systems, Inc., HSF_DP driver)
0x86402000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x804D2000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xA8801000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8B105000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x922DF000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8A8BD000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8A969000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x9220C000 C:\Windows\system32\DRIVERS\emBDA.sys 536576 bytes (eMPIA Technology, Inc., USB 28xx BDA Driver)
0x8060F000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x82A0B000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x80408000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0xA6C0A000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xA6D7B000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x8658A000 C:\Windows\system32\DRIVERS\HSXHWBS2.sys 311296 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0x80734000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8B90B000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80698000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80491000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8B23A000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8653D000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8B9BC000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x82BB2000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0xA6D02000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8671A000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8B32C000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x82419000 ACPI_HAL 208896 bytes
0x82419000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x807C9000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8B953000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8B20B000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8B819000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x82B87000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x865D6000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x923C1000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0xA6D53000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8676A000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x806EF000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8B846000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8B2A8000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x867A2000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0xA6CC2000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8B88E000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xA6CE3000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x807AB000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x92393000 C:\Windows\system32\DRIVERS\irda.sys 122880 bytes (Microsoft Corporation, IRDA Protocol Driver)
0xA6C77000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x86516000 C:\Windows\system32\DRIVERS\Rtlh86.sys 114688 bytes (Realtek Corporation , Realtek 8101E/8168/8169 NDIS6 32-bit Driver )
0x864EC000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x922C4000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0xA6C94000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x805C2000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xA6D3B000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8B372000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8B286000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xA88FF000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8B985000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8B8E1000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0xA6CAD000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8B2EE000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8B2DA000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8B8F7000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8B1C7000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x8B3AB000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8B9A9000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x86791000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8B361000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80478000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x805B2000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x923B1000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x80793000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8B303000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x86507000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x9229E000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8675B000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x80716000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8B2CB000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8657B000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x80725000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x92AB0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8B99B000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8B8CA000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x80785000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8B389000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8B1BA000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8B31F000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x922B7000 C:\Windows\system32\DRIVERS\usbscan.sys 53248 bytes (Microsoft Corporation, USB Scanner Driver)
0x8068B000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xA88E9000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8B882000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8A95D000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x8B396000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x8B1E5000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8B1DA000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8B8BF000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8B29D000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8B27B000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x867EC000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x86532000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x92294000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8B3A1000 C:\Windows\system32\DRIVERS\emOEM.sys 40960 bytes (eMPIA Technology, Inc., USB 28xx BDA Lower filter)
0x8B315000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x923EB000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8B600000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xA88DF000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x922AD000 C:\Windows\system32\DRIVERS\usbprint.sys 40960 bytes (Microsoft Corporation, USB Printer driver)
0x867C3000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8B86B000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0xA8917000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x8B8D8000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x92A90000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x867F7000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x806DE000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8B1F0000 C:\Windows\system32\drivers\Afc.sys 32768 bytes (Arcsoft, Inc., Arcsoft(R) ASPI Shell)
0x807A3000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x80489000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8B9F8000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes
0x806E7000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8B8AF000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8B8B7000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x86753000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0xA88F5000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x8B87B000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8077E000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x80401000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x8B874000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8A9F6000 C:\Windows\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x9238F000 C:\Windows\system32\DRIVERS\AegisP.sys 16384 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xA6DC9000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x9228F000 C:\Windows\system32\DRIVERS\BdaSup.SYS 12288 bytes (Microsoft Corporation, Microsoft BDA Driver Support Library)
0x8B1F8000 C:\Windows\system32\drivers\iviaspi.sys 12288 bytes (InterVideo, Inc., InterVideo ASPI Shell)
0xA8915000 C:\Windows\system32\drivers\MSPQM.sys 8192 bytes (Microsoft Corporation, MS Proxy Quality Manager)
0x8B313000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x92292000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x06640000 Hidden Image-->Intuit.Spc.Map.WindowsFirewallUtilities.dll [ EPROCESS 0x84323428 ] PID: 5744, 1077248 bytes
0x059D0000 Hidden Image-->Intuit.Spc.Oip.Messaging.Client.Core.dll [ EPROCESS 0x84323428 ] PID: 5744, 126976 bytes
0x06D80000 Hidden Image-->Intuit.Spc.Oip.Messaging.Client.Protocol.dll [ EPROCESS 0x84323428 ] PID: 5744, 233472 bytes
0x06B10000 Hidden Image-->log4net.dll [ EPROCESS 0x84323428 ] PID: 5744, 282624 bytes
0x06DF0000 Hidden Image-->BackgroundCopyManager.dll [ EPROCESS 0x84323428 ] PID: 5744, 28672 bytes
0x03E10000 Hidden Image-->Intuit.Spc.Foundations.Portability.dll [ EPROCESS 0x84323428 ] PID: 5744, 471040 bytes
0x05390000 Hidden Image-->Intuit.Spc.Map.Reporter.dll [ EPROCESS 0x84323428 ] PID: 5744, 479232 bytes
0x031C0000 Hidden Image-->Intuit.Spc.Foundations.Primary.Logging.dll [ EPROCESS 0x84323428 ] PID: 5744, 53248 bytes
0x04CE0000 Hidden Image-->Intuit.Spc.Oip.Messaging.Client.ExternalApi.dll [ EPROCESS 0x84323428 ] PID: 5744, 69632 bytes
0x03EC0000 Hidden Image-->Intuit.Spc.Foundations.Primary.ExceptionHandling.dll [ EPROCESS 0x84323428 ] PID: 5744, 77824 bytes
0x04990000 Hidden Image-->System.Data.SQLite.DLL [ EPROCESS 0x84323428 ] PID: 5744, 778240 bytes
0x03EE0000 Hidden Image-->Intuit.Spc.Foundations.Primary.Config.dll [ EPROCESS 0x84323428 ] PID: 5744, 86016 bytes
0x06F60000 Hidden Image-->System.Data.SQLite.DLL [ EPROCESS 0x84323428 ] PID: 5744, 872448 bytes
 
OTL logfile created on: 3/9/2011 8:31:37 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Lauren & Sineca\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,012.00 Mb Total Physical Memory | 325.00 Mb Available Physical Memory | 32.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 52.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.92 Gb Total Space | 47.59 Gb Free Space | 16.47% Space Free | Partition Type: NTFS
Drive D: | 9.17 Gb Total Space | 1.12 Gb Free Space | 12.19% Space Free | Partition Type: NTFS

Computer Name: LARRY-PC | User Name: Lauren & Sineca | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Lauren & Sineca\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Windows\System32\consent.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\ATT-SST\McciTrayApp.exe (Alcatel-Lucent)
PRC - C:\Program Files\Consumer Input\dca-ua.exe (Compete, Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\inDtube\Utility\RemoteTool\inDtube.exe ()
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe ()
PRC - C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe ()
PRC - C:\Program Files\CyberLink\TV Enhance\TVEService.exe (CyberLink Corp.)
PRC - C:\Program Files\AT&T\Internet Security Wizard\ISW.exe (AT&T)
PRC - C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc.)
PRC - C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
PRC - C:\Program Files\ScanSoft\PaperPort\PPWEBCAP.EXE (Scansoft Inc.)
PRC - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
PRC - C:\Program Files\Microsoft Office\Office\OSA.EXE ()


