olsoncol Posted September 26, 2012 ID:601560 Share Posted September 26, 2012 Hey,I have recently been infected with this Snap.do search on my browsers (Chrome and IE). I have researched and decided to uninstall. I then "removed" from Chrome search options. But unfortunately it still exists on both browsers. I then came across your forum. I have downloaded the free software and done a scan. It still exists. I then downloaded as asked the dds.com file and ran it without internet. So here I am.Please help.ColinDDS.txtAttach.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 27, 2012 ID:601844 Share Posted September 27, 2012 (edited) Hello olsoncol and welcome to MalwareBytes forums.Please do NOT attach logs/reports from this point forward. Always copy/paste directly into main-body of reply box. As there are very recent security concerns regarding Java rutime, I would advise you uninstall Java from your system using Control Panel >> Programs and FeaturesUninstall Java Auto UpdaterJava 6 Update 31Java 7 Update 5JavaFX 2.1.1FYI: As reported on Networkworld, on Tuesday this week (and elsewhere) Today on Full Disclosure mailing list, the Polish security firm Security Explorations announced another new critical Java flaw. This one is worse than the last Java zero-day since it affects all operating systems (Windows, Linux, Solaris, MacOS) that use Java 5, 6 or 7. The Java plugin can be exploited in Chrome, Firefox, IE, Safari and Opera browsers. One billion users are at risk, the security researchers warned.https://www.networkworld.com/community/blog/time-disable-java-again-1-billion-risk-newest-critical-java-bugStep 2Uninstall BitTorrent & any other 'torrent utility or filesharing appRisks of File-Sharing Technology.P2P file sharing: Know the risksForum policy on peer-to-peer-programs:If you're using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.http://forums.malwarebytes.org/index.php?showtopic=97700Confirm for me that they have been removed. Step 31. Go >> Here << and download ERUNT (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)2. Install ERUNT by following the prompts (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)3. Start ERUNT by doing a Right-Click on it & select Run As Admisnistrator4. Choose a location for the backup (the default location is C:\WINDOWS\ERDNT which is acceptable).5. Make sure that at least the first two check boxes are ticked 6. Press OK7. Press YES to create the folder.Step 4Show all files: Click the Start button, and then click Computer. On the Organize menu, click Folder and Search Options. Click the View tab. Locate and uncheck Hide file extensions for known file types. Locate and uncheck Hide protected operating system files (Recommended). Locate and click Show hidden files and folders. Click Apply > OK. Step 5 Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or >> from here << Quit all programs that you may have started. Please disconnect any USB or external drives from the computer before you run this scan! For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.For Windows XP, double-click to start. Wait until Prescan has finished ... Then Click on Scan button at upper right of screen. Wait until the Status box shows "Scan Finished" Click on Report and copy/paste the content of the Notepad into your next reply.The log should be found in RKreport[1].txt on your Desktop Do NOT press any Fix button.Exit/Close RogueKillerStep 6Please download AdwCleaner © Xplode from >>here<< and save it on your Desktop.If your are running Windows XP, double click adwcleaner.exe to start it.Otherwise, Right-click on adwcleaner.exe and select Run As Administrator to launch the application.Now click on the Search tab.Please post the contents of the log-file created in your next post.Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1. Edited September 27, 2012 by Maurice Naggar Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 1, 2012 ID:602963 Share Posted October 1, 2012 How is it going? Do you still need help? Do let me know.I close my topics if there's been 4 days without a response. Link to post Share on other sites More sharing options...
olsoncol Posted October 1, 2012 Author ID:603021 Share Posted October 1, 2012 In the process of doing things. Here is the first report. More to follow.RogueKiller V8.1.0 [09/28/2012] by Tigzymail: tigzyRK<at>gmail<dot>comFeedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/Website: http://tigzy.geekstogo.com/roguekiller.phpBlog: http://tigzyrk.blogspot.comOperating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits versionStarted in : Normal modeUser : Collin [Admin rights]Mode : Scan -- Date : 10/01/2012 09:21:28¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 7 ¤¤¤[TASK][sUSP PATH] Norton Internet Security - Run Full System Scan - Collin : c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe /TASK:"C:\ProgramData\Symantec\Norton AntiVirus\Tasks\mycomp.sca" -> FOUND[TASK][sUSP PATH] {1A280D28-4BEC-464B-9E93-A92EE80FF733} : C:\Windows\System32\pcalua.exe -a C:\Users\Collin\Desktop\ICT\Adam\SETUP.EXE -d C:\Users\Collin\Desktop\ICT\Adam -> FOUND[TASK][sUSP PATH] {9564FA9F-3211-4AC9-9248-123F8B5375D6} : C:\Windows\System32\pcalua.exe -a C:\Users\Collin\Desktop\yahoo_firefox_setup-3.0.exe -d C:\Users\Collin\Desktop -> FOUND[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:51210) -> FOUND[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [LOADED] ¤¤¤SSDT[13] : NtAlertResumeThread @ 0x822D65C3 -> HOOKED (Unknown @ 0x8782D078)SSDT[14] : NtAlertThread @ 0x8224F255 -> HOOKED (Unknown @ 0x8782D158)SSDT[18] : NtAllocateVirtualMemory @ 0x8228B4FB -> HOOKED (Unknown @ 0x8801DCA0)SSDT[21] : NtAlpcConnectPort @ 0x8222D887 -> HOOKED (Unknown @ 0x87E221A8)SSDT[42] : NtAssignProcessToJobObject @ 0x82200B43 -> HOOKED (Unknown @ 0x885AED60)SSDT[67] : NtCreateMutant @ 0x82263812 -> HOOKED (Unknown @ 0x87EF5D78)SSDT[77] : NtCreateSymbolicLinkObject @ 0x8220335A -> HOOKED (Unknown @ 0x885AEA80)SSDT[78] : NtCreateThread @ 0x822D4BE0 -> HOOKED (Unknown @ 0x88588EF0)SSDT[116] : NtDebugActiveProcess @ 0x822A7D22 -> HOOKED (Unknown @ 0x885AEE40)SSDT[129] : NtDuplicateObject @ 0x8223B551 -> HOOKED (Unknown @ 0x8801DE70)SSDT[147] : NtFreeVirtualMemory @ 0x820C7F1D -> HOOKED (Unknown @ 0x88612E70)SSDT[156] : NtImpersonateAnonymousToken @ 0x821FDF12 -> HOOKED (Unknown @ 0x87EF5E68)SSDT[158] : NtImpersonateThread @ 0x8221354F -> HOOKED (Unknown @ 0x87EF5F48)SSDT[165] : NtLoadDriver @ 0x821AEDEE -> HOOKED (Unknown @ 0x87E22130)SSDT[177] : NtMapViewOfSection @ 0x8225389A -> HOOKED (Unknown @ 0x88612D70)SSDT[184] : NtOpenEvent @ 0x8223CDCF -> HOOKED (Unknown @ 0x87EF5C98)SSDT[195] : NtOpenProcessToken @ 0x82244A2E -> HOOKED (Unknown @ 0x8801DD90)SSDT[197] : NtOpenSection @ 0x8225466D -> HOOKED (Unknown @ 0x87EF5AD8)SSDT[201] : NtOpenThread @ 0x8225F4FF -> HOOKED (Unknown @ 0x8801DF60)SSDT[210] : NtProtectVirtualMemory @ 0x8225D2E2 -> HOOKED (Unknown @ 0x885AEC70)SSDT[282] : NtResumeThread @ 0x8225EB4A -> HOOKED (Unknown @ 0x8782D238)SSDT[289] : NtSetContextThread @ 0x822D606F -> HOOKED (Unknown @ 0x8782D4D8)SSDT[305] : NtSetInformationProcess @ 0x822578C8 -> HOOKED (Unknown @ 0x88612BA0)SSDT[317] : NtSetSystemInformation @ 0x82229EEB -> HOOKED (Unknown @ 0x87EF5990)SSDT[348] : NtUnmapViewOfSection @ 0x82253B5D -> HOOKED (Unknown @ 0x88612C90)SSDT[382] : NtCreateThreadEx @ 0x8225EFE9 -> HOOKED (Unknown @ 0x885AEB70)S_SSDT[317] : Unknown -> HOOKED (Unknown @ 0x88720470)S_SSDT[442] : Unknown -> HOOKED (Unknown @ 0x88724630)S_SSDT[479] : Unknown -> HOOKED (Unknown @ 0x8873A448)S_SSDT[497] : Unknown -> HOOKED (Unknown @ 0x8879CDB0)S_SSDT[498] : Unknown -> HOOKED (Unknown @ 0x8879CCE0)S_SSDT[576] : Unknown -> HOOKED (Unknown @ 0x887D1E50)¤¤¤ HOSTS File: ¤¤¤--> C:\Windows\system32\drivers\etc\hosts127.0.0.1 localhost::1 localhost¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: ST9160821AS ATA Device +++++--- User ---[MBR] 2891c0ca6a498f154dcd482626aaddf1[bSP] a31f3e460ba6638c43a7da304906475e : HP tatooed MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 140576 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 287900865 | Size: 12048 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[1].txt >>RKreport[1].txt Link to post Share on other sites More sharing options...
olsoncol Posted October 1, 2012 Author ID:603022 Share Posted October 1, 2012 # AdwCleaner v2.003 - Logfile created 10/01/2012 at 09:24:33# Updated 23/09/2012 by Xplode# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)# User : Collin - COLIN# Boot Mode : Normal# Running from : C:\Users\Collin\Downloads\adwcleaner.exe# Option [search]***** [services] ********** [Files / Folders] *****File Found : C:\Windows\system32\conduitEngine.tmpFolder Found : C:\Program Files\AVG Secure SearchFolder Found : C:\Program Files\Common Files\AVG Secure SearchFolder Found : C:\ProgramData\AVG Secure SearchFolder Found : C:\ProgramData\Tarma InstallerFolder Found : C:\Users\Collin\AppData\Local\AVG Secure SearchFolder Found : C:\Users\Collin\AppData\Local\ConduitFolder Found : C:\Users\Collin\AppData\LocalLow\AVG Secure SearchFolder Found : C:\Users\Collin\AppData\LocalLow\ConduitFolder Found : C:\Users\Collin\AppData\LocalLow\PriceGongFolder Found : C:\Users\Collin\AppData\Roaming\OpenCandy***** [Registry] *****Key Found : HKCU\Software\AppDataLow\Software\PriceGongKey Found : HKCU\Software\AVG Secure SearchKey Found : HKCU\Software\ConduitKey Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngineKey Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\QueryExplorerKey Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}Key Found : HKCU\Software\ZugoKey Found : HKLM\Software\AVG Secure SearchKey Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXEKey Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLLKey Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPIKey Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObjKey Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlKey Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondaryKey Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Found : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}Key Found : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Found : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}Key Found : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}Key Found : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}Key Found : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}Key Found : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Found : HKLM\SOFTWARE\Classes\Conduit.EngineKey Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocolKey Found : HKLM\SOFTWARE\Classes\SKey Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApiKey Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2790392Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLEKey Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1Key Found : HKLM\Software\ConduitKey Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-pluginKey Found : HKLM\Software\Tarma InstallerKey Found : HKLM\Software\ViewpointKey Found : HKU\S-1-5-21-3750453361-2573893903-1094557867-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Found : HKU\S-1-5-21-3750453361-2573893903-1094557867-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}]Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]***** [internet Browsers] *****-\\ Internet Explorer v9.0.8112.16421[OK] Registry is clean.-\\ Google Chrome v22.0.1229.79File : C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFound [l.20] : urls_to_restore_on_startup = [ "hxxp://www.yahoo.com/", "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=US&userid=1d81189f-0100-4239-8926-ef6b0d69bd12&searchtype=hp" ]Found [l.1960] : urls_to_restore_on_startup = [ "hxxp://www.yahoo.com/", "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=US&userid=1d81189f-0100-4239-8926-ef6b0d69bd12&searchtype=hp" ]*************************AdwCleaner[R1].txt - [7598 octets] - [01/10/2012 09:24:33]########## EOF - C:\AdwCleaner[R1].txt - [7658 octets] ########## Link to post Share on other sites More sharing options...
olsoncol Posted October 1, 2012 Author ID:603023 Share Posted October 1, 2012 That should be everything. I hope it works. Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 1, 2012 ID:603032 Share Posted October 1, 2012 These steps are for olconsol only. If you are a casual viewer, do NOT try this on your system!If you are not olconsol and have a similar problem, do NOT post here; start your own topicThe fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to your System or any other one!You will want to print out or copy these instructions to Notepad for offline reference!If you have a prior copy of Combofix, delete it now !If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power or UPS system)1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.For help reference, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs2. Open notepad and copy/paste the text in the quotebox below into it:KILLALL::DDS::uSearch Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=US&userid=1d81189f-0100-4239-8926-ef6b0d69bd12&searchtype=ds&q={searchTerms}uSearch Bar = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=US&userid=1d81189f-0100-4239-8926-ef6b0d69bd12&searchtype=ds&q={searchTerms}uStart Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=US&userid=1d81189f-0100-4239-8926-ef6b0d69bd12&searchtype=hp&exp=trueuSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=US&userid=1d81189f-0100-4239-8926-ef6b0d69bd12&searchtype=ds&q={searchTerms}File::C:\Windows\system32\conduitEngine.tmpFolder::C:\Users\Collin\AppData\Local\ConduitC:\Users\Collin\AppData\LocalLow\ConduitC:\Users\Collin\AppData\LocalLow\PriceGongC:\Users\Collin\AppData\Roaming\OpenCandySave this as CFScript.txt, in the same location as ComboFix.exeClose Notepad.3. Close any (all) open browsers.4:Refering to the picture above, drag CFScript into ComboFix.exeLook for some initial prompts: Accept the EULA and allow to RunWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stagesIt will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.-------------------------------------------------------A caution - Do not run Combofix more than once.Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.Notes:[1] IF after Combofix reboot you get the message Illegal operation attempted on registry key that has been marked for deletion....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.[2] Do not mouseclick combofix's window nor run any program while Combofix is running.That may cause it to stall.[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh !Reply & Copy/Paste the C:\Combofix.txt log and tell me, How is the system now RE-Enable your AntiVirus and AntiSpyware applications. Link to post Share on other sites More sharing options...
