olsoncol

snap.do

24 posts in this topic

Hey,

I have recently been infected with this Snap.do search on my browsers (Chrome and IE). I have researched and decided to uninstall. I then "removed" from Chrome search options. But unfortunately it still exists on both browsers. I then came across your forum. I have downloaded the free software and done a scan. It still exists. I then downloaded as asked the dds.com file and ran it without internet. So here I am.

Please help.

Colin

DDS.txt

Attach.txt

Share this post


Link to post
Share on other sites

ID: 2   Posted (edited)

Hello olsoncol and welcome to MalwareBytes forums.

Please do NOT attach logs/reports from this point forward. Always copy/paste directly into main-body of reply box. :excl:

As there are very recent security concerns regarding Java rutime, I would advise you uninstall Java from your system using Control Panel >> Programs and Features

Uninstall Java Auto Updater

Java 6 Update 31

Java 7 Update 5

JavaFX 2.1.1

FYI: As reported on Networkworld, on Tuesday this week (and elsewhere)

Today on Full Disclosure mailing list, the Polish security firm Security Explorations announced another new critical Java flaw. This one is worse than the last Java zero-day since it affects all operating systems (Windows, Linux, Solaris, MacOS) that use Java 5, 6 or 7. The Java plugin can be exploited in Chrome, Firefox, IE, Safari and Opera browsers. One billion users are at risk, the security researchers warned.

https://www.networkworld.com/community/blog/time-disable-java-again-1-billion-risk-newest-critical-java-bug

Step 2

Uninstall BitTorrent & any other 'torrent utility or filesharing app

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

Forum policy on peer-to-peer-programs:

If you're using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

http://forums.malwarebytes.org/index.php?showtopic=97700

Confirm for me that they have been removed. :excl:

Step 3

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT by doing a Right-Click on it & select Run As Admisnistrator

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 4

Show all files:

  • Click the Start button, and then click Computer.
  • On the Organize menu, click Folder and Search Options.
  • Click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders.
  • Click Apply > OK.

Step 5

  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Do NOT press any Fix button.
  • Exit/Close RogueKiller

Step 6

Please download AdwCleaner © Xplode from >>here<< and save it on your Desktop.

If your are running Windows XP, double click adwcleaner.exe to start it.

Otherwise, Right-click on adwcleaner.exe and select Run As Administrator to launch the application.

Now click on the Search tab.

Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Edited by Maurice Naggar

Share this post


Link to post
Share on other sites

How is it going? Do you still need help? Do let me know.

I close my topics if there's been 4 days without a response.

Share this post


Link to post
Share on other sites

In the process of doing things. Here is the first report. More to follow.

RogueKiller V8.1.0 [09/28/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website: http://tigzy.geekstogo.com/roguekiller.php

Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Normal mode

User : Collin [Admin rights]

Mode : Scan -- Date : 10/01/2012 09:21:28

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤

[TASK][sUSP PATH] Norton Internet Security - Run Full System Scan - Collin : c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe /TASK:"C:\ProgramData\Symantec\Norton AntiVirus\Tasks\mycomp.sca" -> FOUND

[TASK][sUSP PATH] {1A280D28-4BEC-464B-9E93-A92EE80FF733} : C:\Windows\System32\pcalua.exe -a C:\Users\Collin\Desktop\ICT\Adam\SETUP.EXE -d C:\Users\Collin\Desktop\ICT\Adam -> FOUND

[TASK][sUSP PATH] {9564FA9F-3211-4AC9-9248-123F8B5375D6} : C:\Windows\System32\pcalua.exe -a C:\Users\Collin\Desktop\yahoo_firefox_setup-3.0.exe -d C:\Users\Collin\Desktop -> FOUND

[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:51210) -> FOUND

[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

SSDT[13] : NtAlertResumeThread @ 0x822D65C3 -> HOOKED (Unknown @ 0x8782D078)

SSDT[14] : NtAlertThread @ 0x8224F255 -> HOOKED (Unknown @ 0x8782D158)

SSDT[18] : NtAllocateVirtualMemory @ 0x8228B4FB -> HOOKED (Unknown @ 0x8801DCA0)

SSDT[21] : NtAlpcConnectPort @ 0x8222D887 -> HOOKED (Unknown @ 0x87E221A8)

SSDT[42] : NtAssignProcessToJobObject @ 0x82200B43 -> HOOKED (Unknown @ 0x885AED60)

SSDT[67] : NtCreateMutant @ 0x82263812 -> HOOKED (Unknown @ 0x87EF5D78)

SSDT[77] : NtCreateSymbolicLinkObject @ 0x8220335A -> HOOKED (Unknown @ 0x885AEA80)

SSDT[78] : NtCreateThread @ 0x822D4BE0 -> HOOKED (Unknown @ 0x88588EF0)

SSDT[116] : NtDebugActiveProcess @ 0x822A7D22 -> HOOKED (Unknown @ 0x885AEE40)

SSDT[129] : NtDuplicateObject @ 0x8223B551 -> HOOKED (Unknown @ 0x8801DE70)

SSDT[147] : NtFreeVirtualMemory @ 0x820C7F1D -> HOOKED (Unknown @ 0x88612E70)

SSDT[156] : NtImpersonateAnonymousToken @ 0x821FDF12 -> HOOKED (Unknown @ 0x87EF5E68)

SSDT[158] : NtImpersonateThread @ 0x8221354F -> HOOKED (Unknown @ 0x87EF5F48)

SSDT[165] : NtLoadDriver @ 0x821AEDEE -> HOOKED (Unknown @ 0x87E22130)

SSDT[177] : NtMapViewOfSection @ 0x8225389A -> HOOKED (Unknown @ 0x88612D70)

SSDT[184] : NtOpenEvent @ 0x8223CDCF -> HOOKED (Unknown @ 0x87EF5C98)

SSDT[195] : NtOpenProcessToken @ 0x82244A2E -> HOOKED (Unknown @ 0x8801DD90)

SSDT[197] : NtOpenSection @ 0x8225466D -> HOOKED (Unknown @ 0x87EF5AD8)

SSDT[201] : NtOpenThread @ 0x8225F4FF -> HOOKED (Unknown @ 0x8801DF60)

SSDT[210] : NtProtectVirtualMemory @ 0x8225D2E2 -> HOOKED (Unknown @ 0x885AEC70)

SSDT[282] : NtResumeThread @ 0x8225EB4A -> HOOKED (Unknown @ 0x8782D238)

SSDT[289] : NtSetContextThread @ 0x822D606F -> HOOKED (Unknown @ 0x8782D4D8)

SSDT[305] : NtSetInformationProcess @ 0x822578C8 -> HOOKED (Unknown @ 0x88612BA0)

SSDT[317] : NtSetSystemInformation @ 0x82229EEB -> HOOKED (Unknown @ 0x87EF5990)

SSDT[348] : NtUnmapViewOfSection @ 0x82253B5D -> HOOKED (Unknown @ 0x88612C90)

SSDT[382] : NtCreateThreadEx @ 0x8225EFE9 -> HOOKED (Unknown @ 0x885AEB70)

S_SSDT[317] : Unknown -> HOOKED (Unknown @ 0x88720470)

S_SSDT[442] : Unknown -> HOOKED (Unknown @ 0x88724630)

S_SSDT[479] : Unknown -> HOOKED (Unknown @ 0x8873A448)

S_SSDT[497] : Unknown -> HOOKED (Unknown @ 0x8879CDB0)

S_SSDT[498] : Unknown -> HOOKED (Unknown @ 0x8879CCE0)

S_SSDT[576] : Unknown -> HOOKED (Unknown @ 0x887D1E50)

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9160821AS ATA Device +++++

--- User ---

[MBR] 2891c0ca6a498f154dcd482626aaddf1

[bSP] a31f3e460ba6638c43a7da304906475e : HP tatooed MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 140576 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 287900865 | Size: 12048 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Share this post


Link to post
Share on other sites

# AdwCleaner v2.003 - Logfile created 10/01/2012 at 09:24:33

# Updated 23/09/2012 by Xplode

# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)

# User : Collin - COLIN

# Boot Mode : Normal

# Running from : C:\Users\Collin\Downloads\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\Windows\system32\conduitEngine.tmp

Folder Found : C:\Program Files\AVG Secure Search

Folder Found : C:\Program Files\Common Files\AVG Secure Search

Folder Found : C:\ProgramData\AVG Secure Search

Folder Found : C:\ProgramData\Tarma Installer

Folder Found : C:\Users\Collin\AppData\Local\AVG Secure Search

Folder Found : C:\Users\Collin\AppData\Local\Conduit

Folder Found : C:\Users\Collin\AppData\LocalLow\AVG Secure Search

Folder Found : C:\Users\Collin\AppData\LocalLow\Conduit

Folder Found : C:\Users\Collin\AppData\LocalLow\PriceGong

Folder Found : C:\Users\Collin\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\PriceGong

Key Found : HKCU\Software\AVG Secure Search

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\QueryExplorer

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Found : HKCU\Software\Zugo

Key Found : HKLM\Software\AVG Secure Search

Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1

Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl

Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1

Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary

Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1

Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine

Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}

Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol

Key Found : HKLM\SOFTWARE\Classes\S

Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2790392

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}

Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Found : HKLM\Software\Conduit

Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Found : HKLM\Software\Tarma Installer

Key Found : HKLM\Software\Viewpoint

Key Found : HKU\S-1-5-21-3750453361-2573893903-1094557867-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKU\S-1-5-21-3750453361-2573893903-1094557867-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v22.0.1229.79

File : C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.20] : urls_to_restore_on_startup = [ "hxxp://www.yahoo.com/", "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=US&userid=1d81189f-0100-4239-8926-ef6b0d69bd12&searchtype=hp" ]

Found [l.1960] : urls_to_restore_on_startup = [ "hxxp://www.yahoo.com/", "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=US&userid=1d81189f-0100-4239-8926-ef6b0d69bd12&searchtype=hp" ]

*************************

AdwCleaner[R1].txt - [7598 octets] - [01/10/2012 09:24:33]

########## EOF - C:\AdwCleaner[R1].txt - [7658 octets] ##########

Share this post


Link to post
Share on other sites

These steps are for olconsol only. If you are a casual viewer, do NOT try this on your system!

If you are not olconsol and have a similar problem, do NOT post here; start your own topic

The fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to your System or any other one!

You will want to print out or copy these instructions to Notepad for offline reference!

If you have a prior copy of Combofix, delete it now !

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power or UPS system)

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

For help reference, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

2. Open notepad and copy/paste the text in the quotebox below into it:


KILLALL::

DDS::
uSearch Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=US&userid=1d81189f-0100-4239-8926-ef6b0d69bd12&searchtype=ds&q={searchTerms}
uSearch Bar = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=US&userid=1d81189f-0100-4239-8926-ef6b0d69bd12&searchtype=ds&q={searchTerms}
uStart Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=US&userid=1d81189f-0100-4239-8926-ef6b0d69bd12&searchtype=hp&exp=true
uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=US&userid=1d81189f-0100-4239-8926-ef6b0d69bd12&searchtype=ds&q={searchTerms}

File::
C:\Windows\system32\conduitEngine.tmp

Folder::
C:\Users\Collin\AppData\Local\Conduit
C:\Users\Collin\AppData\LocalLow\Conduit
C:\Users\Collin\AppData\LocalLow\PriceGong
C:\Users\Collin\AppData\Roaming\OpenCandy

Save this as CFScript.txt, in the same location as ComboFix.exe

Close Notepad.