========== Modules (SafeList) ==========

MOD - C:\Users\Lauren & Sineca\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TVECapSvc) TVEnhance Background Capture Service (TBCS) -- C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe ()
SRV - (TVESched) TVEnhance Task Scheduler (TTS)) -- C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe ()


========== Driver Services (SafeList) ==========

DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (JL2005C) -- C:\Windows\System32\drivers\jl2005c.sys (Windows (R) 2000 DDK provider)
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\Windows\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (USB28xxOEM) -- C:\Windows\System32\drivers\emOEM.sys (eMPIA Technology, Inc.)
DRV - (USB28xxBGA) -- C:\Windows\System32\drivers\emBDA.sys (eMPIA Technology, Inc.)
DRV - (irsir) -- C:\Windows\System32\drivers\irsir.sys (Microsoft Corporation)
DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (mr7910) -- C:\Windows\System32\drivers\mr7910.sys (Mars Semiconductor Corp.)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (WPN111) -- C:\Windows\System32\drivers\WPN111.sys (NETGEAR, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80016
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1560622230-470757469-4093761788-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=desktop
IE - HKU\S-1-5-21-1560622230-470757469-4093761788-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1560622230-470757469-4093761788-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1560622230-470757469-4093761788-1001\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1560622230-470757469-4093761788-1001\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1560622230-470757469-4093761788-1001\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1560622230-470757469-4093761788-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1560622230-470757469-4093761788-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/12/11 10:24:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/12/11 10:24:12 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 13:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Consumer Input\dca-bho.dll (Compete, Inc.)
O3 - HKU\S-1-5-21-1560622230-470757469-4093761788-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - File not found
O3 - HKU\S-1-5-21-1560622230-470757469-4093761788-1001\..\Toolbar\WebBrowser: (MyPoints Point Finder) - {89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - File not found
O3 - HKU\S-1-5-21-1560622230-470757469-4093761788-1001\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [ISW.exe] C:\Program Files\AT&T\Internet Security Wizard\ISW.exe (AT&T)
O4 - HKLM..\Run: [lphc78sj0ej1h] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] File not found
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [TVEService] C:\Program Files\CyberLink\TV Enhance\TVEService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1560622230-470757469-4093761788-1001..\Run: [Aim6] File not found
O4 - HKU\S-1-5-21-1560622230-470757469-4093761788-1001..\Run: [Consumer Input Update] C:\Program Files\Consumer Input\dca-ua.exe (Compete, Inc.)
O4 - HKU\S-1-5-21-1560622230-470757469-4093761788-1001..\Run: [CSmileys] File not found
O4 - HKU\S-1-5-21-1560622230-470757469-4093761788-1001..\Run: [DW6] File not found
O4 - HKU\S-1-5-21-1560622230-470757469-4093761788-1001..\Run: [Exetender] File not found
O4 - HKU\S-1-5-21-1560622230-470757469-4093761788-1001..\Run: [lphc78sj0ej1h] File not found
O4 - HKU\S-1-5-21-1560622230-470757469-4093761788-1001..\Run: [PPWebCap] C:\Program Files\ScanSoft\PaperPort\PPWEBCAP.EXE (Scansoft Inc.)
O4 - HKU\S-1-5-21-1560622230-470757469-4093761788-1001..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Larry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-21-1560622230-470757469-4093761788-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-21-1560622230-470757469-4093761788-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-1560622230-470757469-4093761788-1001\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites)
O15 - HKU\S-1-5-21-1560622230-470757469-4093761788-1001\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Lauren & Sineca\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Lauren & Sineca\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/21 07:56:44 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/09 08:20:40 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Lauren & Sineca\Desktop\OTL.exe
[2011/03/08 07:29:15 | 000,000,000 | ---D | C] -- C:\Users\Lauren & Sineca\AppData\Roaming\Malwarebytes
[2011/03/07 14:22:04 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/03/07 14:21:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/03/07 14:21:40 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/03/07 09:33:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/03/07 09:33:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/07 09:33:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/03/07 09:33:15 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/03/07 09:33:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/07 09:17:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/03/07 09:17:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/03/07 09:17:43 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/03/07 08:53:38 | 000,000,000 | ---D | C] -- C:\ProgramData\jHaJlMl06300
[2011/03/05 09:04:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/03/05 08:54:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011/03/05 08:50:43 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011/03/05 08:50:42 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011/03/05 08:50:42 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011/03/05 08:50:32 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011/03/05 08:50:32 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011/03/05 08:50:22 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011/03/05 08:50:22 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011/03/05 08:50:22 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011/03/05 08:50:22 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011/03/05 08:50:22 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011/03/05 08:49:44 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011/03/05 08:49:43 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011/03/05 08:49:43 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011/03/05 08:49:43 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011/03/05 08:49:43 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011/03/04 10:21:05 | 000,000,000 | ---D | C] -- C:\ProgramData\lFnDdMo06300
[2011/02/23 08:37:31 | 000,000,000 | ---D | C] -- C:\Users\Lauren & Sineca\AppData\Roaming\HP
[2011/02/22 12:46:04 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2011/02/22 12:31:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2011/02/22 11:49:09 | 000,303,104 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpovst01.dll
[2011/02/22 11:49:09 | 000,258,048 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpzids01.dll
[2011/02/09 15:39:36 | 002,039,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/02/09 15:39:33 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/02/09 15:39:33 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/02/09 15:39:23 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/02/09 15:39:23 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/02/09 15:39:22 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011/02/09 15:39:22 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011/02/09 15:39:22 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/02/09 15:39:22 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/02/09 15:39:22 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011/02/09 15:39:22 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/02/09 15:39:22 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/02/09 15:39:21 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011/02/09 15:39:21 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011/02/09 15:39:21 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/02/09 15:39:20 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/02/09 15:39:20 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011/02/09 15:39:20 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/02/09 15:39:19 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011/02/09 15:39:19 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/02/09 15:39:19 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011/02/09 15:39:19 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011/02/09 15:39:19 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011/02/09 15:39:19 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/02/09 15:39:18 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011/02/09 15:39:18 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/02/09 15:39:17 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/02/09 