olsoncol Posted October 2, 2012 Author ID:603164 Share Posted October 2, 2012 Still have snap.do on both browsers.ComboFix 12-09-30.03 - Collin 10/01/2012 18:17:06.1.2 - x86Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3006.1739 [GMT -7:00]Running from: c:\users\Collin\Desktop\ComboFix.exeCommand switches used :: c:\users\Collin\Desktop\CFScript.txtAV: Norton Business Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}FW: Norton Business Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}SP: Norton Business Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.FILE ::"c:\windows\system32\conduitEngine.tmp"..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..C:\Install.exec:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.infc:\windows\system32\conduitEngine.tmpc:\windows\system32\drivers\etc\hosts.icsc:\windows\system32\FlashPlayerInstaller.exec:\windows\system32\KBL.LOGc:\windows\system32\muzapp.exe..((((((((((((((((((((((((( Files Created from 2012-09-02 to 2012-10-02 )))))))))))))))))))))))))))))))..2012-10-02 01:35 . 2012-10-02 01:41 -------- d-----w- c:\users\Collin\AppData\Local\temp2012-10-02 01:35 . 2012-10-02 01:35 -------- d-----w- c:\users\Default\AppData\Local\temp2012-10-02 00:51 . 2012-10-02 00:51 -------- d-----w- c:\users\Collin\AppData\Local\Avg20132012-10-01 16:12 . 2012-10-01 16:12 -------- d-----w- c:\program files\ERUNT2012-09-27 19:57 . 2012-09-27 19:57 -------- d-----w- c:\program files\Common Files\Bitdefender2012-09-27 15:14 . 2012-09-27 15:14 -------- d-----w- c:\users\Collin\AppData\Roaming\TuneUp Software2012-09-27 15:01 . 2012-10-02 00:53 -------- d-----w- c:\programdata\MFAData2012-09-27 15:01 . 2012-09-27 15:01 -------- d--h--w- c:\programdata\Common Files2012-09-27 15:01 . 2012-09-27 15:01 -------- d-----w- c:\users\Collin\AppData\Local\MFAData2012-09-27 14:49 . 2012-09-27 14:49 -------- d-----w- c:\users\Collin\AppData\Roaming\Simply Super Software2012-09-27 14:49 . 2003-02-03 03:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll2012-09-27 14:49 . 2002-03-06 08:00 75264 ----a-w- c:\windows\system32\unacev2.dll2012-09-27 14:49 . 2012-09-27 14:49 -------- d-----w- c:\program files\Trojan Remover2012-09-27 14:49 . 2012-09-27 14:49 -------- d-----w- c:\programdata\Simply Super Software2012-09-27 03:23 . 2012-08-21 20:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys2012-09-27 03:17 . 2012-09-27 03:17 -------- d-----w- c:\program files\iPod2012-09-27 03:16 . 2012-09-27 03:23 -------- d-----w- c:\program files\iTunes2012-09-27 03:12 . 2012-09-27 03:12 -------- d-----w- c:\program files\Apple Software Update2012-09-26 16:30 . 2012-09-26 16:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware(362)2012-09-25 17:31 . 2012-09-25 17:32 -------- d-----w- c:\program files\doubleTwist 2.02012-09-25 17:04 . 2012-09-25 17:04 -------- d-----w- c:\users\Collin\AppData\Local\AirParrot2012-09-25 16:56 . 2012-10-01 16:05 -------- d-----w- c:\users\Collin\AppData\Roaming\BitTorrent2012-09-23 00:38 . 2012-09-26 20:45 -------- d-----w- c:\program files\MediaMall2012-09-23 00:36 . 2012-09-26 20:45 -------- d-----w- c:\programdata\MediaMall2012-09-19 20:45 . 2012-09-27 03:23 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E12012-09-18 18:52 . 2012-09-18 18:52 -------- d-----w- c:\users\Default\AppData\Local\Google2012-09-05 16:48 . 2012-09-05 16:49 -------- d-s---w- c:\users\Collin\Google Drive2012-09-04 23:02 . 2011-03-02 11:43 175616 ----a-w- c:\windows\system32\unrar.dll2012-09-04 23:02 . 2012-09-04 23:03 -------- d-----w- c:\program files\K-Lite Codec Pack2012-09-04 22:58 . 2012-09-04 22:58 -------- d-----w- C:\Upload2012-09-04 22:53 . 2012-09-10 14:30 -------- d-----w- C:\AllShare Play...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-09-27 02:37 . 2012-04-03 14:53 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-09-27 02:37 . 2011-11-16 21:19 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-08-24 06:51 . 2012-09-27 10:02 1129472 ----a-w- c:\windows\system32\wininet.dll2012-08-24 06:47 . 2012-09-27 10:02 420864 ----a-w- c:\windows\system32\vbscript.dll2012-08-21 20:01 . 2010-11-02 22:38 106928 ----a-w- c:\windows\system32\GEARAspi.dll2012-07-09 20:42 . 2012-07-09 20:42 4547984 ----a-w- c:\windows\system32\usbaaplrc.dll2012-07-09 20:42 . 2012-07-09 20:42 44032 ----a-w- c:\windows\system32\drivers\usbaapl.sys2012-07-06 05:06 . 2012-08-16 14:57 772544 ----a-w- c:\windows\system32\npDeployJava1.dll2012-07-06 05:06 . 2011-12-26 17:58 687544 ----a-w- c:\windows\system32\deployJava1.dll2012-07-04 14:02 . 2012-08-16 10:20 2047488 ----a-w- c:\windows\system32\win32k.sys2007-11-09 23:10 . 2007-11-09 23:10 30288 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll2007-11-09 23:10 . 2007-11-09 23:10 79440 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll2007-11-09 23:10 . 2007-11-09 23:10 75344 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll2007-11-09 23:10 . 2007-11-09 23:10 140880 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll2007-11-09 23:10 . 2007-11-09 23:10 42576 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll2007-11-09 23:10 . 2007-11-09 23:10 50768 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll2007-11-09 23:10 . 2007-11-09 23:10 34384 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll2007-11-09 23:11 . 2007-11-09 23:11 685648 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll2007-11-09 23:11 . 2007-11-09 23:11 30288 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll2007-08-25 02:52 . 2008-04-18 03:18 300400 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]2012-09-06 22:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]2012-09-06 22:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]2012-09-06 22:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]2012-09-06 22:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2012-09-14 1247504]"bdinstaller"="c:\program files\Common Files\Bitdefender\SetupInformation\downloader\setuplauncher.exe" [2012-07-25 676128].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableUIADesktopToggle"= 0 (0x0).[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnkbackup=c:\windows\pss\Bluetooth.lnk.CommonStartupbackupExtension=.CommonStartup.[HKLM\~\startupfolder\C:^Users^Collin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]path=c:\users\Collin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnkbackup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.StartupbackupExtension=.Startup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]2008-04-24 20:25 202560 ----a-w- c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]2007-05-08 23:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]2007-08-22 23:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]2007-09-04 20:54 554320 ----a-w- c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]2007-09-19 21:31 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]2007-12-20 02:27 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001.R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL.[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]bthsvcs REG_MULTI_SZ BthServWindowsMobile REG_MULTI_SZ wcescomm rapimgrLocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgrLocalServiceAndNoImpersonation REG_MULTI_SZ FontCache.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]2007-08-24 00:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe.Contents of the 'Scheduled Tasks' folder.2012-10-02 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 02:37].2012-10-01 c:\windows\Tasks\Google Software Updater.job- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-09 00:42].2012-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 06:30].2012-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 06:30].2012-10-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3750453361-2573893903-1094557867-1000Core.job- c:\users\Collin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-29 01:15].2012-10-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3750453361-2573893903-1094557867-1000UA.job- c:\users\Collin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-29 01:15].2012-09-18 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Collin.job- c:\program files\Norton Business Suite\Engine\5.2.2.3\navw32.exe [2012-07-16 00:01]..------- Supplementary Scan -------.uInternet Settings,ProxyOverride = <local>;192.168.*.*;*.localuInternet Settings,ProxyServer = http=127.0.0.1:51210TCP: DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dllDPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxp://lazboy3d.icovia.com/PLANNER/Core/Player/2020PlayerAX_WEB_Win32.cab.- - - - ORPHANS REMOVED - - - -.WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)HKLM-Run-ROC_ROC_NT - c:\program files\AVG Secure Search\ROC_ROC_NT.exeMSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exeMSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exeMSConfigStartUp-BitTorrent DNA - c:\users\Collin\Program Files\DNA\btdna.exeMSConfigStartUp-Desktop Software - c:\program files\Common Files\SupportSoft\bin\bcont.exeMSConfigStartUp-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exeMSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exeMSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exeAddRemove-Navizon - c:\windows\system32\javaws.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2012-10-01 18:41Windows 6.0.6002 Service Pack 2 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]"ImagePath"="\"c:\program files\Norton Business Suite\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Business Suite\Engine\5.2.2.3\diMaster.dll\" /prefetch:1".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'Explorer.exe'(4496)c:\windows\System32\netshell.dllc:\windows\system32\btncopy.dll.------------------------ Other Running Processes ------------------------.c:\windows\system32\nvvsvc.exec:\windows\system32\rundll32.exec:\program files\Google\Update\1.3.21.123\GoogleCrashHandler.exec:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files\Bonjour\mDNSResponder.exec:\windows\system32\dlbccoms.exec:\program files\Canon\IJPLM\IJPLMSVC.EXEc:\program files\Common Files\LightScribe\LSSrvc.exec:\program files\Norton Business Suite\Engine\5.2.2.3\ccSvcHst.exec:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exec:\program files\Norton Business Suite\Engine\5.2.2.3\ccSvcHst.exec:\program files\CyberLink\Shared Files\RichVideo.exec:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exec:\windows\system32\DRIVERS\xaudio.exec:\program files\Hewlett-Packard\Shared\hpqwmiex.exec:\program files\HP\QuickPlay\Kernel\TV\QPSched.exec:\windows\system32\DllHost.exec:\windows\System32\rundll32.exec:\program files\Hewlett-Packard\Shared\HpqToaster.exec:\windows\ehome\ehmsas.exec:\program files\iPod\bin\iPodService.exec:\program files\Hewlett-Packard\HP Health Check\hphc_service.exec:\windows\servicing\TrustedInstaller.exe.**************************************************************************.Completion time: 2012-10-01 18:50:52 - machine was rebootedComboFix-quarantined-files.txt 2012-10-02 01:50.Pre-Run: 19,373,211,648 bytes freePost-Run: 24,390,918,144 bytes free.- - End Of File - - 7BF099995E28628099E50B65F74E90CA Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 2, 2012 ID:603242 Share Posted October 2, 2012 For Internet Explorer:Using IE (only!) to http://support.microsoft.com/kb/923737 [ignore any DOES NOT APPLY warning as well as the APPLIES TO section], run the Fix It and then reboot.Tip: For optimal results, enable the Delete personal settings option.Also, in IE, Internet Optionsa) Delete all temporary internet filesb) Delete all cookiesAnd)Using Internet Explorer browser, run the Microsoft Fix-It on the following MS pagehttp://support.microsoft.com/mats/ie_performance_and_safetyFor Chrome browser:Press & hold SHIFT+CTRL+Del keys to get menu for clearing browing data:Check Empty the cacheDelete cookies and other site and plug-in dataand press Clear browsing data buttonStill in Chrome, press ALT+F then SettingsClick Extensions on the left.Closely review the browser extensions that are listed. Disable any that you are not familiar with or that you do not trust.NEXTDownload Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized) Link to post Share on other sites More sharing options...
olsoncol Posted October 4, 2012 Author ID:603815 Share Posted October 4, 2012 Chrome still has the snap.do tab opening. IE does not anymore.info.txt logfile of random's system information tool 1.09 2012-10-04 07:24:18======Uninstall list====== Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438} Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U-->C:\Program Files\Conexant\SmartAudio\SETUP.EXE -U -ISmartAudio -SM=SMAUDIO.EXE,1801-->MsiExec /X{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}7-Zip 9.20-->"C:\Program Files\7-Zip\Uninstall.exe"Acrobat.com-->MsiExec.exe /X{6D8D64BE-F500-55B6-705D-DFD08AFE0624}Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSEAdobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstallAdobe AIR-->MsiExec.exe /I{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}Adobe Flash Player 11 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_278_ActiveX.exe -maintain activexAdobe Flash Player 11 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_278_Plugin.exe -maintain pluginAdobe Reader X (10.1.3)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA1000000001}Adobe Shockwave Player 11.6-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"Adobe Shockwave Player-->MsiExec.exe /X{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}Amazon MP3 Downloader 1.0.17-->C:\Program Files\Amazon\MP3 Downloader\Uninstall.exeAppInventor Setup-->C:\Program Files\AppInventor\commands-for-Appinventor\uninstall.exeApple Application Support-->MsiExec.exe /I{63EC2120-1742-4625-AA47-C6A8AEC9C64C}Apple Mobile Device Support-->MsiExec.exe /I{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}ArcSoft MediaConverter 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B15D991-5619-4BC1-B71E-3DE793B792FC}\setup.exe" -l0x9 Atheros Driver Installation Program-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe" -l0x9 -removeonlyBonjour-->MsiExec.exe /X{79155F2B-9895-49D7-8612-D92580E0DE5B}Canon MP Navigator EX 2.0-->"C:\Program Files\Canon\MP Navigator EX 2.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 2.0\uninst.iniCanon MP240 series MP Drivers-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series /L0x0009Canon MP240 series User Registration-->C:\Program Files\Canon\IJEREG\MP240 series\UNINST.EXECanon Utilities Easy-PhotoPrint EX-->C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.iniCanon Utilities My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.iniCanon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.iniCCleaner-->"C:\Program Files\CCleaner\uninst.exe"Cisco Connect-->"C:\Program Files\Cisco Systems\Cisco Connect\Cisco Connect.exe" -uninstallCitrix Presentation Server Client-->MsiExec.exe /I{42ACCB45-3363-47E0-94E9-F0074CC8BC56}Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe -U -IQh30CFza.INFCPC Lite Plugin-->C:\Windows\UnCpcVw.exe CPC View PluginDesktop Doctor-->MsiExec.exe /I{D87149B3-7A1D-4548-9CBF-032B791E5908}DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstallERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"Google Drive-->MsiExec.exe /X{EACCC042-848D-4166-9D97-B13D1D108722}Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstallHauppauge MCE XP/Vista Software Encoder (2.0.25149)-->C:\PROGRA~1\WinTV\UNSftMCE.EXE C:\PROGRA~1\WinTV\softMCE.LOGHDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_HERMOSA_HSF\UIU32m.exe -U -IHPQHERzm.infHewlett-Packard Active Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {99A120B0-F930-3427-A833-FAD753B85527} /parameterfolder ClientHP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD0E2B92-3814-46F0-893B-4612EA010C7E}\setup.exe" -l0x9 -removeonlyHP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}\setup.exe" -l0x9 -removeonlyHP Games-->"C:\Program Files\HP Games\Uninstall.exe"HP Help and Support-->MsiExec.exe /I{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}HP Integrated Module with Bluetooth wireless technology 6.0.1.5500-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}HP Photosmart Essential 2.5-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.datHP Quick Launch Buttons 6.30 E1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 uninstHP QuickPlay 3.