3. Close any (all) open browsers.

4:

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

Look for some initial prompts: Accept the EULA and allow to Run

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

-------------------------------------------------------

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh !

Reply & Copy/Paste the C:\Combofix.txt log and tell me, How is the system now :excl:

RE-Enable your AntiVirus and AntiSpyware applications.

Share this post


Link to post
Share on other sites

Still have snap.do on both browsers.

ComboFix 12-09-30.03 - Collin 10/01/2012 18:17:06.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3006.1739 [GMT -7:00]

Running from: c:\users\Collin\Desktop\ComboFix.exe

Command switches used :: c:\users\Collin\Desktop\CFScript.txt

AV: Norton Business Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Business Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Business Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\system32\conduitEngine.tmp"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf

c:\windows\system32\conduitEngine.tmp

c:\windows\system32\drivers\etc\hosts.ics

c:\windows\system32\FlashPlayerInstaller.exe

c:\windows\system32\KBL.LOG

c:\windows\system32\muzapp.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-09-02 to 2012-10-02 )))))))))))))))))))))))))))))))

.

.

2012-10-02 01:35 . 2012-10-02 01:41 -------- d-----w- c:\users\Collin\AppData\Local\temp

2012-10-02 01:35 . 2012-10-02 01:35 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-10-02 00:51 . 2012-10-02 00:51 -------- d-----w- c:\users\Collin\AppData\Local\Avg2013

2012-10-01 16:12 . 2012-10-01 16:12 -------- d-----w- c:\program files\ERUNT

2012-09-27 19:57 . 2012-09-27 19:57 -------- d-----w- c:\program files\Common Files\Bitdefender

2012-09-27 15:14 . 2012-09-27 15:14 -------- d-----w- c:\users\Collin\AppData\Roaming\TuneUp Software

2012-09-27 15:01 . 2012-10-02 00:53 -------- d-----w- c:\programdata\MFAData

2012-09-27 15:01 . 2012-09-27 15:01 -------- d--h--w- c:\programdata\Common Files

2012-09-27 15:01 . 2012-09-27 15:01 -------- d-----w- c:\users\Collin\AppData\Local\MFAData

2012-09-27 14:49 . 2012-09-27 14:49 -------- d-----w- c:\users\Collin\AppData\Roaming\Simply Super Software

2012-09-27 14:49 . 2003-02-03 03:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll

2012-09-27 14:49 . 2002-03-06 08:00 75264 ----a-w- c:\windows\system32\unacev2.dll

2012-09-27 14:49 . 2012-09-27 14:49 -------- d-----w- c:\program files\Trojan Remover

2012-09-27 14:49 . 2012-09-27 14:49 -------- d-----w- c:\programdata\Simply Super Software

2012-09-27 03:23 . 2012-08-21 20:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-09-27 03:17 . 2012-09-27 03:17 -------- d-----w- c:\program files\iPod

2012-09-27 03:16 . 2012-09-27 03:23 -------- d-----w- c:\program files\iTunes

2012-09-27 03:12 . 2012-09-27 03:12 -------- d-----w- c:\program files\Apple Software Update

2012-09-26 16:30 . 2012-09-26 16:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware(362)

2012-09-25 17:31 . 2012-09-25 17:32 -------- d-----w- c:\program files\doubleTwist 2.0

2012-09-25 17:04 . 2012-09-25 17:04 -------- d-----w- c:\users\Collin\AppData\Local\AirParrot

2012-09-25 16:56 . 2012-10-01 16:05 -------- d-----w- c:\users\Collin\AppData\Roaming\BitTorrent

2012-09-23 00:38 . 2012-09-26 20:45 -------- d-----w- c:\program files\MediaMall

2012-09-23 00:36 . 2012-09-26 20:45 -------- d-----w- c:\programdata\MediaMall

2012-09-19 20:45 . 2012-09-27 03:23 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1

2012-09-18 18:52 . 2012-09-18 18:52 -------- d-----w- c:\users\Default\AppData\Local\Google

2012-09-05 16:48 . 2012-09-05 16:49 -------- d-s---w- c:\users\Collin\Google Drive

2012-09-04 23:02 . 2011-03-02 11:43 175616 ----a-w- c:\windows\system32\unrar.dll

2012-09-04 23:02 . 2012-09-04 23:03 -------- d-----w- c:\program files\K-Lite Codec Pack

2012-09-04 22:58 . 2012-09-04 22:58 -------- d-----w- C:\Upload

2012-09-04 22:53 . 2012-09-10 14:30 -------- d-----w- C:\AllShare Play

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-27 02:37 . 2012-04-03 14:53 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-09-27 02:37 . 2011-11-16 21:19 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-24 06:51 . 2012-09-27 10:02 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 06:47 . 2012-09-27 10:02 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-08-21 20:01 . 2010-11-02 22:38 106928 ----a-w- c:\windows\system32\GEARAspi.dll

2012-07-09 20:42 . 2012-07-09 20:42 4547984 ----a-w- c:\windows\system32\usbaaplrc.dll

2012-07-09 20:42 . 2012-07-09 20:42 44032 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2012-07-06 05:06 . 2012-08-16 14:57 772544 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-07-06 05:06 . 2011-12-26 17:58 687544 ----a-w- c:\windows\system32\deployJava1.dll

2012-07-04 14:02 . 2012-08-16 10:20 2047488 ----a-w- c:\windows\system32\win32k.sys

2007-11-09 23:10 . 2007-11-09 23:10 30288 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2007-11-09 23:10 . 2007-11-09 23:10 79440 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2007-11-09 23:10 . 2007-11-09 23:10 75344 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2007-11-09 23:10 . 2007-11-09 23:10 140880 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2007-11-09 23:10 . 2007-11-09 23:10 42576 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2007-11-09 23:10 . 2007-11-09 23:10 50768 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2007-11-09 23:10 . 2007-11-09 23:10 34384 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll

2007-11-09 23:11 . 2007-11-09 23:11 685648 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2007-11-09 23:11 . 2007-11-09 23:11 30288 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

2007-08-25 02:52 . 2008-04-18 03:18 300400 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2012-09-06 22:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2012-09-06 22:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2012-09-06 22:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2012-09-06 22:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]

"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]

"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2012-09-14 1247504]

"bdinstaller"="c:\program files\Common Files\Bitdefender\SetupInformation\downloader\setuplauncher.exe" [2012-07-25 676128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

backup=c:\windows\pss\Bluetooth.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^Collin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:\users\Collin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]

2008-04-24 20:25 202560 ----a-w- c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-05-08 23:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]

2007-08-22 23:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]

2007-09-04 20:54 554320 ----a-w- c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]

2007-09-19 21:31 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]

2007-12-20 02:27 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2007-08-24 00:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-10-02 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 02:37]

.

2012-10-01 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-09 00:42]

.

2012-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 06:30]

.

2012-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 06:30]

.

2012-10-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3750453361-2573893903-1094557867-1000Core.job

- c:\users\Collin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-29 01:15]

.

2012-10-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3750453361-2573893903-1094557867-1000UA.job

- c:\users\Collin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-29 01:15]

.

2012-09-18 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Collin.job

- c:\program files\Norton Business Suite\Engine\5.2.2.3\navw32.exe [2012-07-16 00:01]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = <local>;192.168.*.*;*.local

uInternet Settings,ProxyServer = http=127.0.0.1:51210

TCP: DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36

DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll

DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxp://lazboy3d.icovia.com/PLANNER/Core/Player/2020PlayerAX_WEB_Win32.cab

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)

WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)

WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

HKLM-Run-ROC_ROC_NT - c:\program files\AVG Secure Search\ROC_ROC_NT.exe

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe

MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

MSConfigStartUp-BitTorrent DNA - c:\users\Collin\Program Files\DNA\btdna.exe

MSConfigStartUp-Desktop Software - c:\program files\Common Files\SupportSoft\bin\bcont.exe

MSConfigStartUp-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe

AddRemove-Navizon - c:\windows\system32\javaws.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-10-01 18:41

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]

"ImagePath"="\"c:\program files\Norton Business Suite\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Business Suite\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(4496)

c:\windows\System32\netshell.dll

c:\windows\system32\btncopy.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\windows\system32\rundll32.exe

c:\program files\Google\Update\1.3.21.123\GoogleCrashHandler.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\dlbccoms.exe

c:\program files\Canon\IJPLM\IJPLMSVC.EXE

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Norton Business Suite\Engine\5.2.2.3\ccSvcHst.exe

c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

c:\program files\Norton Business Suite\Engine\5.2.2.3\ccSvcHst.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe

c:\windows\system32\DRIVERS\xaudio.exe

c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe

c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe

c:\windows\system32\DllHost.exe

c:\windows\System32\rundll32.exe

c:\program files\Hewlett-Packard\Shared\HpqToaster.exe

c:\windows\ehome\ehmsas.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe

c:\windows\servicing\TrustedInstaller.exe

.

**************************************************************************

.

Completion time: 2012-10-01 18:50:52 - machine was rebooted

ComboFix-quarantined-files.txt 2012-10-02 01:50

.

Pre-Run: 19,373,211,648 bytes free

Post-Run: 24,390,918,144 bytes free

.

- - End Of File - - 7BF099995E28628099E50B65F74E90CA

Share this post


Link to post
Share on other sites

For Internet Explorer:

Using IE (only!) to http://support.microsoft.com/kb/923737

[ignore any DOES NOT APPLY warning as well as the APPLIES TO section],

run the Fix It and then reboot.

Tip: For optimal results, enable the Delete personal settings option.

Also, in IE, Internet Options

a) Delete all temporary internet files

b) Delete all cookies

And)

Using Internet Explorer browser, run the Microsoft Fix-It on the following MS page

http://support.microsoft.com/mats/ie_performance_and_safety

For Chrome browser:

Press & hold SHIFT+CTRL+Del keys to get menu for clearing browing data:

Check Empty the cache

Delete cookies and other site and plug-in data

and press Clear browsing data button

Still in Chrome, press ALT+F then Settings

Click Extensions on the left.

Closely review the browser extensions that are listed. Disable any that you are not familiar with or that you do not trust.