15:37:52 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/02/09 15:37:52 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/02/09 15:37:52 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/02/09 15:37:51 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/02/09 15:37:51 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/02/09 15:37:51 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/02/09 15:37:51 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/02/09 15:37:51 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/02/09 15:37:51 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/02/09 15:37:51 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/02/09 15:37:50 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/02/09 15:37:50 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/02/09 15:37:50 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/02/09 15:37:50 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/02/09 15:37:50 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/02/09 15:37:50 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/02/09 15:37:49 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/02/09 15:37:36 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/02/09 15:37:35 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/09 08:34:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/09 08:32:35 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EEF8D868-263D-407E-B401-21B46E05761C}.job
[2011/03/09 08:30:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{AA3C5D03-265C-4D2F-9F97-272B964147BB}.job
[2011/03/09 08:20:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Lauren & Sineca\Desktop\OTL.exe
[2011/03/09 07:16:08 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/09 07:15:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/09 07:15:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/09 07:15:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/09 07:15:13 | 1062,395,904 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/08 18:00:00 | 000,000,442 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2011/03/08 07:11:48 | 000,027,648 | ---- | M] () -- C:\Windows\System32\umstartup.etl
[2011/03/07 15:43:32 | 000,000,680 | ---- | M] () -- C:\Users\Lauren & Sineca\Desktop\ERUNT.lnk
[2011/03/07 12:05:09 | 000,000,447 | ---- | M] () -- C:\Windows\wininit.ini
[2011/03/07 09:33:19 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/06 10:52:13 | 000,033,280 | ---- | M] () -- C:\Users\Lauren & Sineca\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/04 11:40:46 | 000,001,978 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/02/22 12:46:55 | 000,148,952 | ---- | M] () -- C:\Windows\hpoins19.dat
[2011/02/21 16:34:18 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/21 16:34:18 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/10 09:25:24 | 000,372,504 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/08 09:03:21 | 1062,395,904 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/07 15:43:32 | 000,000,680 | ---- | C] () -- C:\Users\Lauren & Sineca\Desktop\ERUNT.lnk
[2011/03/07 10:25:21 | 000,000,447 | ---- | C] () -- C:\Windows\wininit.ini
[2011/03/07 09:33:19 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/05 08:49:49 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/03/05 08:49:49 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/03/05 08:49:49 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/02/22 12:36:43 | 000,000,855 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2011/02/22 12:32:05 | 000,001,978 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/02/22 11:49:29 | 000,148,952 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011/02/22 11:49:07 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2010/11/04 16:22:58 | 000,113,933 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2010/11/04 16:22:57 | 000,097,549 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2010/11/03 14:56:40 | 009,079,808 | ---- | C] () -- C:\Windows\System32\alltoall.exe
[2010/08/09 15:39:19 | 000,000,070 | ---- | C] () -- C:\Users\Lauren & Sineca\AppData\Roaming\wklnhst.dat
[2010/06/14 08:12:17 | 000,000,680 | ---- | C] () -- C:\Users\Lauren & Sineca\AppData\Local\d3d9caps.dat
[2010/06/11 13:08:59 | 000,000,552 | ---- | C] () -- C:\Users\Lauren & Sineca\AppData\Local\d3d8caps.dat
[2010/05/13 07:50:18 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/04/08 13:33:27 | 079,471,648 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.dat
[2010/02/12 11:36:38 | 000,306,688 | ---- | C] () -- C:\Windows\System32\LFFPX7.DLL
[2010/02/12 11:36:38 | 000,302,592 | ---- | C] () -- C:\Windows\System32\pgp.dll
[2010/02/12 11:36:38 | 000,095,232 | ---- | C] () -- C:\Windows\System32\LFKODAK.DLL
[2010/02/12 11:36:38 | 000,093,184 | ---- | C] () -- C:\Windows\System32\keydb.dll
[2010/02/12 11:36:38 | 000,070,656 | ---- | C] () -- C:\Windows\System32\simple.dll
[2010/02/12 11:36:38 | 000,065,024 | ---- | C] () -- C:\Windows\System32\bn.dll
[2009/12/19 13:52:29 | 000,000,068 | ---- | C] () -- C:\Windows\C4WREL7.INI
[2009/12/19 13:51:27 | 000,032,256 | ---- | C] () -- C:\Windows\System32\lng32mai.dll
[2009/12/19 13:51:27 | 000,016,384 | ---- | C] () -- C:\Windows\System32\REGMOD.DLL
[2009/12/19 13:51:26 | 003,288,064 | ---- | C] () -- C:\Windows\System32\C4WSA32.DLL
[2009/12/19 13:51:26 | 000,311,808 | ---- | C] () -- C:\Windows\System32\C4WTIL32.DLL
[2009/12/19 13:51:26 | 000,139,776 | ---- | C] () -- C:\Windows\System32\C4WICN32.DLL
[2009/12/19 13:51:26 | 000,061,952 | ---- | C] () -- C:\Windows\System32\C4WRES32.DLL
[2009/12/19 13:51:26 | 000,051,200 | ---- | C] () -- C:\Windows\System32\DWSW32.DLL
[2009/12/19 13:51:26 | 000,033,280 | ---- | C] () -- C:\Windows\System32\lng32ss.dll
[2009/12/19 13:51:25 | 000,031,744 | ---- | C] () -- C:\Windows\System32\C4WErr32.dll
[2009/11/22 13:12:44 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2009/09/18 09:42:31 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/18 09:42:31 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/04/30 09:04:31 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2008/12/27 19:23:12 | 000,000,664 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2008/10/13 12:28:59 | 000,000,155 | ---- | C] () -- C:\Windows\CDFACE32.INI
[2008/09/11 09:03:51 | 000,033,280 | ---- | C] () -- C:\Users\Lauren & Sineca\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/04 06:28:14 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/18 14:12:30 | 000,000,611 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/07/18 14:12:30 | 000,000,022 | ---- | C] () -- C:\Windows\exchng.ini
[2008/07/18 14:12:29 | 000,000,957 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008/07/18 12:54:44 | 000,000,090 | ---- | C] () -- C:\Windows\calera.ini
[2008/07/18 12:54:35 | 000,269,312 | ---- | C] () -- C:\Windows\System32\FPXIG.DLL
[2008/07/18 12:54:35 | 000,068,096 | ---- | C] () -- C:\Windows\System32\IGFPX32P.DLL
[2008/07/18 12:54:35 | 000,065,024 | ---- | C] () -- C:\Windows\System32\JPEGACC.DLL
[2008/07/18 12:54:24 | 000,101,376 | ---- | C] () -- C:\Windows\System32\WELSOF32.DLL
[2008/07/07 14:09:44 | 000,651,264 | ---- | C] () -- C:\Windows\System32\libeay32.dll
[2008/07/07 14:09:44 | 000,192,512 | R--- | C] () -- C:\Windows\System32\AegisI5.exe
[2008/07/07 14:09:44 | 000,149,392 | ---- | C] () -- C:\Windows\System32\drivers\ar5523.bin
[2008/07/07 14:09:44 | 000,147,456 | ---- | C] () -- C:\Windows\System32\ssleay32.dll
[2008/03/25 08:56:08 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1461.dll
[2008/03/25 08:42:46 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008/03/25 08:42:46 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008/03/25 08:42:46 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2008/02/21 07:57:04 | 000,000,068 | ---- | C] () -- C:\Windows\System32\Compaq_Demo.ini
[2008/02/21 07:45:41 | 000,102,451 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/02/21 07:41:27 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2008/02/21 07:39:16 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/02/21 07:39:16 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2008/02/21 07:30:17 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/02/21 07:30:17 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/02/21 07:30:17 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/02/21 07:30:17 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:47:37 | 000,372,504 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[1997/07/10 23:00:00 | 000,047,104 | ---- | C] () -- C:\Windows\System32\WRKGADM.EXE
[1997/07/10 23:00:00 | 000,031,232 | ---- | C] () -- C:\Windows\System32\XLREC.DLL
[1997/07/10 23:00:00 | 000,025,600 | ---- | C] () -- C:\Windows\System32\RECNCL.DLL
[1997/07/10 23:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\ODBCSTF.DLL
[1997/07/10 23:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\DOCOBJ.DLL
[1997/07/10 23:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL

========== LOP Check ==========

[2009/06/25 21:09:10 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\AT&T
[2010/12/11 10:24:15 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\ATTToolbar
[2008/12/27 19:58:08 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Canon
[2010/05/20 18:56:25 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Costco Photo Organizer
[2010/05/30 09:03:14 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Costco Photo Viewer US
[2011/02/23 11:55:31 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Image Zone Express
[2008/10/13 09:32:22 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\LimeWire
[2008/07/31 13:06:29 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\MSNInstaller
[2008/11/28 19:57:55 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\NCH Swift Sound
[2011/02/22 13:04:05 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Printer Info Cache
[2008/11/17 14:18:39 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Recordpad
[2008/12/27 19:22:49 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\ScanSoft
[2008/09/12 16:14:26 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\SmartDraw
[2008/07/07 13:41:13 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Snapfish
[2008/08/11 19:12:28 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Template
[2008/07/08 21:07:18 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\WinBatch
[2008/11/18 10:44:48 | 000,000,000 | ---D | M] -- C:\Users\Lauren & Sineca\AppData\Roaming\acccore
[2009/06/26 07:38:50 | 000,000,000 | ---D | M] -- C:\Users\Lauren & Sineca\AppData\Roaming\AT&T
[2009/01/21 11:02:48 | 000,000,000 | ---D | M] -- C:\Users\Lauren & Sineca\AppData\Roaming\Canon
[2010/05/24 15:36:12 | 000,000,000 | ---D | M] -- C:\Users\Lauren & Sineca\AppData\Roaming\Costco Photo Organizer
[2010/05/20 16:01:26 | 000,000,000 | ---D | M] -- C:\Users\Lauren & Sineca\AppData\Roaming\Costco Photo Viewer US
[2008/11/18 09:49:54 | 000,000,000 | ---D | M] -- C:\Users\Lauren & Sineca\AppData\Roaming\NCH Swift Sound
[2008/11/18 09:49:52 | 000,000,000 | ---D | M] -- C:\Users\Lauren & Sineca\AppData\Roaming\Recordpad
[2011/03/08 09:37:55 | 000,000,000 | ---D | M] -- C:\Users\Lauren & Sineca\AppData\Roaming\Snapfish
[2010/08/09 15:39:22 | 000,000,000 | ---D | M] -- C:\Users\Lauren & Sineca\AppData\Roaming\Template
[2011/03/08 18:00:00 | 000,000,442 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job
[2011/03/08 19:40:40 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/03/09 08:30:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{AA3C5D03-265C-4D2F-9F97-272B964147BB}.job
[2011/03/09 08:32:35 | 000,000,412 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{EEF8D868-263D-407E-B401-21B46E05761C}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
 
OTL Extras logfile created on: 3/9/2011 8:31:37 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Lauren & Sineca\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,012.00 Mb Total Physical Memory | 325.00 Mb Available Physical Memory | 32.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 52.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.92 Gb Total Space | 47.59 Gb Free Space | 16.47% Space Free | Partition Type: NTFS
Drive D: | 9.17 Gb Total Space | 1.12 Gb Free Space | 12.19% Space Free | Partition Type: NTFS