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstallHP QuickTouch 1.00 C4-->MsiExec.exe /I{7DC4A410-9986-4329-9E5D-687B2C42CA39}HP Smart Web Printing-->msiexec /i{A9DC9256-709F-4BEA-B39D-4F11D90585AA}HP Total Care Advisor-->MsiExec.exe /X{b02df929-29a7-4fd2-9a70-81a644b635f7}HP Update-->MsiExec.exe /X{D063F201-FAC4-4D5C-B10B-615058ADE5A7}HP User Guides 0087-->MsiExec.exe /I{4D49757C-367A-4333-BDB3-68966162B14E}HP Wireless Assistant-->MsiExec.exe /I{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}Inkjet Printer/Scanner Extended Survey Program-->C:\Program Files\Canon\IJPLM\SETUP.EXE -RiRemote-->MsiExec.exe /I{91660892-8B9D-4C01-8ED8-6567447937EC}iTunes-->MsiExec.exe /I{0F6F6876-6334-4977-B5DD-CFC12E193420}K-Lite Codec Pack 8.4.0 (Basic)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" -uninstallLiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\ProgramData\LuUninstall.LiveUpdate"LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exeMicrosoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder ClientMicrosoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727}Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727}Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727}Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727}Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {6E107EB7-8B55-48BF-ACCB-199F86A2CD93}Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6E107EB7-8B55-48BF-ACCB-199F86A2CD93}Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLLMicrosoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}Microsoft Office Professional 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLLMicrosoft Office Professional 2007-->MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {1FF96026-A04A-4C3E-B50A-BB7022654D0F}Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {1FF96026-A04A-4C3E-B50A-BB7022654D0F}Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {71F055E8-E2C6-4214-BB3D-BFE03561B89E}Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {71F055E8-E2C6-4214-BB3D-BFE03561B89E}Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}MotoHelper 2.0.40 Driver 4.8.0-->C:\Program Files\Motorola\MotoHelper\uninstall.exeMotoHelper MergeModules-->MsiExec.exe /I{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}Motorola Mobile Drivers Installation 5.4.0-->MsiExec.exe /X{6C12B6BF-3891-497B-B5CA-3D64DA093947}MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}muvee autoProducer 6.1-->C:\Program Files\InstallShield Installation Information\{250E9609-E830-43EB-B379-DAB7546A2422}\muveesetup.exe -removeonly -runfromtempNetflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonlyNorton Business Suite-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\704bfc66\5.2.2.3\InstStub.exe /X /ARPNVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUINVIDIA PhysX v8.10.29-->MsiExec.exe /X{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstallPowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstallRICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anythingRSDLite-->MsiExec.exe /I{2DAFF979-5A46-44FA-B431-DAB8F0580683}Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {94EFE014-E577-310B-B2D5-6973A21D8A90} /qb+ REBOOTPROMPT=""Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {F6F5AC31-9833-3E77-AC8E-8E910CAB39AE} /qb+ REBOOTPROMPT=""Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder ClientSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DB31DEDD-BF95-31E7-A9B7-5480561CEFF3} /parameterfolder ClientSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {67A5F99B-5EBA-3812-8D2E-BC251490DD3F} /parameterfolder ClientSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8DDEFC7E-0C61-3D11-AFC6-5414F2DAFD01} /parameterfolder ClientSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4952F442-5C1A-38EB-8C23-B18EFE77E20C} /parameterfolder ClientSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {9EC88EA8-4ABE-393C-87BD-90EABB1C4C9B} /parameterfolder ClientSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {86BB5A25-8CC3-33CE-A393-CF28901682B2} /parameterfolder ClientSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {16EEC04A-B924-37E0-97CF-422DCEFC1B63} /parameterfolder ClientSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {C4D978AA-2668-3404-96DE-96E2AFC62FD7} /parameterfolder ClientSecurity Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition -->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {C6997D22-CC93-4ED9-AD8A-02C3F3D2F1F9}Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C6997D22-CC93-4ED9-AD8A-02C3F3D2F1F9}Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition -->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {5DD3FF90-B302-45B2-A188-C5EA7ACD5D46}Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5DD3FF90-B302-45B2-A188-C5EA7ACD5D46}Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition -->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {D33B9EF5-3801-496A-A2D6-B7F4BE972D75}Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {D33B9EF5-3801-496A-A2D6-B7F4BE972D75}Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition -->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {B145DBBB-7778-4A5D-9D2B-DA6569F02391}Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B145DBBB-7778-4A5D-9D2B-DA6569F02391}Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {A0D5F849-D9D5-48ED-99D0-C74D7BFA6A09}Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A0D5F849-D9D5-48ED-99D0-C74D7BFA6A09}Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {E34960DB-2A93-45DB-A208-02650F7AB09C}Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E34960DB-2A93-45DB-A208-02650F7AB09C}Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition -->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {2623A96B-78E5-42CC-AB55-6A3969B32E36}Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {2623A96B-78E5-42CC-AB55-6A3969B32E36}Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {293FB6BE-D3EB-4162-B522-F9108040B9FE}Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {293FB6BE-D3EB-4162-B522-F9108040B9FE}Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition -->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {31C0F635-15AD-4AA3-A3C6-B542B403D0EE}Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {31C0F635-15AD-4AA3-A3C6-B542B403D0EE}Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition -->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {3069CE04-082C-4669-9BA1-E6AA66330C1F}Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3069CE04-082C-4669-9BA1-E6AA66330C1F}Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {2B3C041A-A7F2-4A24-968D-4BEB6A123D15}Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {2B3C041A-A7F2-4A24-968D-4BEB6A123D15}Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition -->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {EF5B5C7F-20CB-4A3A-AC3D-F5DE2C2BFDC7}Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {EF5B5C7F-20CB-4A3A-AC3D-F5DE2C2BFDC7}Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition -->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {B4C12F08-B0EF-4CC4-AD5F-381DD62BF640}Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B4C12F08-B0EF-4CC4-AD5F-381DD62BF640}Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition -->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {7BCF7F6B-4AC0-4915-83B2-5CFF6BE9BF77}Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7BCF7F6B-4AC0-4915-83B2-5CFF6BE9BF77}Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {AEA16A27-0B97-4670-818F-A98D06EC0A6F}Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AEA16A27-0B97-4670-818F-A98D06EC0A6F}Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {0EF0D4FB-BB23-4515-AAEA-1240AC2DA525}Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0EF0D4FB-BB23-4515-AAEA-1240AC2DA525}Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {5A8732F0-C20F-4A9B-A2A9-66FE7A586C35}Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition -->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {075C2272-0881-46D3-B3A5-1D83D6940270}Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {075C2272-0881-46D3-B3A5-1D83D6940270}Skifta-->"C:\Program Files\Skifta\Uninstall Skifta.exe"swMSM-->MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726}Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstallTrojan Remover 6.8.5-->"C:\Program Files\Trojan Remover\unins000.exe"Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""Update for Microsoft Office 2007 Help for Common Features (KB957244)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {C8C72583-C907-4D20-8973-C3858D96BD9E}Update for Microsoft Office 2007 Help for Common Features (KB957244)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {C8C72583-C907-4D20-8973-C3858D96BD9E}Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {8F32B14E-F85E-482C-BF8C-C04E1A5ADE4F}Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {8B689F89-5E1C-4DA9-B2B1-7B3843275596}Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {6F0E4983-E419-4591-B7DD-EFB0073D3E47}Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {BBE715CA-02FD-4C5A-90BB-440A967DF05E}Update for Microsoft Office Publisher 2007 Help (KB957249)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4E140A5A-4A90-404A-B955-10C2D98CD3EE}VC80CRTRedist - 8.0.50727.6195-->MsiExec.exe /I{933B4015-4618-4716-A828-5289FC03165F}WeatherBug Gadget-->MsiExec.exe /I{209CDA54-D390-46A2-A97C-7BF61734418D}Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}======Security center information======AS: Windows Defender======System event log======Computer Name: ColinEvent Code: 4376Message: Servicing has required reboot to complete the operation of setting package KB2117917(Update) into Staged(Staged) stateRecord Number: 192088Source Name: Microsoft-Windows-ServicingTime Written: 20111212235555.000000-000Event Type: WarningUser: COLIN\CollinComputer Name: ColinEvent Code: 4376Message: Servicing has required reboot to complete the operation of setting package KB2117917(Update) into Staged(Staged) stateRecord Number: 192087Source Name: Microsoft-Windows-ServicingTime Written: 20111212235555.000000-000Event Type: WarningUser: COLIN\CollinComputer Name: ColinEvent Code: 4376Message: Servicing has required reboot to complete the operation of setting package KB2117917(Update) into Install Requested(Install Requested) stateRecord Number: 192041Source Name: Microsoft-Windows-ServicingTime Written: 20111212235555.000000-000Event Type: WarningUser: COLIN\CollinComputer Name: ColinEvent Code: 4376Message: Servicing has required reboot to complete the operation of setting package KB2117917(Update) into Install Requested(Install Requested) stateRecord Number: 192039Source Name: Microsoft-Windows-ServicingTime Written: 20111212235555.000000-000Event Type: WarningUser: COLIN\CollinComputer Name: ColinEvent Code: 4376Message: Servicing has required reboot to complete the operation of setting package KB2117917(Update) into Install Requested(Install Requested) stateRecord Number: 192035Source Name: Microsoft-Windows-ServicingTime Written: 20111212235555.000000-000Event Type: WarningUser: COLIN\Collin=====Application event log=====Computer Name: ColinEvent Code: 510Message: Windows (2932) Windows: A request to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 105611264 (0x00000000064b8000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (10490 seconds) to be serviced by the OS. In addition, 2 other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted 11544 seconds ago. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.Record Number: 39999Source Name: ESENTTime Written: 20111116003840.000000-000Event Type: WarningUser: Computer Name: ColinEvent Code: 508Message: Windows (2932) Windows: A request to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log" at offset 69120 (0x0000000000010e00) for 33280 (0x00008200) bytes succeeded, but took an abnormally long time (5255 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.Record Number: 39998Source Name: ESENTTime Written: 20111115212616.000000-000Event Type: WarningUser: Computer Name: ColinEvent Code: 507Message: Windows (2932) Windows: A request to read from the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 62472192 (0x0000000003b94000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (5255 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.Record Number: 39997Source Name: ESENTTime Written: 20111115212615.000000-000Event Type: WarningUser: Computer Name: ColinEvent Code: 10Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.Record Number: 39983Source Name: Microsoft-Windows-WMITime Written: 20111115183835.000000-000Event Type: ErrorUser: Computer Name: ColinEvent Code: 10Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.Record Number: 39917Source Name: Microsoft-Windows-WMITime Written: 20111114005541.000000-000Event Type: ErrorUser: =====Security event log=====Computer Name: ColinEvent Code: 4905Message: An attempt was made to unregister a security event source.SubjectSecurity ID: S-1-5-18Account Name: COLIN$Account Domain: FRANZLogon ID: 0x3e7Process:Process ID: 0x14dcProcess Name: C:\Windows\System32\VSSVC.exeEvent Source:Source Name: VSSAuditEvent Source ID: 0x3df9fd8Record Number: 13317Source Name: Microsoft-Windows-Security-AuditingTime Written: 20100128212159.282100-000Event Type: Audit SuccessUser: Computer Name: ColinEvent Code: 4904Message: An attempt was made to register a security event source.Subject :Security ID: S-1-5-18Account Name: COLIN$Account Domain: FRANZLogon ID: 0x3e7Process:Process ID: 0x14dcProcess Name: C:\Windows\System32\VSSVC.exeEvent Source:Source Name: VSSAuditEvent Source ID: 0x3df9fd8Record Number: 13316Source Name: Microsoft-Windows-Security-AuditingTime Written: 20100128212159.282100-000Event Type: Audit SuccessUser: Computer Name: ColinEvent Code: 4672Message: Special privileges assigned to new logon.Subject:Security ID: S-1-5-18Account Name: SYSTEMAccount Domain: NT AUTHORITYLogon ID: 0x3e7Privileges: SeAssignPrimaryTokenPrivilegeSeTcbPrivilegeSeSecurityPrivilegeSeTakeOwnershipPrivilegeSeLoadDriverPrivilegeSeBackupPrivilegeSeRestorePrivilegeSeDebugPrivilegeSeAuditPrivilegeSeSystemEnvironmentPrivilegeSeImpersonatePrivilegeRecord Number: 13315Source Name: Microsoft-Windows-Security-AuditingTime Written: 20100128212035.244900-000Event Type: Audit SuccessUser: Computer Name: ColinEvent Code: 4624Message: An account was successfully logged on.Subject:Security ID: S-1-5-18Account Name: COLIN$Account Domain: FRANZLogon ID: 0x3e7Logon Type: 5New Logon:Security ID: S-1-5-18Account Name: SYSTEMAccount Domain: NT AUTHORITYLogon ID: 0x3e7Logon GUID: {00000000-0000-0000-0000-000000000000}Process Information:Process ID: 0x2a0Process Name: C:\Windows\System32\services.exeNetwork Information:Workstation Name: Source Network Address: -Source Port: -Detailed Authentication Information:Logon Process: Advapi Authentication Package: NegotiateTransited Services: -Package Name (NTLM only): -Key Length: 0This event is generated when a logon session is created. It is generated on the computer that was accessed.The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.The authentication information fields provide detailed information about this specific logon request.- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.- Transited services indicate which intermediate services have participated in this logon request.- Package name indicates which sub-protocol was used among the NTLM protocols.- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.Record Number: 13314Source Name: Microsoft-Windows-Security-AuditingTime Written: 20100128212035.244900-000Event Type: Audit SuccessUser: Computer Name: ColinEvent Code: 4648Message: A logon was attempted using explicit credentials.Subject:Security ID: S-1-5-18Account Name: COLIN$Account Domain: FRANZLogon ID: 0x3e7Logon GUID: {00000000-0000-0000-0000-000000000000}Account Whose Credentials Were Used:Account Name: SYSTEMAccount Domain: NT AUTHORITYLogon GUID: {00000000-0000-0000-0000-000000000000}Target Server:Target Server Name: localhostAdditional Information: localhostProcess Information:Process ID: 0x2a0Process Name: C:\Windows\System32\services.exeNetwork Information:Network Address: -Port: -This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.Record Number: 13313Source Name: Microsoft-Windows-Security-AuditingTime Written: 20100128212035.244900-000Event Type: Audit SuccessUser: ======Environment variables======"ComSpec"=%SystemRoot%\system32\cmd.exe"FP_NO_HOST_CHECK"=NO"OS"=Windows_NT"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\CyberLink\Power2Go;"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC"PROCESSOR_ARCHITECTURE"=x86"TEMP"=%SystemRoot%\TEMP"TMP"=%SystemRoot%\TEMP"USERNAME"=SYSTEM"windir"=%SystemRoot%"PROCESSOR_LEVEL"=15"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 104 Stepping 2, AuthenticAMD"PROCESSOR_REVISION"=6802"NUMBER_OF_PROCESSORS"=2"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat"DFSTRACINGON"=FALSE"PLATFORM"=MCD"PCBRAND"=Pavilion"OnlineServices"=Online Services"USERPART"=E:"asl.log"=Destination=file;OnFirstLog=command,environment,parent-----------------EOF-----------------Logfile of random's system information tool 1.09 (written by random/random)Run by Collin at 2012-10-04 07:23:48Microsoft® Windows Vista™ Home Premium Service Pack 2System drive C: has 19 GB (14%) free of 141 GBTotal RAM: 3006 MB (42% free)Logfile of Trend Micro HijackThis v2.0.4Scan saved at 7:24:12 AM, on 10/4/2012Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v9.00 (9.00.8112.16450)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Windows\system32\taskeng.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exeC:\Windows\System32\rundll32.exeC:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\ehome\ehmsas.exeC:\Program Files\Norton Business Suite\Engine\5.2.2.3\ccSvcHst.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Program Files\Hewlett-Packard\Shared\HpqToaster.exeC:\Users\Collin\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exeC:\Users\Collin\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Collin\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\system32\SearchFilterHost.exeC:\Users\Collin\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Collin\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Collin\Downloads\RSIT.exeC:\Program Files\trend micro\Collin.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptopR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = PreserveR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptopR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:51210R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Business Suite\Engine\5.2.2.3\coIEPlg.dllO2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Business Suite\Engine\5.2.2.3\IPS\IPSBHO.DLLO3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Business Suite\Engine\5.2.2.3\coIEPlg.dllO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exeO4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /bootO4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exeO4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dllO9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - (no file)O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLLO9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dllO16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cabO16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames/zpa_dmno.cab55579.cabO16 - DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} (20-20 3D Viewer for WEB) - http://lazboy3d.icovia.com/PLANNER/Core/Player/2020PlayerAX_WEB_Win32.