NEXT

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Share this post


Link to post
Share on other sites

Chrome still has the snap.do tab opening. IE does not anymore.

info.txt logfile of random's system information tool 1.09 2012-10-04 07:24:18

======Uninstall list======

Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}

Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}

-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"

-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U

-->C:\Program Files\Conexant\SmartAudio\SETUP.EXE -U -ISmartAudio -SM=SMAUDIO.EXE,1801

-->MsiExec /X{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}

7-Zip 9.20-->"C:\Program Files\7-Zip\Uninstall.exe"

Acrobat.com-->MsiExec.exe /X{6D8D64BE-F500-55B6-705D-DFD08AFE0624}

Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE

Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}

Adobe Flash Player 11 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_278_ActiveX.exe -maintain activex

Adobe Flash Player 11 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_278_Plugin.exe -maintain plugin

Adobe Reader X (10.1.3)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA1000000001}

Adobe Shockwave Player 11.6-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"

Adobe Shockwave Player-->MsiExec.exe /X{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}

Amazon MP3 Downloader 1.0.17-->C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe

AppInventor Setup-->C:\Program Files\AppInventor\commands-for-Appinventor\uninstall.exe

Apple Application Support-->MsiExec.exe /I{63EC2120-1742-4625-AA47-C6A8AEC9C64C}

Apple Mobile Device Support-->MsiExec.exe /I{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}

Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}

ArcSoft MediaConverter 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B15D991-5619-4BC1-B71E-3DE793B792FC}\setup.exe" -l0x9

Atheros Driver Installation Program-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe" -l0x9 -removeonly

Bonjour-->MsiExec.exe /X{79155F2B-9895-49D7-8612-D92580E0DE5B}

Canon MP Navigator EX 2.0-->"C:\Program Files\Canon\MP Navigator EX 2.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 2.0\uninst.ini

Canon MP240 series MP Drivers-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series /L0x0009

Canon MP240 series User Registration-->C:\Program Files\Canon\IJEREG\MP240 series\UNINST.EXE

Canon Utilities Easy-PhotoPrint EX-->C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini

Canon Utilities My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini

Canon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini

CCleaner-->"C:\Program Files\CCleaner\uninst.exe"

Cisco Connect-->"C:\Program Files\Cisco Systems\Cisco Connect\Cisco Connect.exe" -uninstall

Citrix Presentation Server Client-->MsiExec.exe /I{42ACCB45-3363-47E0-94E9-F0074CC8BC56}

Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}

Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe -U -IQh30CFza.INF

CPC Lite Plugin-->C:\Windows\UnCpcVw.exe CPC View Plugin

Desktop Doctor-->MsiExec.exe /I{D87149B3-7A1D-4548-9CBF-032B791E5908}

DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall

ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"

Google Drive-->MsiExec.exe /X{EACCC042-848D-4166-9D97-B13D1D108722}

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall

Hauppauge MCE XP/Vista Software Encoder (2.0.25149)-->C:\PROGRA~1\WinTV\UNSftMCE.EXE C:\PROGRA~1\WinTV\softMCE.LOG

HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_HERMOSA_HSF\UIU32m.exe -U -IHPQHERzm.inf

Hewlett-Packard Active Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}

Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {99A120B0-F930-3427-A833-FAD753B85527} /parameterfolder Client

HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD0E2B92-3814-46F0-893B-4612EA010C7E}\setup.exe" -l0x9 -removeonly

HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}

HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}\setup.exe" -l0x9 -removeonly

HP Games-->"C:\Program Files\HP Games\Uninstall.exe"

HP Help and Support-->MsiExec.exe /I{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}

HP Integrated Module with Bluetooth wireless technology 6.0.1.5500-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}

HP Photosmart Essential 2.5-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat

HP Quick Launch Buttons 6.30 E1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 uninst

HP QuickPlay 3.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall

HP QuickTouch 1.00 C4-->MsiExec.exe /I{7DC4A410-9986-4329-9E5D-687B2C42CA39}

HP Smart Web Printing-->msiexec /i{A9DC9256-709F-4BEA-B39D-4F11D90585AA}

HP Total Care Advisor-->MsiExec.exe /X{b02df929-29a7-4fd2-9a70-81a644b635f7}

HP Update-->MsiExec.exe /X{D063F201-FAC4-4D5C-B10B-615058ADE5A7}

HP User Guides 0087-->MsiExec.exe /I{4D49757C-367A-4333-BDB3-68966162B14E}

HP Wireless Assistant-->MsiExec.exe /I{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}

HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}

Inkjet Printer/Scanner Extended Survey Program-->C:\Program Files\Canon\IJPLM\SETUP.EXE -R

iRemote-->MsiExec.exe /I{91660892-8B9D-4C01-8ED8-6567447937EC}

iTunes-->MsiExec.exe /I{0F6F6876-6334-4977-B5DD-CFC12E193420}

K-Lite Codec Pack 8.4.0 (Basic)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"

LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" -uninstall

LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\ProgramData\LuUninstall.LiveUpdate"

LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client

Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {6E107EB7-8B55-48BF-ACCB-199F86A2CD93}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6E107EB7-8B55-48BF-ACCB-199F86A2CD93}

Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}

Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}

Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}

Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}

Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL

Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}

Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}

Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}

Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}

Microsoft Office Professional 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL

Microsoft Office Professional 2007-->MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {1FF96026-A04A-4C3E-B50A-BB7022654D0F}

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {1FF96026-A04A-4C3E-B50A-BB7022654D0F}

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {71F055E8-E2C6-4214-BB3D-BFE03561B89E}

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {71F055E8-E2C6-4214-BB3D-BFE03561B89E}

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}

Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}

Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}

Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}

Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}

Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}

Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}

MotoHelper 2.0.40 Driver 4.8.0-->C:\Program Files\Motorola\MotoHelper\uninstall.exe

MotoHelper MergeModules-->MsiExec.exe /I{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}

Motorola Mobile Drivers Installation 5.4.0-->MsiExec.exe /X{6C12B6BF-3891-497B-B5CA-3D64DA093947}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

muvee autoProducer 6.1-->C:\Program Files\InstallShield Installation Information\{250E9609-E830-43EB-B379-DAB7546A2422}\muveesetup.exe -removeonly -runfromtemp

Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}

NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly

Norton Business Suite-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\704bfc66\5.2.2.3\InstStub.exe /X /ARP

NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI

NVIDIA PhysX v8.10.29-->MsiExec.exe /X{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}

OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}

Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall

PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall

RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything

RSDLite-->MsiExec.exe /I{2DAFF979-5A46-44FA-B431-DAB8F0580683}

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {94EFE014-E577-310B-B2D5-6973A21D8A90} /qb+ REBOOTPROMPT=""

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {F6F5AC31-9833-3E77-AC8E-8E910CAB39AE} /qb+ REBOOTPROMPT=""

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DB31DEDD-BF95-31E7-A9B7-5480561CEFF3} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {67A5F99B-5EBA-3812-8D2E-BC251490DD3F} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8DDEFC7E-0C61-3D11-AFC6-5414F2DAFD01} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4952F442-5C1A-38EB-8C23-B18EFE77E20C} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {9EC88EA8-4ABE-393C-87BD-90EABB1C4C9B} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {86BB5A25-8CC3-33CE-A393-CF28901682B2} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {16EEC04A-B924-37E0-97CF-422DCEFC1B63} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {C4D978AA-2668-3404-96DE-96E2AFC62FD7} /parameterfolder Client

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition -->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {C6997D22-CC93-4ED9-AD8A-02C3F3D2F1F9}

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C6997D22-CC93-4ED9-AD8A-02C3F3D2F1F9}

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition -->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {5DD3FF90-B302-45B2-A188-C5EA7ACD5D46}

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5DD3FF90-B302-45B2-A188-C5EA7ACD5D46}

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition -->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {D33B9EF5-3801-496A-A2D6-B7F4BE972D75}

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {D33B9EF5-3801-496A-A2D6-B7F4BE972D75}

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition -->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {B145DBBB-7778-4A5D-9D2B-DA6569F02391}

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B145DBBB-7778-4A5D-9D2B-DA6569F02391}

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {A0D5F849-D9D5-48ED-99D0-C74D7BFA6A09}

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A0D5F849-D9D5-48ED-99D0-C74D7BFA6A09}

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {E34960DB-2A93-45DB-A208-02650F7AB09C}

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E34960DB-2A93-45DB-A208-02650F7AB09C}

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition -->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {2623A96B-78E5-42CC-AB55-6A3969B32E36}

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {2623A96B-78E5-42CC-AB55-6A3969B32E36}

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {293FB6BE-D3EB-4162-B522-F9108040B9FE}

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {293FB6BE-D3EB-4162-B522-F9108040B9FE}

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition -->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {31C0F635-15AD-4AA3-A3C6-B542B403D0EE}

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {31C0F635-15AD-4AA3-A3C6-B542B403D0EE}

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition -->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {3069CE04-082C-4669-9BA1-E6AA66330C1F}

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3069CE04-082C-4669-9BA1-E6AA66330C1F}

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {2B3C041A-A7F2-4A24-968D-4BEB6A123D15}

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {2B3C041A-A7F2-4A24-968D-4BEB6A123D15}

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition -->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {EF5B5C7F-20CB-4A3A-AC3D-F5DE2C2BFDC7}

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {EF5B5C7F-20CB-4A3A-AC3D-F5DE2C2BFDC7}

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition -->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {B4C12F08-B0EF-4CC4-AD5F-381DD62BF640}

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B4C12F08-B0EF-4CC4-AD5F-381DD62BF640}

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition -->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {7BCF7F6B-4AC0-4915-83B2-5CFF6BE9BF77}

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7BCF7F6B-4AC0-4915-83B2-5CFF6BE9BF77}

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {AEA16A27-0B97-4670-818F-A98D06EC0A6F}

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AEA16A27-0B97-4670-818F-A98D06EC0A6F}

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {0EF0D4FB-BB23-4515-AAEA-1240AC2DA525}

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0EF0D4FB-BB23-4515-AAEA-1240AC2DA525}

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {5A8732F0-C20F-4A9B-A2A9-66FE7A586C35}

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition -->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {075C2272-0881-46D3-B3A5-1D83D6940270}

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {075C2272-0881-46D3-B3A5-1D83D6940270}

Skifta-->"C:\Program Files\Skifta\Uninstall Skifta.exe"

swMSM-->MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726}

Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

Trojan Remover 6.8.5-->"C:\Program Files\Trojan Remover\unins000.exe"

Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}

Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

Update for Microsoft Office 2007 Help for Common Features (KB957244)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {C8C72583-C907-4D20-8973-C3858D96BD9E}

Update for Microsoft Office 2007 Help for Common Features (KB957244)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {C8C72583-C907-4D20-8973-C3858D96BD9E}

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {8F32B14E-F85E-482C-BF8C-C04E1A5ADE4F}

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {8B689F89-5E1C-4DA9-B2B1-7B3843275596}

Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {6F0E4983-E419-4591-B7DD-EFB0073D3E47}

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {BBE715CA-02FD-4C5A-90BB-440A967DF05E}

Update for Microsoft Office Publisher 2007 Help (KB957249)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4E140A5A-4A90-404A-B955-10C2D98CD3EE}

VC80CRTRedist - 8.0.50727.6195-->MsiExec.exe /I{933B4015-4618-4716-A828-5289FC03165F}

WeatherBug Gadget-->MsiExec.exe /I{209CDA54-D390-46A2-A97C-7BF61734418D}

Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: Colin

Event Code: 4376

Message: Servicing has required reboot to complete the operation of setting package KB2117917(Update) into Staged(Staged) state

Record Number: 192088

Source Name: Microsoft-Windows-Servicing

Time Written: 20111212235555.000000-000

Event Type: Warning

User: COLIN\Collin

Computer Name: Colin

Event Code: 4376

Message: Servicing has required reboot to complete the operation of setting package KB2117917(Update) into Staged(Staged) state

Record Number: 192087

Source Name: Microsoft-Windows-Servicing

Time Written: 20111212235555.000000-000

Event Type: Warning

User: COLIN\Collin

Computer Name: Colin

Event Code: 4376

Message: Servicing has required reboot to complete the operation of setting package KB2117917(Update) into Install Requested(Install Requested) state

Record Number: 192041

Source Name: Microsoft-Windows-Servicing

Time Written: 20111212235555.000000-000

Event Type: Warning

User: COLIN\Collin

Computer Name: Colin

Event Code: 4376

Message: Servicing has required reboot to complete the operation of setting package KB2117917(Update) into Install Requested(Install Requested) state