Computer Name: LARRY-PC | User Name: Lauren & Sineca | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{31177906-F51F-4A94-BC4C-2736B0B30FF9}" = lport=137 | protocol=17 | dir=in | app=system |
"{3326C752-C47B-4696-8EEB-FDB7C15956C4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4A74D432-D3F3-4507-9E1C-CFB612992110}" = rport=139 | protocol=6 | dir=out | app=system |
"{532EB5C5-BEA9-4C26-8836-1322551E507B}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
"{5F53F1FB-D0B1-4737-A75B-0D0DB278FDA0}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
"{643529C6-85E1-4313-BDF2-2CAE271617D1}" = rport=138 | protocol=17 | dir=out | app=system |
"{774B7EE6-513A-4846-8773-16C090AF4ACC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{97AAF3E7-D62D-440B-AB04-B5003C682B31}" = lport=139 | protocol=6 | dir=in | app=system |
"{A5FC48CA-F9EC-4CE3-90CA-2C9F4B21D894}" = rport=137 | protocol=17 | dir=out | app=system |
"{C16EFFB1-D270-4168-AF55-C74B3D5D99A7}" = lport=445 | protocol=6 | dir=in | app=system |
"{C1B8E435-71F3-4628-8EDF-EDB09ED127CA}" = rport=445 | protocol=6 | dir=out | app=system |
"{FD99B846-2DB4-4CC4-AD17-BA7D8B7BA06E}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C5842F-9523-443D-BCC9-D29BC7DF181C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0F374204-8555-46AC-B64D-1416F6C90BB8}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{17735802-2F6D-4635-B22B-ABCDCC5FF573}" = dir=in | app=c:\program files\cyberlink\tv enhance\tveservice.exe |
"{1D21E4F5-7DFA-4BD9-AFA7-6B205BAC2C7D}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{1ECC7D8B-0B30-47B0-97E5-8CD458ED1946}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{229ADBD7-93B4-4B46-B502-450F8BFD5D21}" = dir=in | app=c:\program files\cyberlink\tv enhance\tvenhance.exe |
"{2A6BA80D-A070-449B-8F15-8695BD4F175F}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{33DCF51E-F81B-4B98-B2CB-BB4D5BD37B9A}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{362F6F12-14C9-429A-A467-B5F9D0FFC8F7}" = protocol=6 | dir=in | app=c:\program files\mypoints point finder\toolbarupdate.exe |
"{3E838B06-2F52-4654-BA60-3B155E75CD79}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{45265472-6E9D-40B9-BFEF-3F43832940A1}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{5E8BE8C2-42E0-49F8-91C3-18E8A00DE634}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{6431E17B-A1F1-4EF3-B289-4F9CB6970FBC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6945130F-1A14-42B5-8A69-F20BE2CE7AE1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{822A9797-A453-444C-A4DB-482AD79BC067}" = protocol=17 | dir=in | app=c:\program files\mypoints point finder\toolbarupdate.exe |
"{8E1CB7A1-20D1-4B12-83B9-0033B23D0BBE}" = protocol=17 | dir=in | app=c:\program files\mypoints point finder\troubleshooter.exe |
"{8FDD9FF6-96D8-4A67-A0B2-B444482D5191}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{98021B7E-4328-401D-9F6B-8BCDE8EAF26D}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{A17025AD-3C75-48E7-AB36-A5D1EE620649}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{A8AC7D20-5A86-41DB-87C0-DB52ED7AAC19}" = protocol=6 | dir=in | app=c:\program files\att-hsi\mccibrowser.exe |
"{A8C418DB-C5C8-4FC5-85F6-7010501E9237}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{AD71E7EB-A27D-45DA-A564-11EE5E622120}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B5AB27C2-C520-4B24-AD5C-7A6D41B1C482}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{D74662A8-D363-40E4-9C17-C1A3F22F9378}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DDA2F7F6-4234-4EE8-859E-C955790010DA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DF627884-8F0D-4A05-A973-0C855B853386}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E28102C8-4E63-4848-A8C8-69DE8126C183}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{EB58E0D2-4ADD-41C2-B2E8-615F6AEE54FF}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{F4D0D333-B693-45E3-BEFB-30ED6A6D13BC}" = protocol=17 | dir=in | app=c:\program files\att-hsi\mccibrowser.exe |
"{F5E8F9C8-D75E-4D57-B4D7-ACD128155FA5}" = protocol=6 | dir=in | app=c:\program files\mypoints point finder\troubleshooter.exe |
"{FB4239D0-A65F-473A-8539-086DCD2B19EF}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"TCP Query User{66DD20B8-86B4-420C-A0A0-05C8E6C1E794}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{A0BBD519-F92A-4907-9485-C460E1F8E6BB}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{A8B4A762-510C-4136-8BF0-3E48789B7330}C:\program files\scansoft\paperport\navbrowser.exe" = protocol=6 | dir=in | app=c:\program files\scansoft\paperport\navbrowser.exe |
"UDP Query User{33B11585-A691-4E40-B8FB-D70B43AA8C1A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{76425767-6FAA-4604-9572-A25A0CD481B7}C:\program files\scansoft\paperport\navbrowser.exe" = protocol=17 | dir=in | app=c:\program files\scansoft\paperport\navbrowser.exe |
"UDP Query User{F3039F4B-5CA3-4F05-9652-0171BCE0183B}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02EE107B-8D95-4949-8935-4DEBE8F08BE3}" = Bing Bar Platform
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{1BCE2581-B7CA-4BB4-BDFB-D113506AA38B}" = HP Easy Setup - Frontend
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{25771101-7948-4591-ABF3-B1ECE7A7F45F}" = HP Update
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 21
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{31B2D73B-4311-4D95-A131-32FB2194D1CB}" = Microsoft UI Engine
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{48A34EA8-695B-48BE-B900-C0C44D5D518A}" = Photo Viewer
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{582E9125-32B6-4CBA-AB48-3E33CE3DB389}" = NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111
"{5B30AA25-BF39-4BE4-8FEE-51938BAB214D}" = TurboTax 2008 wcaiper
"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{66F2E34E-A7D4-49AF-8D4A-2F6D8760EFAD}" = LightScribe Template Designs - Celebration Pack 1
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{788B97E8-D825-419A-8558-1C0B344C5371}" = Costco Photo Organizer
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7D9B77E1-0078-0001-4447-ADD4C0A93D1D}" = Sansa Media Converter
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{7F2B6338-4C07-49A0-BDF0-AD92E3124A7E}" = Compaq Demo
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{84B01A13-F78F-4281-9224-C96FB3530A2C}" = LightScribe Template Designs - Seasonal Pack 1
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{87FF0E39-8490-4EB4-A557-FF12F712EF7E}" = TurboTax 2010 wcaiper
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6C766E9-B26D-4D54-A22B-A52B069C6C14}" = LightScribe Template Designs - Special Occasion Pack 1
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BCC5DC79-2275-4171-8CEA-39F0DD9ADF58}" = EVGA in D tube Driver
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C45EB9E5-7165-4FB0-8C31-77FC4743362F}" = Manual CanoScan LiDE 25
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C8D47273-7A1A-4614-A3D8-263632D8A5ED}" = HP Customer Experience Enhancements
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = CanoScan Toolbox Ver4.9
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CDEE9830-92A2-4A65-8ED7-6804C865BA2F}" = ArcSoft PhotoImpression 5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF736FF-8133-42F3-8E18-BDFE293B87FF}" = LightScribe Template Designs - Holiday Pack 1
"{DB3A97C0-EEC1-43FE-AB56-E2EA972CF111}" = 1600
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E35A1183-F6D8-4DCA-A111-296AFFA00A5C}" = LightScribe Template Designs - Tattoo Pack 1
"{E4C891D6-6844-41B8-86E8-633CACCC644F}" = TV Enhance
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EA79DC46-98B0-4A26-A76F-448A032E5E4D}" = 1600Trb
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB7A2041-6A16-4BAC-8079-43B985673C2C}" = Avery Wizard 3.1
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F35FE9BC-FC41-4A22-8545-4FB15E8BCD0C}" = BSL 3.7
"{FB4F9000-04FC-11E0-85D2-001AA037B01E}" = Google Earth Plug-in
"{FC053571-8507-44E4-8B6D-AACEAB8CA57C}" = Sansa Media Converter
"{FEA5A8ED-93A1-44EE-9A7D-43103DB3F78D}" = 1600_Help
"{fef8097e-662d-49b3-aa77-2919db3746d7}" = HP Total Care Advisor
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"Arthur's Wilderness Rescue" = Arthur's Wilderness Rescue
"ATT-SST" = AT&T Self Support Tool
"ATTToolbar" = AT&T Toolbar
"Christmas for Windows Release 7" = Christmas for Windows Release 7
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"CreataCard Plus 2" = CreataCard Plus 2
"Digital Binoculars_is1" = Uninstall Digital Binoculars Driver
"ERUNT_is1" = ERUNT 1.1j
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"ImageJ_is1" = ImageJ 1.42q
"InstallShield_{BCC5DC79-2275-4171-8CEA-39F0DD9ADF58}" = EVGA in D tube Driver
"InstallShield_{EB7A2041-6A16-4BAC-8079-43B985673C2C}" = Avery Wizard 3.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSNINST" = MSN
"MyPoints Point Finder" = MyPoints Point Finder
"Neato MediaFACE" = Neato MediaFACE
"Office8.0" = Microsoft Office 97, Professional Edition
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PaperPort 7.02" = PaperPort 7.02
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"RadialpointClientGateway_is1" = AT&T Internet Security Wizard 1.5.11
"The Print Shop Deluxe" = The Print Shop Deluxe III
"TurboTax 2008" = TurboTax 2008
"TurboTax 2010" = TurboTax 2010
"Ultra WinCleaner 2002_is1" = Ultra WinCleaner 2002 Version 8.0
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"Yahoo! Widget Engine" = Yahoo! Widgets
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1560622230-470757469-4093761788-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Consumer Input Software" = Consumer Input Software (remove only)
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
 
Hi,

There maybe a problem with Event Log, lets run this program and see if it fixes it.

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • See this Link for programs that need to be disabled and instruction on how to disable them.
  • Remember to re-enable them when we're done.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
 