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cabO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dllO23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exeO23 - Service: dlbc_device - - C:\Windows\system32\dlbccoms.exeO23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exeO23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exeO23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXEO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXEO23 - Service: Norton Business Suite (N360) - Symantec Corporation - C:\Program Files\Norton Business Suite\Engine\5.2.2.3\ccSvcHst.exeO23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exeO23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exeO23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exeO23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exeO23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe--End of file - 8816 bytes======Scheduled tasks folder======C:\Windows\tasks\Adobe Flash Player Updater.jobC:\Windows\tasks\Google Software Updater.jobC:\Windows\tasks\GoogleUpdateTaskMachineCore.jobC:\Windows\tasks\GoogleUpdateTaskMachineUA.jobC:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3750453361-2573893903-1094557867-1000Core.jobC:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3750453361-2573893903-1094557867-1000UA.jobC:\Windows\tasks\Norton Internet Security - Run Full System Scan - Collin.job======Registry dump======[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]Symantec NCO BHO - C:\Program Files\Norton Business Suite\Engine\5.2.2.3\coIEPlg.dll [2012-06-07 436192][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]Symantec Intrusion Prevention - C:\Program Files\Norton Business Suite\Engine\5.2.2.3\IPS\IPSBHO.DLL [2011-03-30 210872][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Business Suite\Engine\5.2.2.3\coIEPlg.dll [2012-06-07 436192][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-01-18 1033512]"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-09-13 480560]"WAWifiMessage"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-08 311296]"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-12-04 13556256]"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-12-04 92704]"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-08-27 59280]"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2012-09-09 421776]"TrojanScanner"=C:\Program Files\Trojan Remover\Trjscan.exe [2012-09-14 1247504][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-10 1233920][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe [2008-04-24 202560][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [2007-09-04 554320][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-09-19 202032][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]C:\Program Files\HP\QuickPlay\QPService.exe [2007-12-19 468264][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2007-09-05 727592][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Collin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]C:\PROGRA~1\MICROS~3\Office12\ONENOTEM.EXE [2009-02-26 97680][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]"dontdisplaylastusername"=0"legalnoticecaption"="legalnoticetext"="shutdownwithoutlogon"=1"undockwithoutlogon"=1"EnableUIADesktopToggle"=0[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]"NoDrives"=0[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]"BindDirectlyToPropertySetStorage"=0"NoDrives"=0[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink""C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]"vidc.mrle"=msrle32.dll"vidc.msvc"=msvidc32.dll"msacm.imaadpcm"=imaadp32.acm"msacm.msg711"=msg711.acm"msacm.msgsm610"=msgsm32.acm"msacm.msadpcm"=msadp32.acm"midimapper"=midimap.dll"wavemapper"=msacm32.drv"VIDC.UYVY"=msyuv.dll"VIDC.YUY2"=msyuv.dll"VIDC.YVYU"=msyuv.dll"VIDC.IYUV"=iyuv_32.dll"vidc.i420"=iyuv_32.dll"VIDC.YVU9"=tsbyuv.dll"msacm.l3acm"=C:\Windows\System32\l3codeca.acm"vidc.cvid"=iccvid.dll"MSVideo8"=VfWWDM32.dll"msacm.l3codecp"=l3codecp.acm"wave2"=wdmaud.drv"midi2"=wdmaud.drv"mixer2"=wdmaud.drv"wave1"=wdmaud.drv"midi1"=wdmaud.drv"mixer1"=wdmaud.drv"wave"=wdmaud.drv"midi"=wdmaud.drv"mixer"=wdmaud.drv"aux"=wdmaud.drv======File associations======.js - edit - C:\Windows\System32\Notepad.exe %1======List of files/folders created in the last 1 month======2012-10-04 07:23:50 ----D---- C:\Program Files\trend micro2012-10-04 07:23:48 ----D---- C:\rsit2012-10-02 17:02:22 ----D---- C:\f23efcd6d6e508a4ea3fce2012-10-01 19:34:47 ----D---- C:\N360_BACKUP2012-10-01 18:50:57 ----D---- C:\Windows\temp2012-10-01 18:50:53 ----A---- C:\ComboFix.txt2012-10-01 18:39:52 ----D---- C:\$RECYCLE.BIN2012-10-01 18:10:57 ----A---- C:\Windows\zip.exe2012-10-01 18:10:57 ----A---- C:\Windows\SWSC.exe2012-10-01 18:10:57 ----A---- C:\Windows\SWREG.exe2012-10-01 18:10:57 ----A---- C:\Windows\sed.exe2012-10-01 18:10:57 ----A---- C:\Windows\PEV.exe2012-10-01 18:10:57 ----A---- C:\Windows\NIRCMD.exe2012-10-01 18:10:57 ----A---- C:\Windows\MBR.exe2012-10-01 18:10:57 ----A---- C:\Windows\grep.exe2012-10-01 17:57:58 ----D---- C:\Qoobox2012-10-01 09:24:33 ----A---- C:\AdwCleaner[R1].txt2012-10-01 09:13:16 ----D---- C:\Windows\ERDNT2012-10-01 09:12:20 ----D---- C:\Program Files\ERUNT2012-09-27 12:57:48 ----D---- C:\Program Files\Common Files\Bitdefender2012-09-27 08:14:45 ----D---- C:\Users\Collin\AppData\Roaming\TuneUp Software2012-09-27 08:01:35 ----HD---- C:\ProgramData\Common Files2012-09-27 08:01:35 ----D---- C:\ProgramData\MFAData2012-09-27 07:55:22 ----D---- C:\ProgramData\TEMP2012-09-27 07:49:18 ----D---- C:\Users\Collin\AppData\Roaming\Simply Super Software2012-09-27 07:49:06 ----A---- C:\Windows\system32\ztvunrar39.dll2012-09-27 07:49:06 ----A---- C:\Windows\system32\ztvunrar36.dll2012-09-27 07:49:06 ----A---- C:\Windows\system32\ztvunace26.dll2012-09-27 07:49:06 ----A---- C:\Windows\system32\ztv7z.dll2012-09-27 07:49:05 ----A---- C:\Windows\system32\ztvcabinet.dll2012-09-27 07:49:05 ----A---- C:\Windows\system32\UNRAR3.dll2012-09-27 07:49:05 ----A---- C:\Windows\system32\unacev2.dll2012-09-27 07:49:02 ----D---- C:\ProgramData\Simply Super Software2012-09-27 07:49:02 ----D---- C:\Program Files\Trojan Remover2012-09-27 03:02:33 ----A---- C:\Windows\system32\vbscript.dll2012-09-27 03:02:33 ----A---- C:\Windows\system32\mshtmled.dll2012-09-27 03:02:31 ----A---- C:\Windows\system32\ieui.dll2012-09-27 03:02:30 ----A---- C:\Windows\system32\jsproxy.dll2012-09-27 03:02:30 ----A---- C:\Windows\system32\ieUnatt.exe2012-09-27 03:02:29 ----A---- C:\Windows\system32\msfeeds.dll2012-09-27 03:02:28 ----A---- C:\Windows\system32\wininet.dll2012-09-27 03:02:27 ----A---- C:\Windows\system32\jscript.dll2012-09-27 03:02:26 ----A---- C:\Windows\system32\url.dll2012-09-27 03:02:26 ----A---- C:\Windows\system32\jscript9.dll2012-09-27 03:02:24 ----A---- C:\Windows\system32\iertutil.dll2012-09-27 03:02:22 ----A---- C:\Windows\system32\urlmon.dll2012-09-27 03:02:18 ----A---- C:\Windows\system32\ieframe.dll2012-09-27 03:02:17 ----A---- C:\Windows\system32\mshtml.dll2012-09-26 20:23:15 ----A---- C:\Windows\system32\drivers\GEARAspiWDM.sys2012-09-26 20:17:13 ----D---- C:\Program Files\iPod2012-09-26 20:16:58 ----D---- C:\Program Files\iTunes2012-09-26 20:12:49 ----D---- C:\Program Files\Apple Software Update2012-09-26 09:30:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware(362)2012-09-25 10:31:45 ----D---- C:\Program Files\doubleTwist 2.02012-09-25 09:56:54 ----D---- C:\Users\Collin\AppData\Roaming\BitTorrent2012-09-22 17:38:25 ----D---- C:\Program Files\MediaMall2012-09-22 17:36:20 ----D---- C:\ProgramData\MediaMall2012-09-19 13:45:20 ----D---- C:\Program Files\iPod(360)2012-09-19 13:45:13 ----D---- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E12012-09-19 13:45:13 ----D---- C:\Program Files\iTunes(361)======List of files/folders modified in the last 1 month======2012-10-04 07:24:10 ----D---- C:\Windows\Prefetch2012-10-04 07:23:50 ----RD---- C:\Program Files2012-10-04 07:21:02 ----SHD---- C:\Windows\Installer2012-10-04 07:19:21 ----SHD---- C:\System Volume Information2012-10-01 18:51:05 ----D---- C:\Windows\system32\drivers2012-10-01 18:50:57 ----D---- C:\Windows2012-10-01 18:40:21 ----A---- C:\Windows\system.ini2012-10-01 18:39:13 ----D---- C:\Windows\system32\drivers\etc2012-10-01 18:37:36 ----D---- C:\ProgramData2012-10-01 18:34:33 ----D---- C:\Windows\System322012-10-01 18:34:30 ----SD---- C:\Windows\Downloaded Program Files2012-10-01 18:26:55 ----D---- C:\Windows\AppPatch2012-10-01 18:26:51 ----D---- C:\Program Files\Common Files2012-10-01 17:48:11 ----D---- C:\Windows\inf2012-10-01 17:33:10 ----D---- C:\ProgramData\CanonIJPLM2012-09-27 19:37:00 ----D---- C:\Program Files\Java2012-09-27 08:47:47 ----D---- C:\Windows\system32\catroot2012-09-27 03:27:01 ----D---- C:\Program Files\Microsoft Silverlight2012-09-27 03:22:47 ----D---- C:\Windows\system32\migration2012-09-27 03:22:21 ----D---- C:\Program Files\Internet Explorer2012-09-27 03:05:01 ----D---- C:\Windows\winsxs2012-09-27 03:04:07 ----D---- C:\Windows\system32\catroot22012-09-26 20:23:15 ----DC---- C:\Windows\system32\DRVSTORE2012-09-26 20:17:03 ----D---- C:\Program Files\Common Files\Apple2012-09-26 20:13:03 ----D---- C:\Windows\system32\Tasks2012-09-26 19:57:07 ----D---- C:\Users\Collin\AppData\Roaming\Apple Computer2012-09-26 19:37:27 ----A---- C:\Windows\system32\FlashPlayerApp.exe2012-09-26 17:09:48 ----D---- C:\Windows\system32\config2012-09-26 17:09:09 ----RSD---- C:\Windows\Media2012-09-26 17:09:09 ----D---- C:\Windows\Tasks2012-09-26 17:09:09 ----D---- C:\Windows\system32\wbem2012-09-26 17:09:09 ----D---- C:\Windows\system32\spool2012-09-26 17:09:09 ----D---- C:\Windows\system32\Msdtc2012-09-26 17:09:09 ----D---- C:\Windows\system32\CodeIntegrity2012-09-26 17:09:02 ----D---- C:\Program Files\Malwarebytes' Anti-Malware2012-09-26 17:08:55 ----D---- C:\Program Files\7-Zip2012-09-26 17:08:49 ----D---- C:\Windows\registration2012-09-26 16:39:58 ----A---- C:\Windows\system32\PerfStringBackup.INI2012-09-26 09:21:54 ----D---- C:\Windows\Debug2012-09-25 11:41:48 ----SD---- C:\Users\Collin\AppData\Roaming\Microsoft2012-09-25 11:30:13 ----D---- C:\Program Files\Common Files\Adobe2012-09-25 11:03:41 ----RSD---- C:\Windows\assembly2012-09-25 10:31:32 ----D---- C:\Users\Collin\AppData\Roaming\OpenCandy2012-09-22 17:34:03 ----D---- C:\Windows\Downloaded Installations2012-09-12 03:11:47 ----D---- C:\ProgramData\Microsoft Help2012-09-12 03:02:41 ----A---- C:\Windows\system32\mrt.exe2012-09-10 11:48:35 ----D---- C:\ProgramData\Samsung2012-09-10 11:40:42 ----D---- C:\Program Files\Samsung2012-09-10 07:30:00 ----D---- C:\AllShare Play2012-09-05 09:47:02 ----D---- C:\Program Files\Google======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\N360\0502020.003\SYMDS.SYS [2011-01-26 340088]R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\N360\0502020.003\SYMEFA.SYS [2011-03-14 744568]R1 BHDrvx86;BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120928.001\BHDrvx86.sys [2012-09-19 995488]R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2012-08-09 376480]R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121003.001\IDSvix86.sys [2012-09-25 386720]R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\system32\drivers\N360\0502020.003\SRTSPX.SYS [2011-03-30 50168]R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\N360\0502020.003\Ironx86.SYS [2010-11-15 136312]R1 SYMTDIv;Symantec Vista Network Dispatch Driver; C:\Windows\System32\Drivers\N360\0502020.003\SYMTDIV.SYS [2011-04-20 331384]R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-12-06 761856]R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-10 22528]R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-20 92160]R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-06-17 30208]R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2007-09-18 80424]R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2007-09-18 80936]R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-09-18 16168]R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-03-04 188416]R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 106656]R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 26840]R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]R3 HpqRemHid;HP Remote Control HID Device; C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-11-01 985600]R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-11-01 208896]R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121003.032\NAVENG.SYS [2012-09-26 92704]R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121003.032\NAVEX15.SYS [2012-09-26 1601184]R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-03-06 1059112]R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-12-04 7606688]R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-16 12032]R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-10 148992]R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-10 89088]R3 SRTSP;Symantec Real Time Storage Protection; C:\Windows\System32\Drivers\N360\0502020.003\SRTSP.SYS [2011-03-30 516216]R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2011-10-19 126584]R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-01-18 196784]R3 UMPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys [2008-01-20 7680]R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-11-01 661504]S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2011-04-21 508416]S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2007-09-09 176640]S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-20 200704]S3 motandroidusb;Mot ADB Interface Driver; C:\Windows\System32\Drivers\motoandroid.sys [2009-07-10 25856]S3 motccgp;Motorola USB Composite Device Driver; C:\Windows\system32\DRIVERS\motccgp.sys [2011-04-04 20480]S3 motccgpfl;MotCcgpFlService; C:\Windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 8320]S3 MotDev;Motorola Inc. USB Device; C:\Windows\system32\DRIVERS\motodrv.sys [2009-05-08 42752]S3 MotoSwitchService;MotoSwitch Service; C:\Windows\system32\DRIVERS\motswch.sys [2007-11-02 6400]S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]S3 MusCAudio;MusCAudio; C:\Windows\system32\drivers\MusCAudio.sys [2010-09-11 23608]S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-04-10 15872]S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2012-07-09 44032]S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 35328]S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-20 134016]S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-20 39936]S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-08-11 55184]R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 390504]R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-20 21504]R2 dlbc_device;dlbc_device; C:\Windows\system32\dlbccoms.exe [2007-03-01 538096]R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-20 21504]R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-19 65536]R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]R2 IJPLMSVC;Inkjet Printer/Scanner Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2008-01-22 103808]R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-08-23 79136]R2 N360;Norton Business Suite; C:\Program Files\Norton Business Suite\Engine\5.2.2.3\ccSvcHst.exe [2011-04-16 130008]R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-12-04 203296]R2 QPCapSvc;QuickPlay Background Capture Service (QBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2007-12-19 271760]R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-20 21504]R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]R2 sprtsvc_ddoctorv2;SupportSoft Sprocket Service (ddoctorv2); C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe [2008-04-24 202560]R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-20 21504]R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-09-09 821648]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-03 135664]S2 QPSched;QuickPlay Task Scheduler (QTS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2007-12-19 112016]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-26 250288]S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-03-05 110592]S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2010-04-16 246520]S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-03 135664]S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2009-02-19 3220856]S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]S4 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2009-02-19 238968]-----------------EOF-----------------Thanks for your help so far. Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 4, 2012 ID:603888 Share Posted October 4, 2012 I see a utility Trojan Remover {trojan scanner} in your startup programs.The bonafides of that utility is unknown to me. If you did not buy it, please Uninstall it & then restart the system.2Download TFC by OldTimer and SAVE it to your desktop Double-click TFC.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).It will close all programs when run, so make sure you have saved all your work before you begin.Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion. Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.3Next, do this:1. Open Internet Explorer.2. Click "Tools," and then click "Internet Options."3. Click "Connections," and then click "LAN Settings."4. Make sure the check boxes for "Automatically detect settings" and "Use automatic configuration script" are not selected.5. Make sure Proxy servers block is not selected (not checkmarked).6. Apply changes & OK4Save and close any work documents, close any apps that you started.Start your MBAM MalwareBytes' Anti-Malware. Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.Next, Click the Update tab. Press the "Check for Updates" button. If prompted for a Restart, do that.When done, click the Scanner tab.Do a Quick Scan. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy & Paste the latest MBAM scan log in a new reply, for my review.5Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.6Download >> Farbar's Service Scanner utility << and Save to your Desktop.If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Admisnitrator.If using XP, double-click to start.Answer Yes to ok when prompted.If your firewall then puts out a prompt, again, allow it to run.Once FSS is on-screen, be sure the following items are checkmarked:Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderClick on "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Copy & Paste contents of FSS.txt into your reply. 7Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exeClose all open windows on the Task Bar. Click the icon (for Vista, or Windows 7 Right click the icon and Run as Administrator) to start the program.In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!Exit OTL by clicking the X at top right.Copy & Paste the contents of OTL.txt + Extras.txt into a new reply. Link to post Share on other sites More sharing options...
olsoncol Posted October 4, 2012 Author ID:603920 Share Posted October 4, 2012 Malwarebytes Anti-Malware (Trial) 1.65.0.1400www.malwarebytes.orgDatabase version: v2012.10.04.10Windows Vista Service Pack 2 x86 NTFSInternet Explorer 9.0.8112.16421Collin :: COLIN [administrator]Protection: Disabled10/4/2012 11:46:14 AMmbam-log-2012-10-04 (11-46-14).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 208373Time elapsed: 9 minute(s), 34 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 1C:\Users\Collin\Downloads\FlvPlayerSetup.exe (Adware.Agent) -> Quarantined and deleted successfully.(end) Link to post Share on other sites More sharing options...