Record Number: 192039

Source Name: Microsoft-Windows-Servicing

Time Written: 20111212235555.000000-000

Event Type: Warning

User: COLIN\Collin

Computer Name: Colin

Event Code: 4376

Message: Servicing has required reboot to complete the operation of setting package KB2117917(Update) into Install Requested(Install Requested) state

Record Number: 192035

Source Name: Microsoft-Windows-Servicing

Time Written: 20111212235555.000000-000

Event Type: Warning

User: COLIN\Collin

=====Application event log=====

Computer Name: Colin

Event Code: 510

Message: Windows (2932) Windows: A request to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 105611264 (0x00000000064b8000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (10490 seconds) to be serviced by the OS. In addition, 2 other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted 11544 seconds ago. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Record Number: 39999

Source Name: ESENT

Time Written: 20111116003840.000000-000

Event Type: Warning

User:

Computer Name: Colin

Event Code: 508

Message: Windows (2932) Windows: A request to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log" at offset 69120 (0x0000000000010e00) for 33280 (0x00008200) bytes succeeded, but took an abnormally long time (5255 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Record Number: 39998

Source Name: ESENT

Time Written: 20111115212616.000000-000

Event Type: Warning

User:

Computer Name: Colin

Event Code: 507

Message: Windows (2932) Windows: A request to read from the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 62472192 (0x0000000003b94000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (5255 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Record Number: 39997

Source Name: ESENT

Time Written: 20111115212615.000000-000

Event Type: Warning

User:

Computer Name: Colin

Event Code: 10

Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Record Number: 39983

Source Name: Microsoft-Windows-WMI

Time Written: 20111115183835.000000-000

Event Type: Error

User:

Computer Name: Colin

Event Code: 10

Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Record Number: 39917

Source Name: Microsoft-Windows-WMI

Time Written: 20111114005541.000000-000

Event Type: Error

User:

=====Security event log=====

Computer Name: Colin

Event Code: 4905

Message: An attempt was made to unregister a security event source.

Subject

Security ID: S-1-5-18

Account Name: COLIN$

Account Domain: FRANZ

Logon ID: 0x3e7

Process:

Process ID: 0x14dc

Process Name: C:\Windows\System32\VSSVC.exe

Event Source:

Source Name: VSSAudit

Event Source ID: 0x3df9fd8

Record Number: 13317

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20100128212159.282100-000

Event Type: Audit Success

User:

Computer Name: Colin

Event Code: 4904

Message: An attempt was made to register a security event source.

Subject :

Security ID: S-1-5-18

Account Name: COLIN$

Account Domain: FRANZ

Logon ID: 0x3e7

Process:

Process ID: 0x14dc

Process Name: C:\Windows\System32\VSSVC.exe

Event Source:

Source Name: VSSAudit

Event Source ID: 0x3df9fd8

Record Number: 13316

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20100128212159.282100-000

Event Type: Audit Success

User:

Computer Name: Colin

Event Code: 4672

Message: Special privileges assigned to new logon.

Subject:

Security ID: S-1-5-18

Account Name: SYSTEM

Account Domain: NT AUTHORITY

Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege

SeTcbPrivilege

SeSecurityPrivilege

SeTakeOwnershipPrivilege

SeLoadDriverPrivilege

SeBackupPrivilege

SeRestorePrivilege

SeDebugPrivilege

SeAuditPrivilege

SeSystemEnvironmentPrivilege

SeImpersonatePrivilege

Record Number: 13315

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20100128212035.244900-000

Event Type: Audit Success

User:

Computer Name: Colin

Event Code: 4624

Message: An account was successfully logged on.

Subject:

Security ID: S-1-5-18

Account Name: COLIN$

Account Domain: FRANZ

Logon ID: 0x3e7

Logon Type: 5

New Logon:

Security ID: S-1-5-18

Account Name: SYSTEM

Account Domain: NT AUTHORITY

Logon ID: 0x3e7

Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:

Process ID: 0x2a0

Process Name: C:\Windows\System32\services.exe

Network Information:

Workstation Name:

Source Network Address: -

Source Port: -

Detailed Authentication Information:

Logon Process: Advapi

Authentication Package: Negotiate

Transited Services: -

Package Name (NTLM only): -

Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.

- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.

- Transited services indicate which intermediate services have participated in this logon request.

- Package name indicates which sub-protocol was used among the NTLM protocols.

- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

Record Number: 13314

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20100128212035.244900-000

Event Type: Audit Success

User:

Computer Name: Colin

Event Code: 4648

Message: A logon was attempted using explicit credentials.

Subject:

Security ID: S-1-5-18

Account Name: COLIN$

Account Domain: FRANZ

Logon ID: 0x3e7

Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:

Account Name: SYSTEM

Account Domain: NT AUTHORITY

Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:

Target Server Name: localhost

Additional Information: localhost

Process Information:

Process ID: 0x2a0

Process Name: C:\Windows\System32\services.exe

Network Information:

Network Address: -

Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.

Record Number: 13313

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20100128212035.244900-000

Event Type: Audit Success

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\CyberLink\Power2Go;

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=x86

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 104 Stepping 2, AuthenticAMD

"PROCESSOR_REVISION"=6802

"NUMBER_OF_PROCESSORS"=2

"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat

"DFSTRACINGON"=FALSE

"PLATFORM"=MCD

"PCBRAND"=Pavilion

"OnlineServices"=Online Services

"USERPART"=E:

"asl.log"=Destination=file;OnFirstLog=command,environment,parent

-----------------EOF-----------------

Logfile of random's system information tool 1.09 (written by random/random)

Run by Collin at 2012-10-04 07:23:48

Microsoft® Windows Vista™ Home Premium Service Pack 2

System drive C: has 19 GB (14%) free of 141 GB

Total RAM: 3006 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 7:24:12 AM, on 10/4/2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16450)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Norton Business Suite\Engine\5.2.2.3\ccSvcHst.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Users\Collin\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe

C:\Users\Collin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Collin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Collin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Collin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Collin\Downloads\RSIT.exe

C:\Program Files\trend micro\Collin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:51210

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Business Suite\Engine\5.2.2.3\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Business Suite\Engine\5.2.2.3\IPS\IPSBHO.DLL

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Business Suite\Engine\5.2.2.3\coIEPlg.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - (no file)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames/zpa_dmno.cab55579.cab

O16 - DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} (20-20 3D Viewer for WEB) - http://lazboy3d.icovia.com/PLANNER/Core/Player/2020PlayerAX_WEB_Win32.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

O23 - Service: dlbc_device - - C:\Windows\system32\dlbccoms.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: Norton Business Suite (N360) - Symantec Corporation - C:\Program Files\Norton Business Suite\Engine\5.2.2.3\ccSvcHst.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 8816 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

C:\Windows\tasks\Google Software Updater.job

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3750453361-2573893903-1094557867-1000Core.job

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3750453361-2573893903-1094557867-1000UA.job

C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Collin.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

Symantec NCO BHO - C:\Program Files\Norton Business Suite\Engine\5.2.2.3\coIEPlg.dll [2012-06-07 436192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

Symantec Intrusion Prevention - C:\Program Files\Norton Business Suite\Engine\5.2.2.3\IPS\IPSBHO.DLL [2011-03-30 210872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Business Suite\Engine\5.2.2.3\coIEPlg.dll [2012-06-07 436192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-01-18 1033512]

"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-09-13 480560]

"WAWifiMessage"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-08 311296]

"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-12-04 13556256]

"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-12-04 92704]

"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]

"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-08-27 59280]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2012-09-09 421776]

"TrojanScanner"=C:\Program Files\Trojan Remover\Trjscan.exe [2012-09-14 1247504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]

"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-10 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]

C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe [2008-04-24 202560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]

C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]

C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [2007-09-04 554320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-09-19 202032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]

C:\Program Files\HP\QuickPlay\QPService.exe [2007-12-19 468264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2007-09-05 727592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Collin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

C:\PROGRA~1\MICROS~3\Office12\ONENOTEM.EXE [2009-02-26 97680]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"BindDirectlyToPropertySetStorage"=0

"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"

"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"vidc.cvid"=iccvid.dll

"MSVideo8"=VfWWDM32.dll

"msacm.l3codecp"=l3codecp.acm

"wave2"=wdmaud.drv

"midi2"=wdmaud.drv

"mixer2"=wdmaud.drv

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2012-10-04 07:23:50 ----D---- C:\Program Files\trend micro

2012-10-04 07:23:48 ----D---- C:\rsit

2012-10-02 17:02:22 ----D---- C:\f23efcd6d6e508a4ea3fce

2012-10-01 19:34:47 ----D---- C:\N360_BACKUP

2012-10-01 18:50:57 ----D---- C:\Windows\temp

2012-10-01 18:50:53 ----A---- C:\ComboFix.txt

2012-10-01 18:39:52 ----D---- C:\$RECYCLE.BIN

2012-10-01 18:10:57 ----A---- C:\Windows\zip.exe

2012-10-01 18:10:57 ----A---- C:\Windows\SWSC.exe

2012-10-01 18:10:57 ----A---- C:\Windows\SWREG.exe

2012-10-01 18:10:57 ----A---- C:\Windows\sed.exe

2012-10-01 18:10:57 ----A---- C:\Windows\PEV.exe

2012-10-01 18:10:57 ----A---- C:\Windows\NIRCMD.exe

2012-10-01 18:10:57 ----A---- C:\Windows\MBR.exe

2012-10-01 18:10:57 ----A---- C:\Windows\grep.exe

2012-10-01 17:57:58 ----D---- C:\Qoobox

2012-10-01 09:24:33 ----A---- C:\AdwCleaner[R1].txt

2012-10-01 09:13:16 ----D---- C:\Windows\ERDNT

2012-10-01 09:12:20 ----D---- C:\Program Files\ERUNT

2012-09-27 12:57:48 ----D---- C:\Program Files\Common Files\Bitdefender

2012-09-27 08:14:45 ----D---- C:\Users\Collin\AppData\Roaming\TuneUp Software

2012-09-27 08:01:35 ----HD---- C:\ProgramData\Common Files

2012-09-27 08:01:35 ----D---- C:\ProgramData\MFAData

2012-09-27 07:55:22 ----D---- C:\ProgramData\TEMP

2012-09-27 07:49:18 ----D---- C:\Users\Collin\AppData\Roaming\Simply Super Software

2012-09-27 07:49:06 ----A---- C:\Windows\system32\ztvunrar39.dll

2012-09-27 07:49:06 ----A---- C:\Windows\system32\ztvunrar36.dll

2012-09-27 07:49:06 ----A---- C:\Windows\system32\ztvunace26.dll

2012-09-27 07:49:06 ----A---- C:\Windows\system32\ztv7z.dll

2012-09-27 07:49:05 ----A---- C:\Windows\system32\ztvcabinet.dll

2012-09-27 07:49:05 ----A---- C:\Windows\system32\UNRAR3.dll

2012-09-27 07:49:05 ----A---- C:\Windows\system32\unacev2.dll

2012-09-27 07:49:02 ----D---- C:\ProgramData\Simply Super Software

2012-09-27 07:49:02 ----D---- C:\Program Files\Trojan Remover

2012-09-27 03:02:33 ----A---- C:\Windows\system32\vbscript.dll

2012-09-27 03:02:33 ----A---- C:\Windows\system32\mshtmled.dll

2012-09-27 03:02:31 ----A---- C:\Windows\system32\ieui.dll

2012-09-27 03:02:30 ----A---- C:\Windows\system32\jsproxy.dll

2012-09-27 03:02:30 ----A---- C:\Windows\system32\ieUnatt.exe

2012-09-27 03:02:29 ----A---- C:\Windows\system32\msfeeds.dll

2012-09-27 03:02:28 ----A---- C:\Windows\system32\wininet.dll

2012-09-27 03:02:27 ----A---- C:\Windows\system32\jscript.dll

2012-09-27 03:02:26 ----A---- C:\Windows\system32\url.dll

2012-09-27 03:02:26 ----A---- C:\Windows\system32\jscript9.dll

2012-09-27 03:02:24 ----A---- C:\Windows\system32\iertutil.dll

2012-09-27 03:02:22 ----A---- C:\Windows\system32\urlmon.dll

2012-09-27 03:02:18 ----A---- C:\Windows\system32\ieframe.dll

2012-09-27 03:02:17 ----A---- C:\Windows\system32\mshtml.dll

2012-09-26 20:23:15 ----A---- C:\Windows\system32\drivers\GEARAspiWDM.sys

2012-09-26 20:17:13 ----D---- C:\Program Files\iPod

2012-09-26 20:16:58 ----D---- C:\Program Files\iTunes

2012-09-26 20:12:49 ----D---- C:\Program Files\Apple Software Update

2012-09-26 09:30:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware(362)