ComboFix 11-03-08.09 - Lauren & Sineca 03/09/2011 9:52.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1012.387 [GMT -8:00]
Running from: c:\users\Lauren & Sineca\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Larry\AppData\Roaming\aezxgtcz.dll
c:\windows\system32\jusched.exe
c:\windows\system32\spool\prtprocs\w32x86\Ppbiproc.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-02-09 to 2011-03-09 )))))))))))))))))))))))))))))))
.
.
2011-03-09 18:08 . 2011-03-09 18:08 -------- d-----w- c:\users\Larry\AppData\Local\temp
2011-03-09 18:06 . 2011-03-09 18:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-09 17:42 . 2011-03-09 17:44 -------- d-----w- C:\32788R22FWJFW
2011-03-08 17:20 . 2011-02-23 17:35 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2AF07538-FF57-4F31-AF7E-A04C8B997AD5}\mpengine.dll
2011-03-08 15:29 . 2011-03-08 15:29 -------- d-----w- c:\users\Lauren & Sineca\AppData\Roaming\Malwarebytes
2011-03-07 22:21 . 2011-03-07 23:44 -------- d-----w- c:\program files\ERUNT
2011-03-07 17:35 . 2011-03-07 17:35 -------- d-----w- c:\users\Larry\AppData\Roaming\Malwarebytes
2011-03-07 17:33 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-07 17:33 . 2011-03-07 17:33 -------- d-----w- c:\programdata\Malwarebytes
2011-03-07 17:33 . 2011-03-08 17:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-07 17:33 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-07 17:17 . 2011-03-07 22:07 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-03-07 17:17 . 2011-03-07 17:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-07 16:53 . 2011-03-08 17:02 -------- d-----w- c:\programdata\jHaJlMl06300
2011-03-05 16:54 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-03-05 16:50 . 2009-10-09 21:56 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2011-03-05 16:50 . 2009-10-09 21:56 20480 ----a-w- c:\windows\system32\winrshost.exe
2011-03-05 16:50 . 2009-10-09 21:56 40448 ----a-w- c:\windows\system32\winrs.exe
2011-03-05 16:50 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
2011-03-05 16:50 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\winrssrv.dll
2011-03-05 16:50 . 2009-10-09 21:56 41472 ----a-w- c:\windows\system32\pwrshplugin.dll
2011-03-05 16:50 . 2009-10-09 21:55 79872 ----a-w- c:\windows\system32\wecutil.exe
2011-03-05 16:50 . 2009-10-09 21:55 54272 ----a-w- c:\windows\system32\WsmRes.dll
2011-03-05 16:50 . 2009-10-09 21:55 146944 ----a-w- c:\windows\system32\wecsvc.dll
2011-03-05 16:50 . 2009-10-09 21:55 81408 ----a-w- c:\windows\system32\wevtfwd.dll
2011-03-05 16:50 . 2009-10-09 21:55 56320 ----a-w- c:\windows\system32\wecapi.dll
2011-03-05 16:49 . 2009-08-01 06:27 201184 ----a-w- c:\windows\system32\winrm.vbs
2011-03-05 16:49 . 2009-10-09 21:56 145408 ----a-w- c:\windows\system32\WsmAuto.dll
2011-03-05 16:49 . 2009-10-09 21:56 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2011-03-05 16:49 . 2009-10-09 21:56 241152 ----a-w- c:\windows\system32\winrscmd.dll
2011-03-05 16:49 . 2009-10-09 21:56 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2011-03-05 16:49 . 2009-10-09 21:55 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2011-03-05 16:49 . 2009-10-09 21:56 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
2011-03-04 18:21 . 2011-03-04 18:21 -------- d-----w- c:\programdata\lFnDdMo06300
2011-02-23 18:38 . 2011-02-23 18:38 -------- d-----w- c:\users\Larry\AppData\Local\HP
2011-02-23 16:37 . 2011-02-23 16:37 -------- d-----w- c:\users\Lauren & Sineca\AppData\Roaming\HP
2011-02-22 21:04 . 2011-02-23 19:55 -------- d-----w- c:\users\Larry\AppData\Roaming\Image Zone Express
2011-02-22 20:46 . 2011-02-22 20:46 -------- d-----w- c:\programdata\WEBREG
2011-02-22 20:31 . 2011-02-22 20:31 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2011-02-22 19:49 . 2006-12-16 06:19 675840 ----a-w- c:\windows\system32\SET2F70.tmp
2011-02-22 19:49 . 2006-12-16 06:19 303104 ----a-w- c:\windows\system32\hpovst01.dll
2011-02-22 19:49 . 2006-12-16 06:19 897024 ----a-w- c:\windows\system32\SET3887.tmp
2011-02-22 19:49 . 2006-11-20 21:36 258048 ----a-w- c:\windows\system32\hpzids01.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-03 01:11 . 2009-11-27 00:39 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-28 15:55 . 2011-01-12 18:27 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-14 14:49 . 2011-01-12 18:27 1169408 ----a-w- c:\windows\system32\sdclt.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-01-19 942080]
"PPWebCap"="c:\program files\ScanSoft\PaperPort\PPWebCap.exe" [2001-10-15 43008]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-03-17 2387968]
"Consumer Input Update"="c:\program files\Consumer Input\dca-ua.exe" [2010-05-14 179896]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-15 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-01 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-01 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-01 133656]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2010-07-27 1573888]
"ISW.exe"="c:\program files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 2061816]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"TVEService"="c:\program files\CyberLink\TV Enhance\TVEService.exe" [2008-01-09 163840]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WinCinema Manager.lnk - c:\program files\Sandisk\Common\Bin\WinCinemaMgr.exe [2009-1-13 303104]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-11-4 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-7-10 111376]
NETGEAR WPN111 Smart Wizard.lnk - c:\program files\NETGEAR\WPN111\wpn111.exe [2008-7-7 884838]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-7-10 51984]
Remote TSR.lnk - c:\program files\inDtube\Utility\RemoteTool\inDtube.exe [2008-2-26 49152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-15 136176]
R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2008-01-21 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2008-01-21 251904]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys [2005-09-26 362944]
S2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe [2008-01-09 344159]
S2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe [2008-01-09 118877]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NORMANDY
*Deregistered* - Normandy
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-15 20:23]
.
2011-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-15 20:23]
.
2011-03-09 c:\windows\Tasks\User_Feed_Synchronization-{AA3C5D03-265C-4D2F-9F97-272B964147BB}.job
- c:\windows\system32\msfeedssync.exe [2011-02-09 04:47]
.
2011-03-09 c:\windows\Tasks\User_Feed_Synchronization-{EEF8D868-263D-407E-B401-21B46E05761C}.job
- c:\windows\system32\msfeedssync.exe [2011-02-09 04:47]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: Crawler Search - tbr:iemenu
Trusted Zone: motive.com\patttbc.att
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - (no file)
WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)
WebBrowser-{89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - c:\program files\MyPoints Point Finder\Toolbar.dll
HKCU-Run-Aim6 - c:\program files\AIM6\aim6.exe
HKCU-Run-lphc78sj0ej1h - c:\windows\system32\lphc78sj0ej1h.exe
HKCU-Run-CSmileys - c:\progra~1\Crawler\Smileys\CSmileysIM.exe
HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
HKCU-Run-Exetender - c:\program files\Free Ride Games\GPlayer.exe
HKLM-Run-lphc78sj0ej1h - c:\windows\system32\lphc78sj0ej1h.exe
HKLM-Run-NeroFilterCheck - c:\windows\system32\NeroCheck.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-09 10:14
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-03-09 10:20:39
ComboFix-quarantined-files.txt 2011-03-09 18:20
.
Pre-Run: 52,698,529,792 bytes free
Post-Run: 56,838,262,784 bytes free
.
- - End Of File - - 1BE1A2DB25F86AE6057BEE2E905D4143
 
Looking good but I want to look over your log a bit closer and I still want to check on eventlog, in the meantime run this free online virus scanner

Please run this free online virus scanner from ESET
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
 
I want to thank you for helping me, I really appreciate it. Yesterday after running spybot, malwarebytes, etc., all of the scans came back clean. Today however, I was starting up the eset scan and I went to look up something on google. I was redirected to a site and almost immediately some "thing" took over my browser window calling itself 'system analysis' and pretending to scan my system and alerting me that my computer was heavily infected. I went to task manager to close it and it ended up closing itself and my eset scan. I then restarted my eset scan and then later I used spybot and malwarebytes to scan again. Malwarebytes found nothing, however spybot listed 6 problems which were called "browser" under the kind column. I clicked for it to fix the problem and then rescanned only to find the same 6 problems. I clicked fix and rescanned a third time and this time it found 1 problem. I wish that I knew how to keep my computer safe from all this, as it is very alarming and frustrating. Anyhow here is my eset log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=51a6957e03435048a0fc8a4fcfd19e0b
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-03-10 01:25:16
# local_time=2011-03-09 05:25:16 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=3584 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 18480 136313661 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=197908
# found=0
# cleaned=0
# scan_time=14184
 
Good Morning,

freeze.com <-- If you havent done so already remove this program via Programs and Features in the Control Panel.