olsoncol Posted October 4, 2012 Author ID:603924 Share Posted October 4, 2012 Results of screen317's Security Check version 0.99.51 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! Norton Business Suite WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.0.1400 CCleaner Adobe Flash Player 11.4.402.278 Adobe Reader X 10.1.3 Adobe Reader out of Date! Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 8 % Defragment your hard drive soon! (Do NOT defrag if SSD!)````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
olsoncol Posted October 4, 2012 Author ID:603927 Share Posted October 4, 2012 Farbar Service Scanner Version: 19-09-2012Ran by Collin (administrator) on 04-10-2012 at 12:49:34Running from "C:\Users\Collin\Downloads"Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)Boot Mode: Normal****************************************************************Internet Services:============Connection Status:==============Localhost is accessible.LAN connected.Google IP is accessible.Google.com is accessible.Yahoo IP is accessible.Yahoo.com is accessible.Windows Firewall:=============Firewall Disabled Policy: ==================[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall"=DWORD:0System Restore:============System Restore Disabled Policy: ========================Security Center:============Windows Update:============Windows Autoupdate Disabled Policy: ============================Windows Defender:==============WinDefend Service is not running. Checking service configuration:The start type of WinDefend service is set to Demand. The default start type is Auto.The ImagePath of WinDefend service is OK.The ServiceDll of WinDefend service is OK.Other Services:==============File Check:========C:\Windows\system32\nsisvc.dll => MD5 is legitC:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legitC:\Windows\system32\dhcpcsvc.dll => MD5 is legitC:\Windows\system32\Drivers\afd.sys => MD5 is legitC:\Windows\system32\Drivers\tdx.sys => MD5 is legitC:\Windows\system32\Drivers\tcpip.sys => MD5 is legitC:\Windows\system32\dnsrslvr.dll => MD5 is legitC:\Windows\system32\mpssvc.dll => MD5 is legitC:\Windows\system32\bfe.dll => MD5 is legitC:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legitC:\Windows\system32\SDRSVC.dll => MD5 is legitC:\Windows\system32\vssvc.exe => MD5 is legitC:\Windows\system32\wscsvc.dll => MD5 is legitC:\Windows\system32\wbem\WMIsvc.dll => MD5 is legitC:\Windows\system32\wuaueng.dll => MD5 is legitC:\Windows\system32\qmgr.dll => MD5 is legitC:\Windows\system32\es.dll => MD5 is legitC:\Windows\system32\cryptsvc.dll => MD5 is legitC:\Program Files\Windows Defender\MpSvc.dll => MD5 is legitC:\Windows\system32\svchost.exe => MD5 is legitC:\Windows\system32\rpcss.dll => MD5 is legit**** End of log **** Link to post Share on other sites More sharing options...
olsoncol Posted October 4, 2012 Author ID:603935 Share Posted October 4, 2012 OTL logfile created on: 10/4/2012 12:53:29 PM - Run 1OTL by OldTimer - Version 3.2.70.2 Folder = C:\Users\Collin\DownloadsWindows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy2.94 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 54.32% Memory free6.08 Gb Paging File | 5.04 Gb Available in Paging File | 82.85% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 137.28 Gb Total Space | 17.93 Gb Free Space | 13.06% Space Free | Partition Type: NTFSDrive D: | 11.77 Gb Total Space | 1.99 Gb Free Space | 16.93% Space Free | Partition Type: NTFSComputer Name: COLIN | User Name: Collin | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current userCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2012/10/04 12:51:03 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Collin\Downloads\OTL.exePRC - [2012/09/16 14:46:15 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exePRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exePRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exePRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exePRC - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Business Suite\Engine\5.2.2.3\ccsvchst.exePRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exePRC - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exePRC - [2008/01/22 10:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exePRC - [2007/03/01 16:52:04 | 000,538,096 | ---- | M] ( ) -- C:\Windows\System32\dlbccoms.exe========== Modules (No Company Name) ==========MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dllMOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dllMOD - [2007/12/19 19:27:04 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll========== Services (SafeList) ==========SRV - [2012/09/26 19:37:30 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)SRV - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Business Suite\Engine\5.2.2.3\ccSvcHst.exe -- (N360)SRV - [2009/02/19 13:10:54 | 000,238,968 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)SRV - [2009/02/19 13:09:53 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2)SRV - [2008/01/22 10:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)SRV - [2007/03/05 10:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)SRV - [2007/03/01 16:52:04 | 000,538,096 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlbccoms.exe -- (dlbc_device)========== Driver Services (SafeList) ==========DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)DRV - [2012/09/26 16:24:50 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121004.002\NAVEX15.SYS -- (NAVEX15)DRV - [2012/09/26 16:24:49 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121004.002\NAVENG.SYS -- (NAVENG)DRV - [2012/09/25 15:37:04 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121003.001\IDSvix86.sys -- (IDSVix86)DRV - [2012/09/19 22:28:58 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120928.001\BHDrvx86.sys -- (BHDrvx86)DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)DRV - [2012/08/09 07:12:16 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)DRV - [2012/08/09 07:12:16 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)DRV - [2011/10/19 10:49:15 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)DRV - [2011/04/20 18:37:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502020.003\symtdiv.sys -- (SYMTDIv)DRV - [2011/04/04 15:55:38 | 000,020,480 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)DRV - [2011/03/30 20:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\N360\0502020.003\srtsp.sys -- (SRTSP)DRV - [2011/03/30 20:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502020.003\srtspx.sys -- (SRTSPX)DRV - [2011/03/14 19:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0502020.003\symefa.sys -- (SymEFA)DRV - [2011/01/26 23:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0502020.003\symds.sys -- (SymDS)DRV - [2010/11/15 18:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502020.003\ironx86.sys -- (SymIRON)DRV - [2010/09/11 08:04:34 | 000,023,608 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MusCAudio.sys -- (MusCAudio)DRV - [2009/07/10 14:01:06 | 000,025,856 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motoandroid.sys -- (motandroidusb)DRV - [2009/05/08 12:56:12 | 000,042,752 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motodrv.sys -- (MotDev)DRV - [2009/01/29 18:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)DRV - [2008/12/04 03:42:00 | 007,606,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)DRV - [2008/03/04 02:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)DRV - [2007/12/06 13:40:14 | 000,761,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)DRV - [2007/11/02 16:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)DRV - [2007/10/18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)DRV - [2007/09/09 15:12:28 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)DRV - [2007/07/11 10:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)DRV - [2007/03/21 22:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)DRV - [2007/03/06 19:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)DRV - [2007/02/24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)DRV - [2007/02/16 14:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)DRV - [2007/01/23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\..\SearchScopes,DefaultScope = {BE28C22E-F666-424d-B5FD-125C4AFEE34E}IE - HKLM\..\SearchScopes\{3925FC94-8FDF-4529-82E1-B1E9CBBB30D1}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpdIE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392IE - HKLM\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheritage.com?orig=ds&q={searchTerms}IE - HKLM\..\SearchScopes\{C36CE9A6-1529-404B-B2A2-1F95AEF0F71F}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdtIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptopIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = PreserveIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptopIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehpIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usIE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;192.168.*.*;*.localIE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:51210========== FireFox ==========FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not foundFF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10516.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files\Common Files\doubleTwist\NPPodcast.dll File not foundFF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Collin\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Collin\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/10/01 07:55:52 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/09/26 17:09:05 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_12_1 [2012/10/04 12:30:33 | 000,000,000 | ---D | M]FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/10/01 07:55:52 | 000,000,000 | ---D | M][2011/12/20 10:52:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions[2010/02/08 10:49:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}[2007/08/24 19:52:00 | 000,300,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll[2007/11/09 16:10:22 | 000,079,440 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll[2007/11/09 16:10:24 | 000,075,344 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\confmgr.dll[2007/11/09 16:10:50 | 000,034,384 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\logging.dll[2008/01/07 17:45:16 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll[2011/01/18 18:23:39 | 001,286,144 | ---- | M] (Cartesian Products, Inc. For more information, visit http://www.cartesianinc.com) -- C:\Program Files\mozilla firefox\plugins\NPCPC32.dll[2007/11/09 16:11:08 | 000,333,392 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll[2007/11/09 16:11:38 | 000,030,288 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll[2011/09/29 16:58:28 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old========== Chrome ==========CHR - homepage: http://www.yahoo.com/CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},CHR - homepage: http://www.yahoo.com/CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Collin\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dllCHR - plugin: Shockwave Flash (Enabled) = C:\Users\Collin\AppData\Local\Google\Chrome\Application\22.0.1229.79\gcswf32.dllCHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dllCHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Users\Collin\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Collin\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dllCHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmnjbmphbleidpnikdjpjgpcfbabcndn\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dllCHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dllCHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dllCHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dllCHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dllCHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dllCHR - plugin: Java Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dllCHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dllCHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dllCHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dllCHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dllCHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dllCHR - Extension: YouTube = C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\CHR - Extension: Adblock Plus (Beta) = C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\CHR - Extension: Google Search = C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\CHR - Extension: Google Calendar = C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\CHR - Extension: Isoball 3 = C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\iajlkcpgcnbhfhpdeooockfaincfkjjj\1.2.1_0\CHR - Extension: Google Play Music = C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg\4.0_0\CHR - Extension: Autodesk Homestyler = C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb\2.2_0\CHR - Extension: Google Maps = C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\CHR - Extension: Gmail = C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\O1 HOSTS File: ([2012/10/01 18:39:13 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Business Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Business Suite\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Business Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - Reg Error: Value error. File not foundO9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll (CSEQueryObject Object)O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Unable to open value key)O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} http://zone.msn.com/bingame/zpagames/zpa_dmno.cab55579.cab (ZPA_DMNO Object)O16 - DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} http://lazboy3d.icovia.com/PLANNER/Core/Player/2020PlayerAX_WEB_Win32.cab (20-20 3D Viewer for WEB)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Unable to open value key)O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Unable to open value key)O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games - Installer)O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Unable to open value key)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Unable to open value key)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Unable to open value key)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8135E2CF-7040-4017-A442-4F0357762DA7}: DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)O24 - Desktop WallPaper: C:\Users\Collin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpgO24 - Desktop BackupWallPaper: C:\Users\Collin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpgO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2008/03/10 11:27:08 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]O32 - AutoRun File - [2005/09/11 08:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]O34 - HKLM BootExecute: (autocheck autochk *)O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)========== Files/Folders - Created Within 30 Days ==========[2012/10/04 07:23:50 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro[2012/10/04 07:23:48 | 000,000,000 | ---D | C] -- C:\rsit[2012/10/01 19:34:47 | 000,000,000 | ---D | C] -- C:\N360_BACKUP[2012/10/01 18:50:57 | 000,000,000 | ---D | C] -- C:\Windows\temp[2012/10/01 18:39:52 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN[2012/10/01 18:35:53 | 000,000,000 | ---D | C] -- C:\Users\Collin\AppData\Local\temp[2012/10/01 18:10:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe[2012/10/01 18:10:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe[2012/10/01 18:10:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe[2012/10/01 17:57:58 | 000,000,000 | ---D | C] -- C:\Qoobox[2012/10/01 17:51:30 | 000,000,000 | ---D | C] -- C:\Users\Collin\AppData\Local\Avg2013[2012/10/01 17:38:45 | 004,759,381 | R--- | C] (Swearware) -- C:\Users\Collin\Desktop\ComboFix.exe[2012/10/01 09:17:48 | 000,000,000 | ---D | C] -- C:\Users\Collin\Desktop\RK_Quarantine[2012/10/01 09:13:16 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT[2012/10/01 09:12:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT[2012/10/01 09:12:20 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT[2012/09/27 12:57:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender[2012/09/27 08:14:45 | 000,000,000 | ---D | C] -- C:\Users\Collin\AppData\Roaming\TuneUp Software[2012/09/27 08:01:35 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files[2012/09/27 08:01:35 | 000,000,000 | ---D | C] -- C:\Users\Collin\AppData\Local\MFAData[2012/09/27 08:01:35 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData[2012/09/27 07:55:22 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP[2012/09/27 03:02:34 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb[2012/09/27 03:02:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll[2012/09/27 03:02:30 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe[2012/09/27 03:02:30 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll[2012/09/27 03:02:29 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll[2012/09/27 03:02:26 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll[2012/09/27 03:02:26 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll[2012/09/27 03:02:21 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl[2012/09/26 20:23:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes[2012/09/26 20:17:13 | 000,000,000 | ---D | C] -- C:\Program Files\iPod[2012/09/26 20:16:58 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes[2012/09/26 20:12:49 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update[2012/09/26 09:30:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware(362)[2012/09/25 10:31:45 | 000,000,000 | ---D | C] -- C:\Program Files\doubleTwist 2.0[2012/09/25 10:04:08 | 000,000,000 | ---D | C] -- C:\Users\Collin\AppData\Local\AirParrot[2012/09/25 09:56:54 | 000,000,000 | ---D | C] -- C:\Users\Collin\AppData\Roaming\BitTorrent[2012/09/22 17:38:25 | 000,000,000 | ---D | C] -- C:\Program Files\MediaMall[2012/09/22 17:36:20 | 000,000,000 | ---D | C] -- C:\ProgramData\MediaMall[2012/09/19 13:45:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(360)[2012/09/19 13:45:13 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes(361)[2012/09/19 13:45:13 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1[2012/09/05 09:48:04 | 000,000,000 | --SD | C] -- C:\Users\Collin\Google Drive[2012/09/05 09:47:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive[2012/09/04 16:02:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack[2012/09/04 16:02:38 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack[2012/09/04 15:58:12 | 000,000,000 | ---D | C] -- C:\Upload[2012/09/04 15:53:21 | 000,000,000 | ---D | C] -- C:\AllShare Play========== Files - Modified Within 30 Days ==========[2012/10/04 12:52:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2012/10/04 12:36:19 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2012/10/04 12:31:56 | 000,103,550 | ---- | M] () -- C:\ProgramData\nvModes.001[2012/10/04 12:30:26 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2012/10/04 12:30:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0[2012/10/04 12:30:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0[2012/10/04 12:29:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2012/10/04 12:28:40 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat[2012/10/04 12:05:04 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3750453361-2573893903-1094557867-1000UA.job[2012/10/04 11:37:09 | 000,103,550 | ---- | M] () -- C:\ProgramData\nvModes.dat[2012/10/04 11:15:09 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job[2012/10/03 20:23:37 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3750453361-2573893903-1094557867-1000Core.job[2012/10/01 20:00:00 | 000,000,520 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Collin.job[2012/10/01 18:39:13 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts[2012/10/01 17:39:01 | 004,759,381 | R--- | M] (Swearware) -- C:\Users\Collin\Desktop\ComboFix.exe[2012/09/27 08:21:21 | 000,002,009 | ---- | M] () -- C:\Users\Collin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk[2012/09/26 20:23:25 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk[2012/09/26 19:37:27 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe[2012/09/26 19:37:26 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl[2012/09/26 16:39:58 | 000,607,406 | ---- | M] () -- C:\Windows\System32\perfh009.dat[2012/09/26 16:39:58 | 000,105,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat[2012/09/18 09:53:12 | 000,002,627 | ---- | M] () -- C:\Users\Collin\Desktop\Microsoft Office Word 2007.lnk[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys[2012/09/05 21:42:30 | 002,709,771 | ---- | M] () -- C:\Users\Collin\Desktop\ash canon 2012 part 2 163 (2).jpg[2012/09/04 13:18:17 | 000,107,520 | ---- | M] () -- C:\Users\Collin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini========== Files Created - No Company Name ==========[2049/12/31 16:00:00 | 000,064,385 | ---- | C] () -- C:\Users\Collin\Documents\image014.jpg[2012/10/01 18:10:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe[2012/10/01 18:10:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe[2012/10/01 18:10:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe[2012/10/01 18:10:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe[2012/10/01 18:10:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe[2012/09/26 20:23:24 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk[2012/09/26 20:12:51 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk[2012/09/05 21:42:36 | 002,709,771 | ---- | C] () -- C:\Users\Collin\Desktop\ash canon 2012 part 2 163 (2).jpg[2012/09/04 16:02:44 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll[2012/06/26 16:02:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll[2012/06/26 16:02:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll[2012/06/26 16:02:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll[2012/06/26 16:02:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll[2012/03/23 17:56:17 | 000,000,011 | ---- | C] () -- C:\ProgramData\.tv7[2011/12/01 10:49:29 | 000,000,000 | ---- | C] () -- C:\Users\Collin\AppData\Local\{3CD2CB79-F946-46D8-802D-750142418466}[2011/08/21 07:28:18 | 000,000,772 | ---- | C] () -- C:\Users\Collin\BitTorrent.lnk[2011/08/16 19:09:28 | 000,001,928 | ---- | C] () -- C:\Users\Collin\Launch iRemote.exe.lnk[2011/08/16 18:42:22 | 000,000,840 | ---- | C] () -- C:\Users\Collin\GmoteServer.lnk[2011/05/26 20:09:19 | 000,000,000 | ---- | C] () -- C:\Users\Collin\AppData\Local\{E4385BC2-843A-43B3-A587-D1234CCD2EC7}[2011/05/19 20:15:10 | 000,001,940 | ---- | C] () -- C:\Users\Collin\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini[2010/12/28 11:46:15 | 000,001,600 | ---- | C] () -- C:\Users\Collin\Tunatic.lnk[2010/04/02 09:44:50 | 000,024,206 | ---- | C] () -- C:\Users\Collin\AppData\Roaming\UserTile.png[2010/04/02 09:27:22 | 000,002,270 | ---- | C] () -- C:\Users\Collin\Norton Business Suite.lnk[2010/04/02 09:24:45 | 000,000,940 | ---- | C] () -- C:\Users\Collin\Norton Installation Files.lnk[2009/07/22 15:55:16 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat[2009/06/05 01:02:47 | 000,000,680 | ---- | C] () -- C:\Users\Collin\AppData\Local\d3d9caps.dat[2009/02/22 04:03:12 | 000,103,550 | ---- | C] () -- C:\ProgramData\nvModes.dat[2009/02/22 04:03:12 | 000,103,550 | ---- | C] () -- C:\ProgramData\nvModes.001[2008/08/27 11:17:08 | 000,001,402 | ---- | C] () -- C:\Users\Collin\AppData\Roaming\wklnhst.dat[2008/06/07 14:51:50 | 000,000,935 | ---- | C] () -- C:\Users\Collin\DivX Player.lnk[2008/06/07 14:51:36 | 000,000,946 | ---- | C] () -- C:\Users\Collin\DivX Converter.lnk[2008/04/25 15:00:38 | 000,000,751 | ---- | C] () -- C:\Users\Collin\Windows Mobile Device Center.lnk[2008/04/25 14:36:58 | 000,002,335 | ---- | C] () -- C:\Users\Collin\Windows Mobile® Device Handbook.lnk[2008/04/18 13:04:34 | 000,027,430 | ---- | C] () -- C:\Users\Collin\AppData\Roaming\nvModes.001[2008/04/17 22:02:09 | 000,107,520 | ---- | C] () -- C:\Users\Collin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2008/04/17 21:29:06 | 000,027,430 | ---- | C] () -- C:\Users\Collin\AppData\Roaming\nvModes.dat========== ZeroAccess Check ==========[2006/11/02 05:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32][HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32][HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both========== LOP Check ==========[2012/08/14 18:36:43 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\Amazon[2012/10/01 09:05:57 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\BitTorrent[2010/04/11 22:15:46 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\Canon[2011/06/02 19:31:01 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\com.amazon.music.uploader[2011/12/20 12:27:46 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\Dolphin3D Web Browser[2010/08/04 20:46:19 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\DriverCure[2011/12/14 12:51:25 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\Dropbox[2010/11/03 13:41:14 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\DVDVideoSoftIEHelpers[2011/12/26 10:50:15 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\Fiabee[2010/03/24 16:30:50 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\GARMIN[2012/06/01 07:55:38 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\Gmote[2011/01/18 18:24:37 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\ICAClient[2011/08/16 19:17:40 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\iRemote for iTunes[2010/03/28 15:27:35 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\MyPublisher[2012/09/25 10:31:32 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\OpenCandy[2011/12/20 10:38:33 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\Opera[2010/04/02 09:44:50 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\PeerNetworking[2012/08/05 11:39:04 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\Samsung[2008/08/27 11:17:10 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\Template[2010/04/20 17:27:42 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\Tific[2011/05/05 09:29:19 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\ToddCD[2012/09/27 08:14:45 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\TuneUp Software[2012/03/24 10:19:46 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\TwonkyMedia[2008/05/03 12:38:51 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\WildTangent========== Purity Check ==========< End of report >OTL Extras logfile created on: 10/4/2012 12:53:29 PM - Run 1OTL by OldTimer - Version 3.2.70.2 Folder = C:\Users\Collin\DownloadsWindows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy2.94 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 54.32% Memory free6.08 Gb Paging File | 5.04 Gb Available in Paging File | 82.85% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 137.28 Gb Total Space | 17.93 Gb Free Space | 13.06% Space Free | Partition Type: NTFSDrive D: | 11.77 Gb Total Space | 1.99 Gb Free Space | 16.93% Space Free | Partition Type: NTFSComputer Name: COLIN | User Name: Collin | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current userCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Extra Registry (SafeList) ==================== File Associations ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation).html [@ = Opera.HTML] -- "C:\Program Files\Opera\Opera.exe" "%1"========== Shell Spawning ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Unable to open value keyhlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)https [open] -- "C:\Program Files\Opera\Opera.exe" "%1"piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Unable to open value keyscrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Unable to open value keyUnknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 1"AntiVirusDisableNotify" = 0"FirewallDisableNotify" = 0"UpdatesDisableNotify" = 0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]"DisableMonitoring" = 1[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]"DisableMonitoring" = 1[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]"DisableMonitoring" = 1[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 0"VistaSp1" = Reg Error: Unknown registry data type -- File not found"VistaSp2" = Reg Error: Unknown registry data type -- File not found[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]========== System Restore Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR" = 0========== Firewall Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"EnableFirewall" = 0"DisableNotifications" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 0"DisableNotifications" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"EnableFirewall" = 0"DisableNotifications" = 0========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent========== Vista Active Open Ports Exception List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{02254587-0660-42E2-A37D-6375E23851DD}" = lport=9055 | protocol=6 | dir=in | name=beam tcp 9055 | "{0677E3C2-8191-4AC5-8077-B269C3CD637A}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{1048B93F-F25C-4B76-983F-E769023A3342}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{114877F6-5723-48D9-AB38-2F38CB63A45E}" = rport=137 | protocol=17 | dir=out | app=system | "{15EA62F3-F732-4556-9BCA-203D4F569A5B}" = lport=9000 | protocol=6 | dir=in | name=beam tcp 9000 | "{2096CDB6-5948-4AE4-ABFD-39AF87DE675E}" = lport=9085 | protocol=6 | dir=in | name=beam tcp 9085 | "{21E4D81C-91D0-46F4-8EF5-5660B485A679}" = lport=9443 | protocol=6 | dir=in | name=beam tcp https 9443 | "{3495FFB6-A8E7-48D8-BC93-24C00AA0CF2C}" = rport=139 | protocol=6 | dir=out | app=system | "{39AE9DA6-B915-4BFC-9167-B5FBFA358750}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{452E512B-33B0-4A18-989C-9811F3F1347A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{472C51F8-2848-408C-9D25-6D02BF8CDAD6}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{4E16EF43-111D-4785-9AA2-FA6B8DB678EF}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{508825AB-E107-42BD-ACE7-6068FBBA2548}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{52241BCC-6159-4AFD-9D87-4F9799C72F01}" = lport=1900 | protocol=17 | dir=in | name=beam udp 1900 | "{544286C3-1749-41DB-8A7F-DF436DD1E6E9}" = lport=138 | protocol=17 | dir=in | app=system | "{67E015C5-4EDF-42C8-8F59-3B4407AE65B0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{6823B451-165A-4FE7-9646-9CD46BFFB1D9}" = lport=9050 | protocol=6 | dir=in | name=beam tcp 9050 | "{68EBB60D-DA90-4C61-B7D6-220DA20D2D22}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{6E33BDC6-7E67-4B17-B7E0-DB88FA19AD92}" = lport=80 | protocol=6 | dir=in | name=www | "{73B7110B-7BC8-445F-B74B-0404D6370E0A}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{853A796D-36A5-4470-A26F-0A6C18FB2C8F}" = rport=2869 | protocol=6 | dir=out | app=system | "{8E524E5D-5690-4D91-8948-1D70197910E4}" = rport=445 | protocol=6 | dir=out | app=system | "{8EB750E5-EE4C-481E-A1CB-E80043ACD48E}" = lport=137 | protocol=17 | dir=in | app=system | "{9118B4D4-9F38-4A6A-9841-58766684F6CF}" = rport=138 | protocol=17 | dir=out | app=system | "{92466AFE-B69A-4856-B46C-5D2351313096}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{9722C6D7-825D-4675-9E88-E2E5A8124B36}" = lport=1030 | protocol=17 | dir=in | name=beam udp 1030 | "{9C481934-9713-49C5-B638-C9CEA536E1B9}" = lport=139 | protocol=6 | dir=in | app=system | "{A9037044-09A0-4E44-9BEA-87EA2D117328}" = lport=445 | protocol=6 | dir=in | app=system | "{B1C066B0-EE09-4400-8202-581818BE9DB3}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{B232CBA1-55D5-4BE3-8546-2ABDEDA55007}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B30ACFF0-4677-4F7B-89C7-40D8B010E787}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{B5712F92-9986-4F4E-96B7-7A6E15EBE9A0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{B5CB7914-BEAF-4506-A4A7-F30A35A61044}" = lport=2869 | protocol=6 | dir=in | app=system | "{B764F5F5-E089-4CA3-8508-139B574E7BAF}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{B944D51C-5A39-4322-A21A-82D5A8E5F5C4}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C35F8CA4-CFFC-4A03-8152-E02DD3FC57D3}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{C4F80C78-B281-486D-92ED-06E601A7C3B9}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{CA650904-E158-4816-A588-38593DF2BA8D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{E45E0C87-DA1A-4446-9A17-614F961CE32C}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{F463A639-6845-46B3-9C8E-E2FE4FF77D9A}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{020E0190-83A6-468E-B977-963D77083EA7}" = protocol=6 | dir=in | app=c:\program files\twonky\twonkyserver\twonkyserver.exe | "{0429329E-0464-4D91-A359-809821A0E16F}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{04445D45-6A4A-4069-887D-60F4CE32DD59}" = protocol=6 | dir=in | app=c:\users\collin\appdata\roaming\dropbox\bin\dropbox.exe | "{0444A7E2-A0E6-4AC9-9088-FFC8612BEC68}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | "{05D3FAA0-F2DC-432F-AA2B-6F565814D674}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{0DD5D4E9-8A6A-4948-AA6D-CF431C256FD9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{0DF5A112-97C8-40F0-B2FC-F41D6F056169}" = protocol=17 | dir=in | app=c:\users\collin\appdata\roaming\dropbox\bin\dropbox.exe | "{13C48498-D088-402E-B4F4-B5445DEBD5B5}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{16AA263D-9033-4D93-95CA-B8B3A1529993}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{22E0E9D6-8490-43C6-9CB0-F0014A2FE810}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{23CA9194-7DD8-4BFC-AEC4-0B6BA30A5D1C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{2B0B2066-EF4B-45A1-AF9D-519EF6AAB05E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{2E5387CF-ABEA-4D3C-A958-B1DDBF35A2FF}" = protocol=6 | dir=in | app=c:\windows\system32\dlbccoms.exe | "{2FFE2449-05F4-431E-B5AA-DAF630828DF1}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{37BFC098-018C-41B4-9AE7-DC0738B8C973}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{3AF4F8A4-CCDD-4A39-A1FC-977548871D41}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{3E98C6C4-15B9-4051-A23F-F6D0F715A23D}" = protocol=17 | dir=in | app=c:\program files\samsung\allshare framework dms\1.1.01\allshareframeworkdms.exe | "{3F48D01A-C436-4493-B7B1-82101C466DDC}" = dir=in | app=c:\program files\itunes\itunes.exe | "{40467612-7581-434E-9A45-61BF3D30B60C}" = protocol=17 | dir=in | app=c:\program files\twonky\twonkyserver\twonkystarter.exe | "{44564AEB-1026-4E6F-A166-B1C3AF12E200}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | "{467DC32E-D49C-41CC-A812-D199D77E1EFC}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{4703DB67-0E93-4BA5-A96F-6E06DA4F9816}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{4D06C5FC-6852-4A34-A088-73590BE088A1}" = protocol=17 | dir=in | app=c:\windows\system32\dlbccoms.exe | "{5872FA9E-0538-4BF0-B2AB-38465D1DC56F}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | "{5D64007D-FE46-4585-B943-284AEDFD7A28}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{5F0600D4-CEE0-4818-AD9F-833D0A478A5C}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | "{5F2FC6C5-C321-4CD5-9365-5673AEF1C565}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{6547955F-23D1-4537-BC83-21F8E30D11F1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{661FCB3F-89E7-43A9-A4A5-7B0B28CE0276}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{68E9D3A7-3244-465B-8205-1872074419B7}" = protocol=17 | dir=in | app=c:\program files\twonky\twonkyserver\twonkyserver.exe | "{6925F328-E549-4BBA-9613-3F37EB3D7FD4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{6D8B9C40-58D9-463E-9924-D609C410A883}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{719515F5-79A2-4D47-A8FF-86CAFE1FB1B8}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{77403D5F-6275-4BF9-850C-91F062BD4BCB}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{7A44CBBC-411E-4354-8062-AD28FD338EB7}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{7BBCB8AE-ADBE-4E95-A333-27A3C09D875A}" = protocol=6 | dir=in | app=c:\program files\samsung\allshare framework dms\1.1.01\allshareframeworkdms.exe | "{87F79AD1-BD21-476A-B516-B972E3FF6F28}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{8A22E4C1-35A0-4595-A65E-34ABCE509F9C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{93CFB6D0-CC6F-4C1D-BF8B-58F50A13D5BE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{959D99AA-99C5-41F6-BF3F-D06F51DCD66B}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "{98E8A84D-2886-4508-829B-F6850DD9EB4A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{9EF89A66-9698-4353-959C-C3313B2EC120}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{A128E15A-21E5-4116-B0EE-7525F3819603}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "{A19CC7D8-AD09-41B8-B3A5-E326AF960F2F}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | "{AAE8AB9F-8CB6-4F64-A12C-32FAC604B459}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{AD6604CC-C00B-4FA2-A352-506FA4E774FD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{B53F0FD3-E7F1-4D6F-8259-84C9CCC3E5CC}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{B576D741-6854-4188-9EEF-727EC31E27C1}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{B5875C76-9F0B-40BC-B49F-2D2F626C6AF6}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B9828DD8-6D70-4375-9636-CE373C14E3C5}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{BA5EEA2E-05C8-4EB9-8076-7EFE11E3E863}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{C35E272C-EAC3-41EE-AFD3-983BC5B19A4D}" = dir=in | app=c:\program files\samsung\allshare\allshareagent.exe | "{C3A17885-2006-44A0-BBCE-CB704CC63323}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C56342BC-3F8B-4EB8-A499-E400EFFC7DFD}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{C7B8B992-BB38-45D5-B85A-9451546231F2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{CC562A60-C696-45FE-83ED-D811A8664BC2}" = protocol=6 | dir=in | app=c:\program files\twonky\twonkyserver\twonkystarter.exe | "{CCA180A2-1BAC-4810-B999-030CEA296419}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{CD8F35A9-B415-4E0C-B6CD-69B3165FCDA9}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{CD9B3E7A-2547-44F3-B1E2-792F9CC36ADD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{D17547D8-3C6E-484B-A190-E230CFE1985C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{D3C2FAF9-630A-4C1F-B98B-2952DA65F1F3}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | "{D528AE86-7F2B-46C5-B833-EA86D2E7A3E8}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | "{D6D02677-CB86-48BF-8F3D-B93177DA81FD}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{D822A908-F09D-42F0-AAE0-F47B3B68FE5F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{DD2C67BA-446D-4A03-9B3D-6F283C62EBB2}" = dir=in | app=c:\program files\samsung\allshare\allsharedms\allsharedms.exe | "{DD2E5FD2-CA66-4C02-8206-F1F49287F605}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | "{DFD1016D-6848-43FA-8D4F-76CC5BA5B7F6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{E6737F36-9699-4C47-A1B9-2CC61606C6A7}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{E9DB6F85-A56B-4119-83A7-ED8E21FF31AD}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{EBD79006-D140-4DD3-8BA5-44078780CFEE}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{EBE328C8-B33D-4C0F-AEDF-8F1E03417DFE}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{F3E5414A-3770-4806-9746-BFA96A796EB3}" = dir=in | app=c:\program files\samsung\allshare\allshare.exe | "{F4E42785-A91D-44E7-BA6E-3B49D8976FAD}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{F55BC89E-745A-4208-88C6-B6558614481F}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{FC0B351C-91E1-4080-BEE5-BEB2DCDF064F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{FCE21A2C-A02C-4786-A723-919B1FD4DB2F}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "TCP Query User{00BFBE1D-A163-4B1F-AFE6-FA8E884C1074}C:\program files\skifta\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\skifta\jre\bin\javaw.exe | "TCP Query User{2CCF4357-54B8-4415-A930-C2F15E249CEF}C:\program files\twonky\twonkymanager\twonkymanager.exe" = protocol=6 | dir=in | app=c:\program files\twonky\twonkymanager\twonkymanager.exe | "TCP Query User{7C424AFD-F63D-439B-A0D2-EC7BD72CE333}C:\users\collin\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\collin\program files\dna\btdna.exe | "TCP Query User{FD3970CA-5268-46BB-8597-943E5F2109D0}C:\program files\twonky\twonkymanager\twonkyrenderer.exe" = protocol=6 | dir=in | app=c:\program files\twonky\twonkymanager\twonkyrenderer.exe | "UDP Query User{02443913-18D6-4D97-81E7-CF3C8294B754}C:\program files\skifta\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\skifta\jre\bin\javaw.exe | "UDP Query User{1E667E61-953A-4D9C-A20D-23343407BD5C}C:\program files\twonky\twonkymanager\twonkymanager.exe" = protocol=17 | dir=in | app=c:\program files\twonky\twonkymanager\twonkymanager.exe | "UDP Query User{1F50AA13-275F-42E6-9E1B-7A7A7253891C}C:\users\collin\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\collin\program files\dna\btdna.exe | "UDP Query User{B470C488-8F62-4AA8-BDCE-B360E4CB766A}C:\program files\twonky\twonkymanager\twonkyrenderer.exe" = protocol=17 | dir=in | app=c:\program files\twonky\twonkymanager\twonkyrenderer.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.5500"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series" = Canon MP240 series MP Drivers"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1"{1B15D991-5619-4BC1-B71E-3DE793B792FC}" = ArcSoft MediaConverter 2"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program"{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support"{2DAFF979-5A46-44FA-B431-DAB8F0580683}" = RSDLite"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go"{42ACCB45-3363-47E0-94E9-F0074CC8BC56}" = Citrix Presentation Server Client"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout"{4D49757C-367A-4333-BDB3-68966162B14E}" = HP User Guides 0087"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin"{6C12B6BF-3891-497B-B5CA-3D64DA093947}" = Motorola Mobile Drivers Installation 5.4.0"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)"{91660892-8B9D-4C01-8ED8-6567447937EC}" = iRemote"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{A9DC9256-709F-4BEA-B39D-4F11D90585AA}" = HP Smart Web Printing"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1"{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)"{EACCC042-848D-4166-9D97-B13D1D108722}" = Google Drive"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022"7-Zip" = 7-Zip 9.20"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites"Adobe AIR" = Adobe AIR"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin"Adobe Shockwave Player" = Adobe Shockwave Player 11.6"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17"AppInventor Setup" = AppInventor Setup"Canon MP240 series User Registration" = Canon MP240 series User Registration"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program"CanonMyPrinter" = Canon Utilities My Printer"CanonSolutionMenu" = Canon Utilities Solution Menu"CCleaner" = CCleaner"Cisco Connect" = Cisco Connect"CNXT_AUDIO_HDA" = Conexant HD Audio"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP"CPC View Plugin" = CPC Lite Plugin"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX"ERUNT_is1" = ERUNT 1.1j"Google Updater" = Google Updater"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)"HOMESTUDENTR" = Microsoft Office Home and Student 2007"HP Photosmart Essential" = HP Photosmart Essential 2.5"HP Smart Web Printing" = HP Smart Web Printing"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector"KLiteCodecPack_is1" = K-Lite Codec Pack 8.4.0 (Basic)"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile"MotoHelper" = MotoHelper 2.0.40 Driver 4.8.0"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0"N360" = Norton Business Suite"NVIDIA Drivers" = NVIDIA Drivers"PROR" = Microsoft Office Professional 2007"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)"Skifta" = Skifta"SynTPDeinstKey" = Synaptics Pointing Device Driver"WildTangent hp Master Uninstall" = HP Games========== HKEY_CURRENT_USER Uninstall List ==========[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"Google Chrome" = Google Chrome"MusicManager" = Music Manager========== Last 20 Event Log Errors ==========[ Application Events ]Error - 7/31/2012 10:47:01 PM | Computer Name = Colin | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledSPRetry 16941Error - 7/31/2012 10:47:02 PM | Computer Name = Colin | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: Continuously busy for more than a secondError - 7/31/2012 10:47:02 PM | Computer Name = Colin | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledEvent 17955Error - 7/31/2012 10:47:02 PM | Computer Name = Colin | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledSPRetry 17955Error - 7/31/2012 10:47:03 PM | Computer Name = Colin | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: Continuously busy for more than a secondError - 7/31/2012 10:47:03 PM | Computer Name = Colin | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledEvent 18969Error - 7/31/2012 10:47:03 PM | Computer Name = Colin | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledSPRetry 18969Error - 7/31/2012 10:47:04 PM | Computer Name = Colin | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: Continuously busy for more than a secondError - 7/31/2012 10:47:04 PM | Computer Name = Colin | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledEvent 19968Error - 7/31/2012 10:47:04 PM | Computer Name = Colin | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledSPRetry 19968[ Media Center Events ]Error - 5/19/2008 7:08:32 PM | Computer Name = Colin | Source = MCUpdate | ID = 0Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed due to an abandoned mutex.'.Error - 5/26/2008 11:19:56 AM | Computer Name = Colin | Source = MCUpdate | ID = 0Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.Error - 6/1/2008 3:57:01 AM | Computer Name = Colin | Source = MCUpdate | ID = 0Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed due to an abandoned mutex.'.Error - 6/9/2008 7:16:21 AM | Computer Name = Colin | Source = MCUpdate | ID = 0Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.Error - 8/31/2008 6:01:29 AM | Computer Name = Colin | Source = MCUpdate | ID = 0Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed due to an abandoned mutex.'.Error - 1/29/2009 11:20:35 AM | Computer Name = Colin | Source = MCUpdate | ID = 0Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed due to an abandoned mutex.'.Error - 3/5/2009 1:36:14 PM | Computer Name = Colin | Source = MCUpdate | ID = 0Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed due to an abandoned mutex.'.Error - 4/1/2009 9:19:54 AM | Computer Name = Colin | Source = MCUpdate | ID = 0Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed due to an abandoned mutex.'.Error - 5/17/2009 1:37:27 AM | Computer Name = Colin | Source = MCUpdate | ID = 0Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed due to an abandoned mutex.'.Error - 6/9/2009 2:44:25 PM | Computer Name = Colin | Source = MCUpdate | ID = 0Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.[ System Events ]Error - 10/1/2012 11:10:17 PM | Computer Name = Colin | Source = Service Control Manager | ID = 7001Description = Error - 10/2/2012 8:11:28 PM | Computer Name = Colin | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20Description = Error - 10/4/2012 2:21:49 PM | Computer Name = Colin | Source = Service Control Manager | ID = 7000Description = Error - 10/4/2012 2:22:59 PM | Computer Name = Colin | Source = Service Control Manager | ID = 7022Description = Error - 10/4/2012 2:22:59 PM | Computer Name = Colin | Source = Service Control Manager | ID = 7001Description = Error - 10/4/2012 2:33:40 PM | Computer Name = Colin | Source = Service Control Manager | ID = 7034Description = Error - 10/4/2012 2:37:32 PM | Computer Name = Colin | Source = Service Control Manager | ID = 7000Description = Error - 10/4/2012 3:31:44 PM | Computer Name = Colin | Source = Service Control Manager | ID = 7000Description = Error - 10/4/2012 3:33:20 PM | Computer Name = Colin | Source = Service Control Manager | ID = 7009Description = Error - 10/4/2012 3:33:20 PM | Computer Name = Colin | Source = Service Control Manager | ID = 7000Description = < End of report > Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 5, 2012 ID:604134 Share Posted October 5, 2012 Hello Collin,Older versions of Adobe Reader pose a potential security risk.De-install your Adobe Reader: Use Control Panel's Program and Features, Un-install Adobe Reader. Get latest Adobe Reader versionhttp://get.adobe.com/reader/Be sure to un-check the box for Free McAfee Security Scan or any "toolbar" (if offered )Step 2Temporarily disable your Norton antivirus, and Norton script blocker (if any)How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs Please double-click OTL.exe to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):*****************************************************************:otlIE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2790392CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmnjbmphbleidpnikdjpjgpcfbabcndn\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll:filesC:\Users\Collin\AppData\Roaming\BitTorrentC:\Users\Collin\AppData\Roaming\OpenCandyrecycler /alldrives:Commands[purity][resethosts][emptytemp][CREATERESTOREPOINT][EMPTYFLASH][emptyjava][Reboot]*****************************************************************Return to OTL. Right click in the window (under the aqua-blue bar) and choose Paste.Close any browser(s) windows that may be open. Using your mouse, click on the red-lettered button .Once you see a message box "Fix complete! Click OK to open the fix log."Click the OK buttonThe log will open in Notepad (your default text editor).Save the log. Post a copy of that log in your next reply.Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.Step 3You will want to print out or copy these instructions to Notepad for offline reference!Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsFor directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsDo NOT turn off the firewallClose all open browsers at this point.Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.Using Internet Explorer browser only, go to ESET Online Scanner website:http://www.eset.com/onlinescan/Accept the Terms of Use and press Start button;Approve the install of the required ActiveX Control, then follow on-screen instructions;Enable (check) the Remove found threats option, and run the scan.After the scan completes, the Details tab in the Results window will display what was found and removed. A logfile is created and located at C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt. Look at contents of this file using Notepad.The Frequently Asked Questions for ESET Online Scanner can be viewed herehttp://go.eset.com/us/online-scanner/faqIt is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner. (And the prompt re-enabling when finished.) If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.Do not use the system while the scan is running. Once the full scan is underway, go take a long break Re-enable the antivirus program.Reply with copy of the Eset scan logand advise me, Is the Snap.do gone ? Link to post Share on other sites More sharing options...
olsoncol Posted October 8, 2012 Author ID:604900 Share Posted October 8, 2012 The OTL program keeps not responding after initiating running the scan Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 8, 2012 ID:605008 Share Posted October 8, 2012 Make sure all of your antivirus is OFF and try just one more time.Sometimes OTL may show not responding, but ignore that, it will eventually finish up.Have plenty of patience. I'd allow 15 minutes or so.IF and only if really, truly (really) OTL does not finish, then move on to the other step(s). Link to post Share on other sites More sharing options...
olsoncol Posted October 8, 2012 Author ID:605165 Share Posted October 8, 2012 OTL has locked up on me 5 times now. It says it is not responding. So I continued onto the next step and did the scan through IE. After its completion, Chrome still has the Snap.do search tab opened up. Here is the log.txtESETSmartInstaller@High as CAB hook log:OnlineScanner.ocx - registred OK# version=7# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)# OnlineScanner.ocx=1.0.0.6583# api_version=3.0.2# EOSSerial=ebf9de406708464c82d84476530e155b# end=finished# remove_checked=true# archives_checked=false# unwanted_checked=true# unsafe_checked=false# antistealth_checked=true# utc_time=2012-10-08 09:12:58# local_time=2012-10-08 02:12:58 (-0800, Pacific Daylight Time)# country="United States"# lang=1033# osver=6.0.6002 NT Service Pack 2# compatibility_mode=512 16777215 100 0 0 0 0 0# compatibility_mode=3584 16777215 100 0 0 0 0 0# compatibility_mode=5892 16776574 100 100 68266 186322340 0 0# compatibility_mode=8192 67108863 100 0 0 0 0 0# scanned=230555# found=2# cleaned=2# scan_time=15965C:\Users\Collin\Downloads\cnet2_Setup_Dolphin3D_v1_52_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\Users\Collin\Downloads\ilividsetupv1.exe Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 9, 2012 ID:605314 Share Posted October 9, 2012 Let's have you do the following, in order:Uninstall Google Chrome.Logoff and Restart the system fresh.Download, and save, & then run the Chrome setup program.After that, do a new run of DDSWhen all done, Copy & Paste the new DDS.txt for reviewDo a simple test with Chrome. Let me know how that goes, and, How is the system overall ? Link to post Share on other sites More sharing options...