2012-09-25 10:31:45 ----D---- C:\Program Files\doubleTwist 2.0

2012-09-25 09:56:54 ----D---- C:\Users\Collin\AppData\Roaming\BitTorrent

2012-09-22 17:38:25 ----D---- C:\Program Files\MediaMall

2012-09-22 17:36:20 ----D---- C:\ProgramData\MediaMall

2012-09-19 13:45:20 ----D---- C:\Program Files\iPod(360)

2012-09-19 13:45:13 ----D---- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

2012-09-19 13:45:13 ----D---- C:\Program Files\iTunes(361)

======List of files/folders modified in the last 1 month======

2012-10-04 07:24:10 ----D---- C:\Windows\Prefetch

2012-10-04 07:23:50 ----RD---- C:\Program Files

2012-10-04 07:21:02 ----SHD---- C:\Windows\Installer

2012-10-04 07:19:21 ----SHD---- C:\System Volume Information

2012-10-01 18:51:05 ----D---- C:\Windows\system32\drivers

2012-10-01 18:50:57 ----D---- C:\Windows

2012-10-01 18:40:21 ----A---- C:\Windows\system.ini

2012-10-01 18:39:13 ----D---- C:\Windows\system32\drivers\etc

2012-10-01 18:37:36 ----D---- C:\ProgramData

2012-10-01 18:34:33 ----D---- C:\Windows\System32

2012-10-01 18:34:30 ----SD---- C:\Windows\Downloaded Program Files

2012-10-01 18:26:55 ----D---- C:\Windows\AppPatch

2012-10-01 18:26:51 ----D---- C:\Program Files\Common Files

2012-10-01 17:48:11 ----D---- C:\Windows\inf

2012-10-01 17:33:10 ----D---- C:\ProgramData\CanonIJPLM

2012-09-27 19:37:00 ----D---- C:\Program Files\Java

2012-09-27 08:47:47 ----D---- C:\Windows\system32\catroot

2012-09-27 03:27:01 ----D---- C:\Program Files\Microsoft Silverlight

2012-09-27 03:22:47 ----D---- C:\Windows\system32\migration

2012-09-27 03:22:21 ----D---- C:\Program Files\Internet Explorer

2012-09-27 03:05:01 ----D---- C:\Windows\winsxs

2012-09-27 03:04:07 ----D---- C:\Windows\system32\catroot2

2012-09-26 20:23:15 ----DC---- C:\Windows\system32\DRVSTORE

2012-09-26 20:17:03 ----D---- C:\Program Files\Common Files\Apple

2012-09-26 20:13:03 ----D---- C:\Windows\system32\Tasks

2012-09-26 19:57:07 ----D---- C:\Users\Collin\AppData\Roaming\Apple Computer

2012-09-26 19:37:27 ----A---- C:\Windows\system32\FlashPlayerApp.exe

2012-09-26 17:09:48 ----D---- C:\Windows\system32\config

2012-09-26 17:09:09 ----RSD---- C:\Windows\Media

2012-09-26 17:09:09 ----D---- C:\Windows\Tasks

2012-09-26 17:09:09 ----D---- C:\Windows\system32\wbem

2012-09-26 17:09:09 ----D---- C:\Windows\system32\spool

2012-09-26 17:09:09 ----D---- C:\Windows\system32\Msdtc

2012-09-26 17:09:09 ----D---- C:\Windows\system32\CodeIntegrity

2012-09-26 17:09:02 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2012-09-26 17:08:55 ----D---- C:\Program Files\7-Zip

2012-09-26 17:08:49 ----D---- C:\Windows\registration

2012-09-26 16:39:58 ----A---- C:\Windows\system32\PerfStringBackup.INI

2012-09-26 09:21:54 ----D---- C:\Windows\Debug

2012-09-25 11:41:48 ----SD---- C:\Users\Collin\AppData\Roaming\Microsoft

2012-09-25 11:30:13 ----D---- C:\Program Files\Common Files\Adobe

2012-09-25 11:03:41 ----RSD---- C:\Windows\assembly

2012-09-25 10:31:32 ----D---- C:\Users\Collin\AppData\Roaming\OpenCandy

2012-09-22 17:34:03 ----D---- C:\Windows\Downloaded Installations

2012-09-12 03:11:47 ----D---- C:\ProgramData\Microsoft Help

2012-09-12 03:02:41 ----A---- C:\Windows\system32\mrt.exe

2012-09-10 11:48:35 ----D---- C:\ProgramData\Samsung

2012-09-10 11:40:42 ----D---- C:\Program Files\Samsung

2012-09-10 07:30:00 ----D---- C:\AllShare Play

2012-09-05 09:47:02 ----D---- C:\Program Files\Google

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\N360\0502020.003\SYMDS.SYS [2011-01-26 340088]

R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\N360\0502020.003\SYMEFA.SYS [2011-03-14 744568]

R1 BHDrvx86;BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120928.001\BHDrvx86.sys [2012-09-19 995488]

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2012-08-09 376480]

R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121003.001\IDSvix86.sys [2012-09-25 386720]

R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\system32\drivers\N360\0502020.003\SRTSPX.SYS [2011-03-30 50168]

R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\N360\0502020.003\Ironx86.SYS [2010-11-15 136312]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver; C:\Windows\System32\Drivers\N360\0502020.003\SYMTDIV.SYS [2011-04-20 331384]

R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]

R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]

R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]

R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]

R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]

R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-12-06 761856]

R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-10 22528]

R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-20 92160]

R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-06-17 30208]

R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2007-09-18 80424]

R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2007-09-18 80936]

R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-09-18 16168]

R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-03-04 188416]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 106656]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 26840]

R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]

R3 HpqRemHid;HP Remote Control HID Device; C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]

R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-11-01 985600]

R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-11-01 208896]

R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121003.032\NAVENG.SYS [2012-09-26 92704]

R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121003.032\NAVEX15.SYS [2012-09-26 1601184]

R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-03-06 1059112]

R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-12-04 7606688]

R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-16 12032]

R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-10 148992]

R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-10 89088]

R3 SRTSP;Symantec Real Time Storage Protection; C:\Windows\System32\Drivers\N360\0502020.003\SRTSP.SYS [2011-03-30 516216]

R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2011-10-19 126584]

R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-01-18 196784]

R3 UMPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys [2008-01-20 7680]

R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-11-01 661504]

S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]

S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2011-04-21 508416]

S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []

S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]

S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2007-09-09 176640]

S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-20 200704]

S3 motandroidusb;Mot ADB Interface Driver; C:\Windows\System32\Drivers\motoandroid.sys [2009-07-10 25856]

S3 motccgp;Motorola USB Composite Device Driver; C:\Windows\system32\DRIVERS\motccgp.sys [2011-04-04 20480]

S3 motccgpfl;MotCcgpFlService; C:\Windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 8320]

S3 MotDev;Motorola Inc. USB Device; C:\Windows\system32\DRIVERS\motodrv.sys [2009-05-08 42752]

S3 MotoSwitchService;MotoSwitch Service; C:\Windows\system32\DRIVERS\motswch.sys [2007-11-02 6400]

S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]

S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]

S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]

S3 MusCAudio;MusCAudio; C:\Windows\system32\drivers\MusCAudio.sys [2010-09-11 23608]

S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []

S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-04-10 15872]

S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2012-07-09 44032]

S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 35328]

S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-20 134016]

S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-20 39936]

S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]

S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]

S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-08-11 55184]

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 390504]

R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-20 21504]

R2 dlbc_device;dlbc_device; C:\Windows\system32\dlbccoms.exe [2007-03-01 538096]

R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-20 21504]

R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-19 65536]

R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]

R2 IJPLMSVC;Inkjet Printer/Scanner Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2008-01-22 103808]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-08-23 79136]

R2 N360;Norton Business Suite; C:\Program Files\Norton Business Suite\Engine\5.2.2.3\ccSvcHst.exe [2011-04-16 130008]

R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-12-04 203296]

R2 QPCapSvc;QuickPlay Background Capture Service (QBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2007-12-19 271760]

R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-20 21504]

R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]

R2 sprtsvc_ddoctorv2;SupportSoft Sprocket Service (ddoctorv2); C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe [2008-04-24 202560]

R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-20 21504]

R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]

R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-09-09 821648]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-03 135664]

S2 QPSched;QuickPlay Task Scheduler (QTS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2007-12-19 112016]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-26 250288]

S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-03-05 110592]

S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2010-04-16 246520]

S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-03 135664]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2009-02-19 3220856]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S4 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2009-02-19 238968]

-----------------EOF-----------------

Thanks for your help so far.

Share this post


Link to post
Share on other sites

I see a utility Trojan Remover {trojan scanner} in your startup programs.

The bonafides of that utility is unknown to me. If you did not buy it, please Uninstall it & then restart the system.

2

Download TFC by OldTimer and SAVE it to your desktop

  • Double-click TFC.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

3

Next, do this:

1. Open Internet Explorer.

2. Click "Tools," and then click "Internet Options."

3. Click "Connections," and then click "LAN Settings."

4. Make sure the check boxes for "Automatically detect settings" and "Use automatic configuration script" are not selected.

5. Make sure Proxy servers block is not selected (not checkmarked).

6. Apply changes & OK

4

Save and close any work documents, close any apps that you started.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy & Paste the latest MBAM scan log in a new reply, for my review.

5

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

6

Download >> Farbar's Service Scanner utility << and Save to your Desktop.

If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Admisnitrator.

If using XP, double-click to start.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are checkmarked:

  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender

Click on "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Copy & Paste contents of FSS.txt into your reply.

7

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

  • Close all open windows on the Task Bar. Click the icon (for Vista, or Windows 7 Right click the icon and Run as Administrator) to start the program.
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  • It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  • Exit OTL by clicking the X at top right.

Copy & Paste the contents of OTL.txt + Extras.txt into a new reply.

Share this post


Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.65.0.1400

www.malwarebytes.org

Database version: v2012.10.04.10

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Collin :: COLIN [administrator]

Protection: Disabled

10/4/2012 11:46:14 AM

mbam-log-2012-10-04 (11-46-14).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 208373

Time elapsed: 9 minute(s), 34 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\Collin\Downloads\FlvPlayerSetup.exe (Adware.Agent) -> Quarantined and deleted successfully.