Lets go back to square one, run DDS and post a fresh log please

Download DDS from one of the links below to your desktop

Link 1
Link 2

  • Double click the tool to run it.
  • A black Screen will open, just read the contents and do nothing.
  • When the tool finishes, it will open 2 reports, DDS.txt and attach.txt
  • Copy/Paste the contents of 'DDS.txt' into your post.
  • 'attach.txt' should be zipped using Windows native zip utility and attached to your post. Compress and uncompress files (zip files)
 
I believe that freeze.com..whatever it was...is gone.

Here is my DDS:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Lauren & Sineca at 9:49:34.84 on Thu 03/10/2011
Internet Explorer: 8.0.6001.19019
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1012.346 [GMT -8:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\ehome\ehRecvr.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\CyberLink\TV Enhance\TVEService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ScanSoft\PaperPort\PPWEBCAP.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\inDtube\Utility\RemoteTool\inDtube.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Lauren & Sineca\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: @c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:\progra~1\inboxt~1\Inbox.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [HPADVISOR] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [PPWebCap] c:\program files\scansoft\paperport\PPWebCap.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
mRun: [ISW.exe] "c:\program files\at&t\internet security wizard\ISW.exe" /AUTORUN
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [TVEService] "c:\program files\cyberlink\tv enhance\TVEService.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wincin~1.lnk - c:\program files\sandisk\common\bin\WinCinemaMgr.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wpn111\wpn111.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\remote~1.lnk - c:\program files\indtube\utility\remotetool\inDtube.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Crawler Search - tbr:iemenu
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: motive.com\patttbc.att
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} -
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2011-03-09 19:57:41 -------- d-----w- c:\program files\ESET
2011-03-09 18:20:50 -------- d-sh--w- C:\$RECYCLE.BIN
2011-03-09 17:44:34 98816 ----a-w- c:\windows\sed.exe
2011-03-09 17:44:34 89088 ----a-w- c:\windows\MBR.exe
2011-03-09 17:44:34 256512 ----a-w- c:\windows\PEV.exe
2011-03-09 17:44:34 161792 ----a-w- c:\windows\SWREG.exe
2011-03-09 15:27:29 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 15:27:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 15:27:28 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 15:27:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 15:27:26 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 15:27:25 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-08 17:20:52 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{2af07538-ff57-4f31-af7e-a04c8b997ad5}\mpengine.dll
2011-03-08 15:29:15 -------- d-----w- c:\users\lauren~1\appdata\roaming\Malwarebytes
2011-03-07 17:33:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-07 17:33:18 -------- d-----w- c:\progra~2\Malwarebytes
2011-03-07 17:33:15 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-07 17:33:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-07 17:17:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-07 17:17:43 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-03-07 16:53:38 -------- d-----w- c:\progra~2\jHaJlMl06300
2011-03-05 16:54:59 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-03-05 16:50:43 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2011-03-05 16:50:42 40448 ----a-w- c:\windows\system32\winrs.exe
2011-03-05 16:50:42 20480 ----a-w- c:\windows\system32\winrshost.exe
2011-03-05 16:50:32 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
2011-03-05 16:50:32 10240 ----a-w- c:\windows\system32\winrssrv.dll
2011-03-05 16:50:22 81408 ----a-w- c:\windows\system32\wevtfwd.dll
2011-03-05 16:50:22 79872 ----a-w- c:\windows\system32\wecutil.exe
2011-03-05 16:50:22 56320 ----a-w- c:\windows\system32\wecapi.dll
2011-03-05 16:50:22 54272 ----a-w- c:\windows\system32\WsmRes.dll
2011-03-05 16:50:22 41472 ----a-w- c:\windows\system32\pwrshplugin.dll
2011-03-05 16:50:22 146944 ----a-w- c:\windows\system32\wecsvc.dll
2011-03-05 16:49:49 201184 ----a-w- c:\windows\system32\winrm.vbs
2011-03-05 16:49:44 145408 ----a-w- c:\windows\system32\WsmAuto.dll
2011-03-05 16:49:43 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2011-03-05 16:49:43 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2011-03-05 16:49:43 241152 ----a-w- c:\windows\system32\winrscmd.dll
2011-03-05 16:49:43 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2011-03-05 16:49:42 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
2011-03-04 18:21:05 -------- d-----w- c:\progra~2\lFnDdMo06300
2011-02-22 20:46:04 -------- d-----w- c:\progra~2\WEBREG
2011-02-22 20:31:35 -------- d-----w- c:\program files\common files\Hewlett-Packard
2011-02-22 19:49:09 897024 ----a-w- c:\windows\system32\SET3887.tmp
2011-02-22 19:49:09 675840 ----a-w- c:\windows\system32\SET2F70.tmp
2011-02-22 19:49:09 303104 ----a-w- c:\windows\system32\hpovst01.dll
2011-02-22 19:49:09 258048 ----a-w- c:\windows\system32\hpzids01.dll
.
==================== Find3M ====================
.
2011-02-03 01:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:57:01 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-18 06:27:04 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-18 06:22:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 06:22:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-18 06:22:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-12-18 06:22:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-12-18 05:25:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-18 04:48:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-12-18 04:47:11 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-14 14:49:23 1169408 ----a-w- c:\windows\system32\sdclt.exe
.
============= FINISH: 9:52:40.33 ===============
 
Hey,

You need to enable windows to show all files and folders, instructions Here

Go to VirusTotal and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see. If the site says this file has been checked before, have them check it again


c:\windows\system32\SET3887.tmp<--This file


If the site is busy you can try this one
http://virusscan.jotti.org/en



Run Malwarebytes again, make sure you check for updates first , remove what it finds and post the log
 
Hey,
I hope this is what you meant by the virus total report:

File name: SET3887.tmp
Submission date: 2011-03-10 20:28:23 (UTC)
Current status: queued (#1) queued (#1) analysing finished