olsoncol Posted October 14, 2012 Author ID:606786 Share Posted October 14, 2012 Uninstalled, re-installed. Currently does not show up in Chrome browser. This is the second time doing this. The first time, after re-installing, I logged into chrome with my gmail account that was originally linked to my chrome browser and it popped back up with the tab. I feel it might be infected in my email username and password. Any ideas? .DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421Run by Collin at 18:12:10 on 2012-10-13Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3006.1673 [GMT -7:00].AV: Norton Business Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Norton Business Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}FW: Norton Business Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\rundll32.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\System32\spoolsv.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\taskeng.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exeC:\Windows\System32\rundll32.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\ehome\ehmsas.exeC:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\system32\svchost.exe -k bthsvcsC:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\system32\dlbccoms.exeC:\Program Files\Canon\IJPLM\IJPLMSVC.EXEC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files\Norton Business Suite\Engine\5.2.2.3\ccSvcHst.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exeC:\Program Files\Norton Business Suite\Engine\5.2.2.3\ccSvcHst.exeC:\Program Files\CyberLink\Shared Files\RichVideo.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\DRIVERS\xaudio.exeC:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeC:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exeC:\Program Files\iPod\bin\iPodService.exeC:\Windows\System32\alg.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\Hewlett-Packard\Shared\HpqToaster.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\Synaptics\SynTP\SynTPHelper.exec:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exeC:\Windows\system32\svchost.exe -k WindowsMobileC:\Windows\system32\DllHost.exeC:\Windows\servicing\TrustedInstaller.exeC:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\Windows\system32\SearchProtocolHost.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Windows\system32\SearchFilterHost.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe.============== Pseudo HJT Report ===============.uSearch Bar = PreserveuStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptopuDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptopuInternet Settings,ProxyOverride = <local>;192.168.*.*;*.localuInternet Settings,ProxyServer = http=127.0.0.1:51210BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton business suite\engine\5.2.2.3\coIEPlg.dllBHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton business suite\engine\5.2.2.3\ips\IPSBHO.DLLTB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton business suite\engine\5.2.2.3\coIEPlg.dlluRun: [ehTray.exe] c:\windows\ehome\ehTray.exeuRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRunmRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exemRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exemRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exemRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInitmRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: {58ECB495-38F0-49cb-A538-10282ABF65E7}IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htmIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLLIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllDPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dllDPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cabDPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cabDPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} - hxxp://zone.msn.com/bingame/zpagames/zpa_dmno.cab55579.cabDPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxp://lazboy3d.icovia.com/PLANNER/Core/Player/2020PlayerAX_WEB_Win32.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cabDPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cabDPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabTCP: DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36TCP: Interfaces\{8135E2CF-7040-4017-A442-4F0357762DA7} : DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe".============= SERVICES / DRIVERS ===============.R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502020.003\symds.sys [2012-7-16 340088]R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502020.003\symefa.sys [2012-7-16 744568]R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20120928.001\BHDrvx86.sys [2012-10-1 995488]R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20121009.001\IDSvix86.sys [2012-10-10 386720]R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502020.003\ironx86.sys [2012-7-16 136312]R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0502020.003\symtdiv.sys [2012-7-16 331384]R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]R2 dlbc_device;dlbc_device;c:\windows\system32\dlbccoms.exe -service --> c:\windows\system32\dlbccoms.exe -service [?]R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]R2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-3 135664]R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-4 399432]R2 N360;Norton Business Suite;c:\program files\norton business suite\engine\5.2.2.3\ccsvchst.exe [2012-7-16 130008]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-10 106656]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-11-3 22856]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-11-3 676936]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-10-5 250808]S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-3 135664]S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2009-7-10 25856]S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2011-4-4 20480]S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-1-29 8320]S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2009-5-8 42752]S3 MusCAudio;MusCAudio;c:\windows\system32\drivers\MusCAudio.sys [2010-11-3 23608]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504].=============== Created Last 30 ================.2012-10-09 19:28:42 6980552 ------w- c:\programdata\microsoft\windows defender\definition updates\{d268d7e3-1434-4ffa-9504-3432c98c24a9}\mpengine.dll2012-10-09 19:22:56 985088 ----a-w- c:\windows\system32\crypt32.dll2012-10-09 19:22:56 98304 ----a-w- c:\windows\system32\cryptnet.dll2012-10-09 19:22:56 133120 ----a-w- c:\windows\system32\cryptsvc.dll2012-10-09 19:22:41 172544 ----a-w- c:\windows\system32\wintrust.dll2012-10-09 19:22:34 2048 ----a-w- c:\windows\system32\tzres.dll2012-10-09 19:22:13 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe2012-10-09 19:22:13 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe2012-10-09 00:28:21 9575864 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe2012-10-08 16:40:02 -------- d-----w- c:\program files\ESET2012-10-05 16:15:47 -------- d-----w- C:\3656c5c6c724db7808abe7a117434b2012-10-05 15:41:37 -------- d-----w- C:\_OTL2012-10-05 14:56:28 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-10-05 14:56:28 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-10-04 14:23:50 -------- d-----w- c:\program files\trend micro2012-10-03 00:02:30 6980552 ------w- c:\programdata\microsoft\windows defender\definition updates\updates\mpengine.dll2012-10-02 02:34:47 -------- d-----w- C:\N360_BACKUP2012-10-02 01:39:52 -------- d-----w- C:\$RECYCLE.BIN2012-10-02 01:35:53 -------- d-----w- c:\users\collin\appdata\local\temp2012-10-02 01:10:57 98816 ----a-w- c:\windows\sed.exe2012-10-02 01:10:57 518144 ----a-w- c:\windows\SWREG.exe2012-10-02 01:10:57 256000 ----a-w- c:\windows\PEV.exe2012-10-02 01:10:57 208896 ----a-w- c:\windows\MBR.exe2012-10-02 00:51:30 -------- d-----w- c:\users\collin\appdata\local\Avg20132012-09-27 19:57:48 -------- d-----w- c:\program files\common files\Bitdefender2012-09-27 15:14:45 -------- d-----w- c:\users\collin\appdata\roaming\TuneUp Software2012-09-27 15:01:35 -------- d--h--w- c:\programdata\Common Files2012-09-27 15:01:35 -------- d-----w- c:\users\collin\appdata\local\MFAData2012-09-27 15:01:35 -------- d-----w- c:\programdata\MFAData2012-09-27 03:23:15 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys2012-09-27 03:17:13 -------- d-----w- c:\program files\iPod2012-09-27 03:16:58 -------- d-----w- c:\program files\iTunes2012-09-26 16:30:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware(362)2012-09-25 17:31:45 -------- d-----w- c:\program files\doubleTwist 2.02012-09-25 17:04:08 -------- d-----w- c:\users\collin\appdata\local\AirParrot2012-09-23 00:38:25 -------- d-----w- c:\program files\MediaMall2012-09-23 00:36:20 -------- d-----w- c:\programdata\MediaMall2012-09-19 20:45:20 -------- d-----w- c:\program files\iPod(360)2012-09-19 20:45:13 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E12012-09-19 20:45:13 -------- d-----w- c:\program files\iTunes(361).==================== Find3M ====================.2012-09-08 00:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb2012-08-21 20:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll.============= FINISH: 18:13:13.57 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-08-26.01).Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume1Install Date: 3/19/2008 9:28:30 AMSystem Uptime: 10/13/2012 5:58:01 PM (1 hours ago).Motherboard: Quanta | | 30CFProcessor: AMD Turion 64 X2 Mobile Technology TL-60 | Socket S1 | 800/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 137 GiB total, 18.609 GiB free.D: is FIXED (NTFS) - 12 GiB total, 1.992 GiB free.E: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: Description: Bluetooth Peripheral DeviceDevice ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_VID&00010008_PID&B008\7&A6BEB30&0&40FC8929F9EC_C00000001Manufacturer: Name: Bluetooth Peripheral DevicePNP Device ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_VID&00010008_PID&B008\7&A6BEB30&0&40FC8929F9EC_C00000001Service: .Class GUID: Description: Bluetooth Peripheral DeviceDevice ID: BTHENUM\{453994D5-D58B-96F9-6616-B37F586BA2EC}_VID&00010008_PID&B008\7&A6BEB30&0&40FC8929F9EC_C00000000Manufacturer: Name: Bluetooth Peripheral DevicePNP Device ID: BTHENUM\{453994D5-D58B-96F9-6616-B37F586BA2EC}_VID&00010008_PID&B008\7&A6BEB30&0&40FC8929F9EC_C00000000Service: .Class GUID: Description: Bluetooth Peripheral DeviceDevice ID: BTHENUM\{936DA01F-9ABD-4D9D-80C7-02AF85C822A8}_VID&00010008_PID&B008\7&A6BEB30&0&40FC8929F9EC_C00000000Manufacturer: Name: Bluetooth Peripheral DevicePNP Device ID: BTHENUM\{936DA01F-9ABD-4D9D-80C7-02AF85C822A8}_VID&00010008_PID&B008\7&A6BEB30&0&40FC8929F9EC_C00000000Service: .==== System Restore Points ===================..==== Installed Programs ======================. Update for Microsoft Office 2007 (KB2508958)7-Zip 9.20Activation Assistant for the 2007 Microsoft Office suitesAdobe Flash Player 11 ActiveXAdobe Reader X (10.1.4)Adobe Shockwave PlayerAdobe Shockwave Player 11.6Amazon MP3 Downloader 1.0.17AppInventor SetupApple Application SupportApple Mobile Device SupportApple Software UpdateArcSoft MediaConverter 2Atheros Driver Installation ProgramBonjourCanon MP Navigator EX 2.0Canon MP240 series MP DriversCanon MP240 series User RegistrationCanon Utilities Easy-PhotoPrint EXCanon Utilities My PrinterCanon Utilities Solution MenuCards_Calendar_OrderGift_DoMorePlugoutCCleanerCisco ConnectCitrix Presentation Server ClientCompatibility Pack for the 2007 Office systemConexant HD AudioCPC Lite PluginDVD SuiteERUNT 1.1jESET Online Scanner v3Google ChromeGoogle DriveGoogle Update HelperHauppauge MCE XP/Vista Software Encoder (2.0.25149)HDAUDIO Soft Data Fax Modem with SmartCPHewlett-Packard Active CheckHewlett-Packard Asset Agent for Health CheckHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)HP Active Support LibraryHP Customer Experience EnhancementsHP Doc ViewerHP Easy Setup - FrontendHP GamesHP Help and SupportHP Integrated Module with Bluetooth wireless technology 6.0.1.5500HP Photosmart Essential 2.5HP Quick Launch Buttons 6.30 E1HP QuickPlay 3.6HP QuickTouch 1.00 C4HP Smart Web PrintingHP Total Care AdvisorHP UpdateHP User Guides 0087HP Wireless AssistantHPNetworkAssistantHPPhotoSmartDiscLabel_PaperLabelHPPhotoSmartDiscLabel_PrintOnDiscHPPhotoSmartDiscLabel_TattooHPPhotoSmartDiscLabelContent1hpphotosmartdisclabelpluginHPPhotoSmartPhotobookHolidayPack1HPPhotoSmartPhotobookModernPack1HPPhotoSmartPhotobookPlayfulPack1HPPhotoSmartPhotobookScrapbookPack1HPPhotoSmartPhotobookWebPack1Inkjet Printer/Scanner Extended Survey ProgramiTunesK-Lite Codec Pack 8.4.0 (Basic)LabelPrintLightScribe System Software 1.10.13.1LiveUpdate (Symantec Corporation)Malwarebytes Anti-Malware version 1.65.0.1400Microsoft .NET Framework 3.5 SP1Microsoft .NET Framework 4 Client ProfileMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office Access MUI (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2007Microsoft Office Excel MUI (English) 2007Microsoft Office File Validation Add-InMicrosoft Office Home and Student 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office PowerPoint Viewer 2007 (English)Microsoft Office Professional 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Publisher MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft SilverlightMicrosoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft WorksMotoHelper 2.0.40 Driver 4.8.0MotoHelper MergeModulesMotorola Mobile Drivers Installation 5.4.0MSXML 4.0 SP2 (KB936181)MSXML 4.0 SP2 (KB941833)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)Music Managermuvee autoProducer 6.1Netflix Movie ViewerNetWaitingNorton Business SuiteNVIDIA DriversNVIDIA PhysX v8.10.29OGA Notifier 2.0.0048.0Power2GoPowerDirectorPSSWCORERICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01RSDLiteSecurity Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit EditionSecurity Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition SkiftaswMSMSynaptics Pointing Device DriverUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Microsoft Office 2007 Help for Common Features (KB957244)Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit EditionUpdate for Microsoft Office Outlook 2007 Help (KB957246)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit EditionUpdate for Microsoft Office Publisher 2007 Help (KB957249)VC80CRTRedist - 8.0.50727.6195VideoToolkit01WeatherBug GadgetWindows Media Player Firefox Plugin.==== Event Viewer Messages From Past Week ========.10/8/2012 9:30:42 AM, Error: EventLog [6008] - The previous system shutdown at 9:29:01 AM on 10/8/2012 was unexpected.10/8/2012 9:28:31 AM, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).10/8/2012 9:28:31 AM, Error: Service Control Manager [7031] - The Norton Business Suite service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.10/8/2012 8:56:42 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {73C9DFA0-750D-11E1-B0C4-0800200C9A66}. The error: "2" Happened while starting this command: C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_278_ActiveX.exe -Embedding10/8/2012 5:23:33 PM, Error: EventLog [6008] - The previous system shutdown at 5:06:17 PM on 10/8/2012 was unexpected.10/8/2012 3:01:03 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.10/8/2012 3:00:05 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 eeCtrl IDSVix86 spldr SRTSPX SymIRON SYMTDIv Wanarpv610/8/2012 3:00:05 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.10/8/2012 2:59:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}10/8/2012 2:59:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}10/8/2012 2:59:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}10/8/2012 2:59:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}10/7/2012 8:40:24 AM, Error: Microsoft-Windows-PrintSpooler [6161] - The document 1299.pdf, owned by Collin, failed to print on printer Canon MP240 series Printer. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 327680. Number of bytes printed: 146260. Total number of pages in the document: 2. Number of pages printed: 0. Client computer: \\COLIN. Win32 error code returned by the print processor: 1. Incorrect function.10/7/2012 8:37:56 AM, Error: Microsoft-Windows-PrintSpooler [6161] - The document Microsoft Word - Olson Confirmation _1_.doc, owned by Collin, failed to print on printer Canon MP240 series Printer. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 66104. Number of bytes printed: 26152. Total number of pages in the document: 2. Number of pages printed: 0. Client computer: \\COLIN. Win32 error code returned by the print processor: 1. Incorrect function.10/7/2012 7:32:09 AM, Error: EventLog [6008] - The previous system shutdown at 3:42:27 PM on 10/6/2012 was unexpected.10/7/2012 6:01:50 PM, Error: EventLog [6008] - The previous system shutdown at 5:59:33 PM on 10/7/2012 was unexpected.10/6/2012 1:07:23 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.137.1152.0).10/13/2012 5:59:41 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.10/13/2012 5:57:04 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.137.1642.0).10/10/2012 3:10:22 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.10/10/2012 3:10:22 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.10/10/2012 3:03:40 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}.==== End Of File =========================== Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 14, 2012 ID:606960 Share Posted October 14, 2012 Hello Collin,You said I feel it might be infected in my email username and password. Any ideas? I would doubt that gmail service itself is the originator of the issue with the rogue browser window.More likely, it was something like a utility or app you may have downloaded & installed, ORa silent drive-by download from visiting an infected website page.We can wrap this up now. I see that you are clear of your original issues.If you have a problem with these steps, or something does not quite work here, do let me know.The following few steps will remove tools we used. Advise me after you have completed the cleanups.We have to remove Combofix and all its associated folders. By whichever name you named it, ( you had named it ComboFix ),put that name in the RUN box stated just below.The "/uninstall" in the Run line below is to start Combofix for it's cleanup & removal function.Note the space before the slash mark.The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk. Highlight the line in this CODEBOX.Select & Copy the entire line within this codebox (so that it is in Windows clipboard memory)C:\Users\Collin\Desktop\ComboFix.exe /uninstallStart >> type in cmd >> press the Ctrl+Shift+Enter keyboard combination and cmd.exe will be launched as if you selected Run as Administrator. You will then see a User Account Control prompt asking if you would like to allow the Command Prompt to be able to make changes on your computer. Click on the Yes button and you will now be at the Elevated Command Prompt.Do a Right click within the command prompt window and select Paste. This must show the line from Codebox above.Then tap EnterIF in the case Combofix un-install has an issue, skip that step.NEXT Download OTC to your desktop and run itClick Yes to beginning the Cleanup process and remove these components, including this application.You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.ERUNT you should keep and use periodically to backup Windows registry.Delete the following if still present:RogueKiller.exeadwCleaner.exeSecurityCheck.exeFSS.exeYou may use Control Panel >> Add-or-Remove programs & Uninstall ESET Online scannerSafer practices & malware preventionHave a hardware router between the incoming internet-modem and your computer.Configure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.Check in at Windows Update and install any Critical Updates offered.Make certain that Automatic Updates is enabled.How to configure and use Automatic Updates in Windowshttp://support.microsoft.com/kb/306525Check on other update issues as well, visit Secunia Online Software Inspector (OSI)See How to detect vulnerable and out-dated programs using Secunia Personal Software InspectorDownload, install, and keep updated Spyware Blaster (free): http://www.javacools...areblaster.html (all Protections should be enabled at all times)Tutorial for Spywareblaster: Using SpywareBlaster to protect your computer from Spyware, Hijackers, and MalwareI'd recommend that you get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htmSee the FAQ page http://mvps.org/winh...02/hostsfaq.htmThat would help to keep your browser away from known spyware/malware sites.Make regular backups of your system to removable media: DVD, USB external hard drive, etc.Having a total image backup of your system stored on DVD/CD is highly important.Get and make use of imaging-backup utilities and save them to offline media. That way you have something to fall back to if another disaster hits.Examples of image backup software: Acronis True Image, or the free (for personal use) Macrium Reflect http://www.macrium.com/reflectfree.aspor Paragon Backup & Recovery http://www.paragon-s...e/download.htmlConsider using Web of Trust WOT add-on for your browser(s)http://www.mywot.com/en/downloadhttp://www.mywot.com/en/faq/add-onOn some regular schedule, it is a good idea to do an online scan for viruses and malware. Here is a very short list of sites where this may be done:ESET Online ScannerBitDefender QuickscanTrend Micro HousecallF-Secure Online ScannerMicrosoft Safety ScannerPanda ActiveScanSee Six tips to help you stay safer onlineNever, ever download free games, free tools, videos, mutli-media files or anything free unless you can be absolutely sure the source is safe !We are finished here. Best regards. Link to post Share on other sites More sharing options...
olsoncol Posted October 16, 2012 Author ID:607661 Share Posted October 16, 2012 Everything has worked so far. Thank you so much for the help. Huge stress relief has been lifted. Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 16, 2012 ID:607683 Share Posted October 16, 2012 You are very welcome. Cheers. Link to post Share on other sites More sharing options...
Recommended Posts