(end)

Share this post


Link to post
Share on other sites

Results of screen317's Security Check version 0.99.51

Windows Vista Service Pack 2 x86 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Disabled!

Norton Business Suite

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.65.0.1400

CCleaner

Adobe Flash Player 11.4.402.278

Adobe Reader X 10.1.3 Adobe Reader out of Date!

Google Chrome 21.0.1180.83

Google Chrome 21.0.1180.89

Google Chrome 22.0.1229.79

````````Process Check: objlist.exe by Laurent````````

Norton ccSvcHst.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 8 % Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log``````````````````````

Share this post


Link to post
Share on other sites

Farbar Service Scanner Version: 19-09-2012

Ran by Collin (administrator) on 04-10-2012 at 12:49:34

Running from "C:\Users\Collin\Downloads"

Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall"=DWORD:0

System Restore:

============

System Restore Disabled Policy:

========================

Security Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

Other Services:

==============

File Check:

========

C:\Windows\system32\nsisvc.dll => MD5 is legit

C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit

C:\Windows\system32\dhcpcsvc.dll => MD5 is legit

C:\Windows\system32\Drivers\afd.sys => MD5 is legit

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit

C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\system32\dnsrslvr.dll => MD5 is legit

C:\Windows\system32\mpssvc.dll => MD5 is legit

C:\Windows\system32\bfe.dll => MD5 is legit

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit

C:\Windows\system32\SDRSVC.dll => MD5 is legit

C:\Windows\system32\vssvc.exe => MD5 is legit

C:\Windows\system32\wscsvc.dll => MD5 is legit

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\system32\wuaueng.dll => MD5 is legit

C:\Windows\system32\qmgr.dll => MD5 is legit

C:\Windows\system32\es.dll => MD5 is legit

C:\Windows\system32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

Share this post


Link to post
Share on other sites

OTL logfile created on: 10/4/2012 12:53:29 PM - Run 1

OTL by OldTimer - Version 3.2.70.2 Folder = C:\Users\Collin\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.94 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 54.32% Memory free

6.08 Gb Paging File | 5.04 Gb Available in Paging File | 82.85% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 137.28 Gb Total Space | 17.93 Gb Free Space | 13.06% Space Free | Partition Type: NTFS

Drive D: | 11.77 Gb Total Space | 1.99 Gb Free Space | 16.93% Space Free | Partition Type: NTFS

Computer Name: COLIN | User Name: Collin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/04 12:51:03 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Collin\Downloads\OTL.exe

PRC - [2012/09/16 14:46:15 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe

PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Business Suite\Engine\5.2.2.3\ccsvchst.exe

PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

PRC - [2008/01/22 10:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe

PRC - [2007/03/01 16:52:04 | 000,538,096 | ---- | M] ( ) -- C:\Windows\System32\dlbccoms.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2007/12/19 19:27:04 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll

========== Services (SafeList) ==========

SRV - [2012/09/26 19:37:30 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Business Suite\Engine\5.2.2.3\ccSvcHst.exe -- (N360)

SRV - [2009/02/19 13:10:54 | 000,238,968 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)

SRV - [2009/02/19 13:09:53 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)

SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2)

SRV - [2008/01/22 10:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)

SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

SRV - [2007/03/05 10:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)

SRV - [2007/03/01 16:52:04 | 000,538,096 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlbccoms.exe -- (dlbc_device)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)

DRV - [2012/09/26 16:24:50 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121004.002\NAVEX15.SYS -- (NAVEX15)

DRV - [2012/09/26 16:24:49 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121004.002\NAVENG.SYS -- (NAVENG)

DRV - [2012/09/25 15:37:04 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121003.001\IDSvix86.sys -- (IDSVix86)

DRV - [2012/09/19 22:28:58 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120928.001\BHDrvx86.sys -- (BHDrvx86)

DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012/08/09 07:12:16 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)

DRV - [2012/08/09 07:12:16 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2011/10/19 10:49:15 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2011/04/20 18:37:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502020.003\symtdiv.sys -- (SYMTDIv)

DRV - [2011/04/04 15:55:38 | 000,020,480 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)

DRV - [2011/03/30 20:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\N360\0502020.003\srtsp.sys -- (SRTSP)

DRV - [2011/03/30 20:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502020.003\srtspx.sys -- (SRTSPX)

DRV - [2011/03/14 19:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0502020.003\symefa.sys -- (SymEFA)

DRV - [2011/01/26 23:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0502020.003\symds.sys -- (SymDS)

DRV - [2010/11/15 18:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502020.003\ironx86.sys -- (SymIRON)

DRV - [2010/09/11 08:04:34 | 000,023,608 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MusCAudio.sys -- (MusCAudio)

DRV - [2009/07/10 14:01:06 | 000,025,856 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motoandroid.sys -- (motandroidusb)

DRV - [2009/05/08 12:56:12 | 000,042,752 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motodrv.sys -- (MotDev)

DRV - [2009/01/29 18:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)

DRV - [2008/12/04 03:42:00 | 007,606,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2008/03/04 02:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)

DRV - [2007/12/06 13:40:14 | 000,761,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2007/11/02 16:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)

DRV - [2007/10/18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

DRV - [2007/09/09 15:12:28 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)

DRV - [2007/07/11 10:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)

DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV - [2007/03/21 22:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2007/03/06 19:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)

DRV - [2007/02/24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2007/02/16 14:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)

DRV - [2007/01/23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {BE28C22E-F666-424d-B5FD-125C4AFEE34E}

IE - HKLM\..\SearchScopes\{3925FC94-8FDF-4529-82E1-B1E9CBBB30D1}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392

IE - HKLM\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheritage.com?orig=ds&q={searchTerms}

IE - HKLM\..\SearchScopes\{C36CE9A6-1529-404B-B2A2-1F95AEF0F71F}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;192.168.*.*;*.local

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:51210

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10516.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files\Common Files\doubleTwist\NPPodcast.dll File not found

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Collin\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Collin\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/10/01 07:55:52 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/09/26 17:09:05 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_12_1 [2012/10/04 12:30:33 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/10/01 07:55:52 | 000,000,000 | ---D | M]

[2011/12/20 10:52:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/02/08 10:49:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}

[2007/08/24 19:52:00 | 000,300,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll

[2007/11/09 16:10:22 | 000,079,440 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll

[2007/11/09 16:10:24 | 000,075,344 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\confmgr.dll

[2007/11/09 16:10:50 | 000,034,384 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\logging.dll

[2008/01/07 17:45:16 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll

[2011/01/18 18:23:39 | 001,286,144 | ---- | M] (Cartesian Products, Inc. For more information, visit http://www.cartesianinc.com) -- C:\Program Files\mozilla firefox\plugins\NPCPC32.dll

[2007/11/09 16:11:08 | 000,333,392 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll

[2007/11/09 16:11:38 | 000,030,288 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll

[2011/09/29 16:58:28 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old

========== Chrome ==========

CHR - homepage: http://www.yahoo.com/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},

CHR - homepage: http://www.yahoo.com/

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Collin\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Collin\AppData\Local\Google\Chrome\Application\22.0.1229.79\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Collin\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Collin\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll

CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmnjbmphbleidpnikdjpjgpcfbabcndn\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll

CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll

CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - Extension: YouTube = C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Adblock Plus (Beta) = C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\

CHR - Extension: Google Search = C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Google Calendar = C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\

CHR - Extension: Isoball 3 = C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\iajlkcpgcnbhfhpdeooockfaincfkjjj\1.2.1_0\

CHR - Extension: Google Play Music = C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg\4.0_0\

CHR - Extension: Autodesk Homestyler = C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb\2.2_0\

CHR - Extension: Google Maps = C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\

CHR - Extension: Gmail = C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/10/01 18:39:13 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Business Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Business Suite\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Business Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - Reg Error: Value error. File not found

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll (CSEQueryObject Object)

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Unable to open value key)

O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} http://zone.msn.com/bingame/zpagames/zpa_dmno.cab55579.cab (ZPA_DMNO Object)

O16 - DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} http://lazboy3d.icovia.com/PLANNER/Core/Player/2020PlayerAX_WEB_Win32.cab (20-20 3D Viewer for WEB)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Unable to open value key)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Unable to open value key)

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games - Installer)

O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Unable to open value key)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Unable to open value key)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Unable to open value key)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8135E2CF-7040-4017-A442-4F0357762DA7}: DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Collin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Collin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/03/10 11:27:08 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2005/09/11 08:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/04 07:23:50 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro

[2012/10/04 07:23:48 | 000,000,000 | ---D | C] -- C:\rsit

[2012/10/01 19:34:47 | 000,000,000 | ---D | C] -- C:\N360_BACKUP

[2012/10/01 18:50:57 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/10/01 18:39:52 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2012/10/01 18:35:53 | 000,000,000 | ---D | C] -- C:\Users\Collin\AppData\Local\temp

[2012/10/01 18:10:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/10/01 18:10:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/10/01 18:10:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/10/01 17:57:58 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/10/01 17:51:30 | 000,000,000 | ---D | C] -- C:\Users\Collin\AppData\Local\Avg2013

[2012/10/01 17:38:45 | 004,759,381 | R--- | C] (Swearware) -- C:\Users\Collin\Desktop\ComboFix.exe

[2012/10/01 09:17:48 | 000,000,000 | ---D | C] -- C:\Users\Collin\Desktop\RK_Quarantine

[2012/10/01 09:13:16 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2012/10/01 09:12:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

[2012/10/01 09:12:20 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2012/09/27 12:57:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender

[2012/09/27 08:14:45 | 000,000,000 | ---D | C] -- C:\Users\Collin\AppData\Roaming\TuneUp Software