Result: 0/ 43 (0.0%)
VT Community

not reviewed
Safety score: -
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.03.11.00 2011.03.10 -
AntiVir 7.11.4.163 2011.03.10 -
Antiy-AVL 2.0.3.7 2011.03.09 -
Avast 4.8.1351.0 2011.03.10 -
Avast5 5.0.677.0 2011.03.10 -
AVG 10.0.0.1190 2011.03.10 -
BitDefender 7.2 2011.03.10 -
CAT-QuickHeal 11.00 2011.03.10 -
ClamAV 0.96.4.0 2011.03.10 -
Commtouch 5.2.11.5 2011.03.10 -
Comodo 7934 2011.03.10 -
DrWeb 5.0.2.03300 2011.03.10 -
Emsisoft 5.1.0.2 2011.03.10 -
eSafe 7.0.17.0 2011.03.10 -
eTrust-Vet 36.1.8209 2011.03.10 -
F-Prot 4.6.2.117 2011.03.10 -
F-Secure 9.0.16440.0 2011.03.10 -
Fortinet 4.2.254.0 2011.03.10 -
GData 21 2011.03.10 -
Ikarus T3.1.1.97.0 2011.03.10 -
Jiangmin 13.0.900 2011.03.10 -
K7AntiVirus 9.92.4076 2011.03.10 -
Kaspersky 7.0.0.125 2011.03.10 -
McAfee 5.400.0.1158 2011.03.10 -
McAfee-GW-Edition 2010.1C 2011.03.10 -
Microsoft 1.6603 2011.03.10 -
NOD32 5943 2011.03.10 -
Norman 6.07.03 2011.03.10 -
nProtect 2011-02-10.01 2011.02.15 -
Panda 10.0.3.5 2011.03.10 -
PCTools 7.0.3.5 2011.03.10 -
Prevx 3.0 2011.03.10 -
Rising 23.48.03.05 2011.03.10 -
Sophos 4.63.0 2011.03.10 -
SUPERAntiSpyware 4.40.0.1006 2011.03.10 -
Symantec 20101.3.0.103 2011.03.10 -
TheHacker 6.7.0.1.147 2011.03.10 -
TrendMicro 9.200.0.1012 2011.03.10 -
TrendMicro-HouseCall 9.200.0.1012 2011.03.10 -
VBA32 3.12.14.3 2011.03.10 -
VIPRE 8660 2011.03.10 -
ViRobot 2011.3.10.4351 2011.03.10 -
VirusBuster 13.6.245.0 2011.03.10 -
Additional informationShow all
MD5 : 5fb27e238d980103c50edec26f10403a
SHA1 : 3c7c30d7bde5503628ac7ecff9093d502f49dddf
SHA256: 901a00ee5c7063279e3d7ac50dafa729d393db0d0df9fdcbe7f2eeb4ed5935c3
ssdeep: 12288:BpqnrYGei0xQGmN75Nw9UPcPAEi2oxa8pTJ0eGHkel3xaPYe33dG4ubcjdqijq:2nrELy
NkKzEi2oxFpT8l354ubEdqij
File size : 897024 bytes
First seen: 2010-01-28 13:28:41
Last seen : 2011-03-10 20:28:23
TrID:
DirectShow filter (52.6%)
Windows OCX File (32.2%)
Win32 Executable MS Visual C++ (generic) (9.8%)
Win32 Executable Generic (2.2%)
Win32 Dynamic Link Library (generic) (1.9%)
sigcheck:
publisher....: Hewlett-Packard Co.
copyright....: Copyright (C) Hewlett-Packard Co. 1995-2005
product......: hp digital imaging - hp all-in-one series
description..: HP AiO Scan Driver - hpotiop1
original name: hpotiop1.DLL
internal name: hpotiop1
file version.: 82.0.175.000
comments.....: HP AiO Scan Driver - hpotiop1
signers......: -
signing date.: -
verified.....: Unsigned

PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x5FAEB
timedatestamp....: 0x457FA1EE (Wed Dec 13 06:47:10 2006)
machinetype......: 0x14c (I386)

[[ 6 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x8C9B9, 0x8D000, 6.70, ac0b3ddea0ef9a4584aceb713f6b32f1
.rdata, 0x8E000, 0x301A5, 0x31000, 5.58, baac8b7a150a27796d96b654371b8e59
.data, 0xBF000, 0x101C4, 0x6000, 4.67, 1d15b33cc0a2c88882486f6371bccdf9
TulipLog, 0xD0000, 0x8, 0x1000, 0.00, 620f0b67a91f7f74151bc5be745b7110
.rsrc, 0xD1000, 0x643C, 0x7000, 4.70, 3da9571728ac2c5f960dabc031411601
.reloc, 0xD8000, 0xDDAE, 0xE000, 6.30, a9451ededd33c03d6a878c926300b08c

[[ 8 import(s) ]]
SETUPAPI.dll: SetupDiOpenClassRegKey
KERNEL32.dll: lstrcmpiA, GetModuleFileNameA, DisableThreadLibraryCalls, IsDBCSLeadByte, FreeLibrary, SizeofResource, LoadResource, FindResourceA, LoadLibraryExA, GetModuleHandleA, CreateSemaphoreA, GetCurrentProcessId, WaitForSingleObject, ReleaseSemaphore, CloseHandle, GetCurrentThreadId, GetTempPathA, GetProcAddress, LoadLibraryA, InterlockedExchangeAdd, GetTickCount, OutputDebugStringA, InterlockedExchange, GetVersionExA, lstrlenA, Sleep, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, SetThreadPriority, CreateThread, CreateMutexA, ReleaseMutex, CreateEventA, WaitForMultipleObjects, FindNextChangeNotification, ResetEvent, SetEvent, GetOverlappedResult, GetThreadLocale, SetEnvironmentVariableA, InterlockedDecrement, InterlockedIncrement, GetLastError, DeleteCriticalSection, InitializeCriticalSection, LeaveCriticalSection, EnterCriticalSection, RaiseException, lstrlenW, WideCharToMultiByte, MultiByteToWideChar, GetCPInfo, CreateFileW, CompareStringW, CompareStringA, SetEndOfFile, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, ReadFile, HeapSize, SetLastError, GetStdHandle, WriteFile, HeapCreate, HeapDestroy, VirtualFree, GetConsoleMode, IsValidCodePage, IsValidLocale, EnumSystemLocalesA, GetUserDefaultLCID, GetStringTypeW, GetStringTypeA, GetLocaleInfoW, GetLocaleInfoA, CreateFileA, SetStdHandle, QueryPerformanceCounter, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, SetFilePointer, FlushFileBuffers, GetConsoleCP, GetStartupInfoA, GetFileType, SetHandleCount, GetTimeZoneInformation, LCMapStringW, LCMapStringA, GetOEMCP, HeapAlloc, HeapFree, VirtualProtect, VirtualAlloc, GetSystemInfo, VirtualQuery, RtlUnwind, HeapReAlloc, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetCommandLineA, GetProcessHeap, ExitProcess, SetConsoleCtrlHandler, GetACP
USER32.dll: wsprintfA, CharNextA, UnregisterClassA
ADVAPI32.dll: RegEnumKeyA, RegOpenKeyA, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, RegQueryValueExA, RegEnumKeyExA, RegQueryInfoKeyA, RegSetValueExA, RegOpenKeyExA, RegCreateKeyExA, RegCloseKey, RegDeleteValueA, RegDeleteKeyA
ole32.dll: CoTaskMemFree, StringFromGUID2, CoCreateInstance, StringFromIID, CoTaskMemAlloc, CoTaskMemRealloc
OLEAUT32.dll: -, -, -, -, -, -, -, -
RPCRT4.dll: UuidCreate
WS2_32.dll: WSAEventSelect, WSACloseEvent, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -

[[ 4 export(s) ]]
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer
 
Does it matter what user account I scan with malwarebytes? Also, after I scan malwarebytes should I go back and hide my temp files and operating system files?
 
The Virus Total Report was just fine, you did well and that file is ok.

Malwarebytes will scan your entire system so just log on to your usual account

Yes you can go ahead and redhide system files
 
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6012

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

3/10/2011 3:49:18 PM
mbam-log-2011-03-10 (15-49-18).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 354703
Time elapsed: 1 hour(s), 7 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
I just want to also say a random note that after I finished running malwarebytes which came back clean, I went ahead and ran spybot just cause, and it found 2 problems (casalemedia and doubleclick) which are listed as browser under the kind column. I saw these in my previous spybot scan, but apparently they didn't get fixed yet.
 
You must log in or register to reply here.
Back
Top