[2012/09/27 08:01:35 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files

[2012/09/27 08:01:35 | 000,000,000 | ---D | C] -- C:\Users\Collin\AppData\Local\MFAData

[2012/09/27 08:01:35 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData

[2012/09/27 07:55:22 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2012/09/27 03:02:34 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2012/09/27 03:02:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2012/09/27 03:02:30 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2012/09/27 03:02:30 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2012/09/27 03:02:29 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2012/09/27 03:02:26 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2012/09/27 03:02:26 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2012/09/27 03:02:21 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2012/09/26 20:23:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2012/09/26 20:17:13 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2012/09/26 20:16:58 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2012/09/26 20:12:49 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update

[2012/09/26 09:30:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware(362)

[2012/09/25 10:31:45 | 000,000,000 | ---D | C] -- C:\Program Files\doubleTwist 2.0

[2012/09/25 10:04:08 | 000,000,000 | ---D | C] -- C:\Users\Collin\AppData\Local\AirParrot

[2012/09/25 09:56:54 | 000,000,000 | ---D | C] -- C:\Users\Collin\AppData\Roaming\BitTorrent

[2012/09/22 17:38:25 | 000,000,000 | ---D | C] -- C:\Program Files\MediaMall

[2012/09/22 17:36:20 | 000,000,000 | ---D | C] -- C:\ProgramData\MediaMall

[2012/09/19 13:45:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(360)

[2012/09/19 13:45:13 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes(361)

[2012/09/19 13:45:13 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

[2012/09/05 09:48:04 | 000,000,000 | --SD | C] -- C:\Users\Collin\Google Drive

[2012/09/05 09:47:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

[2012/09/04 16:02:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack

[2012/09/04 16:02:38 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack

[2012/09/04 15:58:12 | 000,000,000 | ---D | C] -- C:\Upload

[2012/09/04 15:53:21 | 000,000,000 | ---D | C] -- C:\AllShare Play

========== Files - Modified Within 30 Days ==========

[2012/10/04 12:52:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/10/04 12:36:19 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/10/04 12:31:56 | 000,103,550 | ---- | M] () -- C:\ProgramData\nvModes.001

[2012/10/04 12:30:26 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/10/04 12:30:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/10/04 12:30:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/10/04 12:29:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/10/04 12:28:40 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2012/10/04 12:05:04 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3750453361-2573893903-1094557867-1000UA.job

[2012/10/04 11:37:09 | 000,103,550 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2012/10/04 11:15:09 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job

[2012/10/03 20:23:37 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3750453361-2573893903-1094557867-1000Core.job

[2012/10/01 20:00:00 | 000,000,520 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Collin.job

[2012/10/01 18:39:13 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2012/10/01 17:39:01 | 004,759,381 | R--- | M] (Swearware) -- C:\Users\Collin\Desktop\ComboFix.exe

[2012/09/27 08:21:21 | 000,002,009 | ---- | M] () -- C:\Users\Collin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2012/09/26 20:23:25 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012/09/26 19:37:27 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2012/09/26 19:37:26 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2012/09/26 16:39:58 | 000,607,406 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/09/26 16:39:58 | 000,105,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/09/18 09:53:12 | 000,002,627 | ---- | M] () -- C:\Users\Collin\Desktop\Microsoft Office Word 2007.lnk

[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012/09/05 21:42:30 | 002,709,771 | ---- | M] () -- C:\Users\Collin\Desktop\ash canon 2012 part 2 163 (2).jpg

[2012/09/04 13:18:17 | 000,107,520 | ---- | M] () -- C:\Users\Collin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2049/12/31 16:00:00 | 000,064,385 | ---- | C] () -- C:\Users\Collin\Documents\image014.jpg

[2012/10/01 18:10:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/10/01 18:10:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/10/01 18:10:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/10/01 18:10:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/10/01 18:10:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/09/26 20:23:24 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012/09/26 20:12:51 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

[2012/09/05 21:42:36 | 002,709,771 | ---- | C] () -- C:\Users\Collin\Desktop\ash canon 2012 part 2 163 (2).jpg

[2012/09/04 16:02:44 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2012/06/26 16:02:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll

[2012/06/26 16:02:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll

[2012/06/26 16:02:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll

[2012/06/26 16:02:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll

[2012/03/23 17:56:17 | 000,000,011 | ---- | C] () -- C:\ProgramData\.tv7

[2011/12/01 10:49:29 | 000,000,000 | ---- | C] () -- C:\Users\Collin\AppData\Local\{3CD2CB79-F946-46D8-802D-750142418466}

[2011/08/21 07:28:18 | 000,000,772 | ---- | C] () -- C:\Users\Collin\BitTorrent.lnk

[2011/08/16 19:09:28 | 000,001,928 | ---- | C] () -- C:\Users\Collin\Launch iRemote.exe.lnk

[2011/08/16 18:42:22 | 000,000,840 | ---- | C] () -- C:\Users\Collin\GmoteServer.lnk

[2011/05/26 20:09:19 | 000,000,000 | ---- | C] () -- C:\Users\Collin\AppData\Local\{E4385BC2-843A-43B3-A587-D1234CCD2EC7}

[2011/05/19 20:15:10 | 000,001,940 | ---- | C] () -- C:\Users\Collin\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

[2010/12/28 11:46:15 | 000,001,600 | ---- | C] () -- C:\Users\Collin\Tunatic.lnk

[2010/04/02 09:44:50 | 000,024,206 | ---- | C] () -- C:\Users\Collin\AppData\Roaming\UserTile.png

[2010/04/02 09:27:22 | 000,002,270 | ---- | C] () -- C:\Users\Collin\Norton Business Suite.lnk

[2010/04/02 09:24:45 | 000,000,940 | ---- | C] () -- C:\Users\Collin\Norton Installation Files.lnk

[2009/07/22 15:55:16 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat

[2009/06/05 01:02:47 | 000,000,680 | ---- | C] () -- C:\Users\Collin\AppData\Local\d3d9caps.dat

[2009/02/22 04:03:12 | 000,103,550 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2009/02/22 04:03:12 | 000,103,550 | ---- | C] () -- C:\ProgramData\nvModes.001

[2008/08/27 11:17:08 | 000,001,402 | ---- | C] () -- C:\Users\Collin\AppData\Roaming\wklnhst.dat

[2008/06/07 14:51:50 | 000,000,935 | ---- | C] () -- C:\Users\Collin\DivX Player.lnk

[2008/06/07 14:51:36 | 000,000,946 | ---- | C] () -- C:\Users\Collin\DivX Converter.lnk

[2008/04/25 15:00:38 | 000,000,751 | ---- | C] () -- C:\Users\Collin\Windows Mobile Device Center.lnk

[2008/04/25 14:36:58 | 000,002,335 | ---- | C] () -- C:\Users\Collin\Windows Mobile® Device Handbook.lnk

[2008/04/18 13:04:34 | 000,027,430 | ---- | C] () -- C:\Users\Collin\AppData\Roaming\nvModes.001

[2008/04/17 22:02:09 | 000,107,520 | ---- | C] () -- C:\Users\Collin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/04/17 21:29:06 | 000,027,430 | ---- | C] () -- C:\Users\Collin\AppData\Roaming\nvModes.dat

========== ZeroAccess Check ==========

[2006/11/02 05:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== LOP Check ==========

[2012/08/14 18:36:43 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\Amazon

[2012/10/01 09:05:57 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\BitTorrent

[2010/04/11 22:15:46 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\Canon

[2011/06/02 19:31:01 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\com.amazon.music.uploader

[2011/12/20 12:27:46 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\Dolphin3D Web Browser

[2010/08/04 20:46:19 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\DriverCure

[2011/12/14 12:51:25 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\Dropbox

[2010/11/03 13:41:14 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\DVDVideoSoftIEHelpers

[2011/12/26 10:50:15 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\Fiabee

[2010/03/24 16:30:50 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\GARMIN

[2012/06/01 07:55:38 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\Gmote

[2011/01/18 18:24:37 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\ICAClient

[2011/08/16 19:17:40 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\iRemote for iTunes

[2010/03/28 15:27:35 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\MyPublisher

[2012/09/25 10:31:32 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\OpenCandy

[2011/12/20 10:38:33 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\Opera

[2010/04/02 09:44:50 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\PeerNetworking

[2012/08/05 11:39:04 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\Samsung

[2008/08/27 11:17:10 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\Template

[2010/04/20 17:27:42 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\Tific

[2011/05/05 09:29:19 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\ToddCD

[2012/09/27 08:14:45 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\TuneUp Software

[2012/03/24 10:19:46 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\TwonkyMedia

[2008/05/03 12:38:51 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\WildTangent

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 10/4/2012 12:53:29 PM - Run 1

OTL by OldTimer - Version 3.2.70.2 Folder = C:\Users\Collin\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.94 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 54.32% Memory free

6.08 Gb Paging File | 5.04 Gb Available in Paging File | 82.85% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 137.28 Gb Total Space | 17.93 Gb Free Space | 13.06% Space Free | Partition Type: NTFS

Drive D: | 11.77 Gb Total Space | 1.99 Gb Free Space | 16.93% Space Free | Partition Type: NTFS

Computer Name: COLIN | User Name: Collin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = Opera.HTML] -- "C:\Program Files\Opera\Opera.exe" "%1"

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Unable to open value key

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Opera\Opera.exe" "%1"

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Unable to open value key

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Unable to open value key

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)

"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{02254587-0660-42E2-A37D-6375E23851DD}" = lport=9055 | protocol=6 | dir=in | name=beam tcp 9055 |

"{0677E3C2-8191-4AC5-8077-B269C3CD637A}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{1048B93F-F25C-4B76-983F-E769023A3342}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{114877F6-5723-48D9-AB38-2F38CB63A45E}" = rport=137 | protocol=17 | dir=out | app=system |

"{15EA62F3-F732-4556-9BCA-203D4F569A5B}" = lport=9000 | protocol=6 | dir=in | name=beam tcp 9000 |

"{2096CDB6-5948-4AE4-ABFD-39AF87DE675E}" = lport=9085 | protocol=6 | dir=in | name=beam tcp 9085 |

"{21E4D81C-91D0-46F4-8EF5-5660B485A679}" = lport=9443 | protocol=6 | dir=in | name=beam tcp https 9443 |

"{3495FFB6-A8E7-48D8-BC93-24C00AA0CF2C}" = rport=139 | protocol=6 | dir=out | app=system |

"{39AE9DA6-B915-4BFC-9167-B5FBFA358750}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{452E512B-33B0-4A18-989C-9811F3F1347A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{472C51F8-2848-408C-9D25-6D02BF8CDAD6}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{4E16EF43-111D-4785-9AA2-FA6B8DB678EF}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |

"{508825AB-E107-42BD-ACE7-6068FBBA2548}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |

"{52241BCC-6159-4AFD-9D87-4F9799C72F01}" = lport=1900 | protocol=17 | dir=in | name=beam udp 1900 |

"{544286C3-1749-41DB-8A7F-DF436DD1E6E9}" = lport=138 | protocol=17 | dir=in | app=system |

"{67E015C5-4EDF-42C8-8F59-3B4407AE65B0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

"{6823B451-165A-4FE7-9646-9CD46BFFB1D9}" = lport=9050 | protocol=6 | dir=in | name=beam tcp 9050 |

"{68EBB60D-DA90-4C61-B7D6-220DA20D2D22}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{6E33BDC6-7E67-4B17-B7E0-DB88FA19AD92}" = lport=80 | protocol=6 | dir=in | name=www |

"{73B7110B-7BC8-445F-B74B-0404D6370E0A}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{853A796D-36A5-4470-A26F-0A6C18FB2C8F}" = rport=2869 | protocol=6 | dir=out | app=system |

"{8E524E5D-5690-4D91-8948-1D70197910E4}" = rport=445 | protocol=6 | dir=out | app=system |

"{8EB750E5-EE4C-481E-A1CB-E80043ACD48E}" = lport=137 | protocol=17 | dir=in | app=system |

"{9118B4D4-9F38-4A6A-9841-58766684F6CF}" = rport=138 | protocol=17 | dir=out | app=system |

"{92466AFE-B69A-4856-B46C-5D2351313096}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |

"{9722C6D7-825D-4675-9E88-E2E5A8124B36}" = lport=1030 | protocol=17 | dir=in | name=beam udp 1030 |

"{9C481934-9713-49C5-B638-C9CEA536E1B9}" = lport=139 | protocol=6 | dir=in | app=system |

"{A9037044-09A0-4E44-9BEA-87EA2D117328}" = lport=445 | protocol=6 | dir=in | app=system |

"{B1C066B0-EE09-4400-8202-581818BE9DB3}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |

"{B232CBA1-55D5-4BE3-8546-2ABDEDA55007}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{B30ACFF0-4677-4F7B-89C7-40D8B010E787}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{B5712F92-9986-4F4E-96B7-7A6E15EBE9A0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{B5CB7914-BEAF-4506-A4A7-F30A35A61044}" = lport=2869 | protocol=6 | dir=in | app=system |

"{B764F5F5-E089-4CA3-8508-139B574E7BAF}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{B944D51C-5A39-4322-A21A-82D5A8E5F5C4}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{C35F8CA4-CFFC-4A03-8152-E02DD3FC57D3}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |

"{C4F80C78-B281-486D-92ED-06E601A7C3B9}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |

"{CA650904-E158-4816-A588-38593DF2BA8D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

"{E45E0C87-DA1A-4446-9A17-614F961CE32C}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{F463A639-6845-46B3-9C8E-E2FE4FF77D9A}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{020E0190-83A6-468E-B977-963D77083EA7}" = protocol=6 | dir=in | app=c:\program files\twonky\twonkyserver\twonkyserver.exe |

"{0429329E-0464-4D91-A359-809821A0E16F}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{04445D45-6A4A-4069-887D-60F4CE32DD59}" = protocol=6 | dir=in | app=c:\users\collin\appdata\roaming\dropbox\bin\dropbox.exe |

"{0444A7E2-A0E6-4AC9-9088-FFC8612BEC68}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |

"{05D3FAA0-F2DC-432F-AA2B-6F565814D674}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{0DD5D4E9-8A6A-4948-AA6D-CF431C256FD9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{0DF5A112-97C8-40F0-B2FC-F41D6F056169}" = protocol=17 | dir=in | app=c:\users\collin\appdata\roaming\dropbox\bin\dropbox.exe |

"{13C48498-D088-402E-B4F4-B5445DEBD5B5}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{16AA263D-9033-4D93-95CA-B8B3A1529993}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{22E0E9D6-8490-43C6-9CB0-F0014A2FE810}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{23CA9194-7DD8-4BFC-AEC4-0B6BA30A5D1C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{2B0B2066-EF4B-45A1-AF9D-519EF6AAB05E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{2E5387CF-ABEA-4D3C-A958-B1DDBF35A2FF}" = protocol=6 | dir=in | app=c:\windows\system32\dlbccoms.exe |

"{2FFE2449-05F4-431E-B5AA-DAF630828DF1}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{37BFC098-018C-41B4-9AE7-DC0738B8C973}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{3AF4F8A4-CCDD-4A39-A1FC-977548871D41}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{3E98C6C4-15B9-4051-A23F-F6D0F715A23D}" = protocol=17 | dir=in | app=c:\program files\samsung\allshare framework dms\1.1.01\allshareframeworkdms.exe |

"{3F48D01A-C436-4493-B7B1-82101C466DDC}" = dir=in | app=c:\program files\itunes\itunes.exe |

"{40467612-7581-434E-9A45-61BF3D30B60C}" = protocol=17 | dir=in | app=c:\program files\twonky\twonkyserver\twonkystarter.exe |

"{44564AEB-1026-4E6F-A166-B1C3AF12E200}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |

"{467DC32E-D49C-41CC-A812-D199D77E1EFC}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{4703DB67-0E93-4BA5-A96F-6E06DA4F9816}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{4D06C5FC-6852-4A34-A088-73590BE088A1}" = protocol=17 | dir=in | app=c:\windows\system32\dlbccoms.exe |

"{5872FA9E-0538-4BF0-B2AB-38465D1DC56F}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |

"{5D64007D-FE46-4585-B943-284AEDFD7A28}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{5F0600D4-CEE0-4818-AD9F-833D0A478A5C}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |

"{5F2FC6C5-C321-4CD5-9365-5673AEF1C565}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{6547955F-23D1-4537-BC83-21F8E30D11F1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{661FCB3F-89E7-43A9-A4A5-7B0B28CE0276}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{68E9D3A7-3244-465B-8205-1872074419B7}" = protocol=17 | dir=in | app=c:\program files\twonky\twonkyserver\twonkyserver.exe |

"{6925F328-E549-4BBA-9613-3F37EB3D7FD4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{6D8B9C40-58D9-463E-9924-D609C410A883}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{719515F5-79A2-4D47-A8FF-86CAFE1FB1B8}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{77403D5F-6275-4BF9-850C-91F062BD4BCB}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{7A44CBBC-411E-4354-8062-AD28FD338EB7}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |

"{7BBCB8AE-ADBE-4E95-A333-27A3C09D875A}" = protocol=6 | dir=in | app=c:\program files\samsung\allshare framework dms\1.1.01\allshareframeworkdms.exe |

"{87F79AD1-BD21-476A-B516-B972E3FF6F28}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{8A22E4C1-35A0-4595-A65E-34ABCE509F9C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{93CFB6D0-CC6F-4C1D-BF8B-58F50A13D5BE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{959D99AA-99C5-41F6-BF3F-D06F51DCD66B}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |

"{98E8A84D-2886-4508-829B-F6850DD9EB4A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{9EF89A66-9698-4353-959C-C3313B2EC120}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{A128E15A-21E5-4116-B0EE-7525F3819603}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |

"{A19CC7D8-AD09-41B8-B3A5-E326AF960F2F}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |

"{AAE8AB9F-8CB6-4F64-A12C-32FAC604B459}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{AD6604CC-C00B-4FA2-A352-506FA4E774FD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{B53F0FD3-E7F1-4D6F-8259-84C9CCC3E5CC}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |

"{B576D741-6854-4188-9EEF-727EC31E27C1}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{B5875C76-9F0B-40BC-B49F-2D2F626C6AF6}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{B9828DD8-6D70-4375-9636-CE373C14E3C5}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{BA5EEA2E-05C8-4EB9-8076-7EFE11E3E863}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{C35E272C-EAC3-41EE-AFD3-983BC5B19A4D}" = dir=in | app=c:\program files\samsung\allshare\allshareagent.exe |

"{C3A17885-2006-44A0-BBCE-CB704CC63323}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{C56342BC-3F8B-4EB8-A499-E400EFFC7DFD}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{C7B8B992-BB38-45D5-B85A-9451546231F2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{CC562A60-C696-45FE-83ED-D811A8664BC2}" = protocol=6 | dir=in | app=c:\program files\twonky\twonkyserver\twonkystarter.exe |

"{CCA180A2-1BAC-4810-B999-030CEA296419}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{CD8F35A9-B415-4E0C-B6CD-69B3165FCDA9}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{CD9B3E7A-2547-44F3-B1E2-792F9CC36ADD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{D17547D8-3C6E-484B-A190-E230CFE1985C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{D3C2FAF9-630A-4C1F-B98B-2952DA65F1F3}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |

"{D528AE86-7F2B-46C5-B833-EA86D2E7A3E8}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |

"{D6D02677-CB86-48BF-8F3D-B93177DA81FD}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{D822A908-F09D-42F0-AAE0-F47B3B68FE5F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{DD2C67BA-446D-4A03-9B3D-6F283C62EBB2}" = dir=in | app=c:\program files\samsung\allshare\allsharedms\allsharedms.exe |

"{DD2E5FD2-CA66-4C02-8206-F1F49287F605}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |

"{DFD1016D-6848-43FA-8D4F-76CC5BA5B7F6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{E6737F36-9699-4C47-A1B9-2CC61606C6A7}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{E9DB6F85-A56B-4119-83A7-ED8E21FF31AD}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |

"{EBD79006-D140-4DD3-8BA5-44078780CFEE}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{EBE328C8-B33D-4C0F-AEDF-8F1E03417DFE}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{F3E5414A-3770-4806-9746-BFA96A796EB3}" = dir=in | app=c:\program files\samsung\allshare\allshare.exe |

"{F4E42785-A91D-44E7-BA6E-3B49D8976FAD}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |

"{F55BC89E-745A-4208-88C6-B6558614481F}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |

"{FC0B351C-91E1-4080-BEE5-BEB2DCDF064F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{FCE21A2C-A02C-4786-A723-919B1FD4DB2F}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"TCP Query User{00BFBE1D-A163-4B1F-AFE6-FA8E884C1074}C:\program files\skifta\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\skifta\jre\bin\javaw.exe |

"TCP Query User{2CCF4357-54B8-4415-A930-C2F15E249CEF}C:\program files\twonky\twonkymanager\twonkymanager.exe" = protocol=6 | dir=in | app=c:\program files\twonky\twonkymanager\twonkymanager.exe |

"TCP Query User{7C424AFD-F63D-439B-A0D2-EC7BD72CE333}C:\users\collin\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\collin\program files\dna\btdna.exe |

"TCP Query User{FD3970CA-5268-46BB-8597-943E5F2109D0}C:\program files\twonky\twonkymanager\twonkyrenderer.exe" = protocol=6 | dir=in | app=c:\program files\twonky\twonkymanager\twonkyrenderer.exe |

"UDP Query User{02443913-18D6-4D97-81E7-CF3C8294B754}C:\program files\skifta\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\skifta\jre\bin\javaw.exe |

"UDP Query User{1E667E61-953A-4D9C-A20D-23343407BD5C}C:\program files\twonky\twonkymanager\twonkymanager.exe" = protocol=17 | dir=in | app=c:\program files\twonky\twonkymanager\twonkymanager.exe |

"UDP Query User{1F50AA13-275F-42E6-9E1B-7A7A7253891C}C:\users\collin\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\collin\program files\dna\btdna.exe |

"UDP Query User{B470C488-8F62-4AA8-BDCE-B360E4CB766A}C:\program files\twonky\twonkymanager\twonkyrenderer.exe" = protocol=17 | dir=in | app=c:\program files\twonky\twonkymanager\twonkyrenderer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.5500

"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1

"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer

"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series" = Canon MP240 series MP Drivers

"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library

"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1

"{1B15D991-5619-4BC1-B71E-3DE793B792FC}" = ArcSoft MediaConverter 2

"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite

"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget

"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant

"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1

"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program

"{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support

"{2DAFF979-5A46-44FA-B431-DAB8F0580683}" = RSDLite

"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE

"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{42ACCB45-3363-47E0-94E9-F0074CC8BC56}" = Citrix Presentation Server Client

"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6

"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout

"{4D49757C-367A-4333-BDB3-68966162B14E}" = HP User Guides 0087

"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6C12B6BF-3891-497B-B5CA-3D64DA093947}" = Motorola Mobile Drivers Installation 5.4.0

"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007

"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{91660892-8B9D-4C01-8ED8-6567447937EC}" = iRemote

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9DC9256-709F-4BEA-B39D-4F11D90585AA}" = HP Smart Web Printing

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)

"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1

"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin

"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR

"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc

"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5

"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer

"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant

"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update

"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support

"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29

"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor

"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1

"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01

"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)

"{EACCC042-848D-4166-9D97-B13D1D108722}" = Google Drive

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"7-Zip" = 7-Zip 9.20

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17

"AppInventor Setup" = AppInventor Setup

"Canon MP240 series User Registration" = Canon MP240 series User Registration

"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program

"CanonMyPrinter" = Canon Utilities My Printer

"CanonSolutionMenu" = Canon Utilities Solution Menu

"CCleaner" = CCleaner

"Cisco Connect" = Cisco Connect

"CNXT_AUDIO_HDA" = Conexant HD Audio

"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP

"CPC View Plugin" = CPC Lite Plugin

"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX

"ERUNT_is1" = ERUNT 1.1j

"Google Updater" = Google Updater

"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"HP Photosmart Essential" = HP Photosmart Essential 2.5

"HP Smart Web Printing" = HP Smart Web Printing

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"KLiteCodecPack_is1" = K-Lite Codec Pack 8.4.0 (Basic)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"MotoHelper" = MotoHelper 2.0.40 Driver 4.8.0

"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0

"N360" = Norton Business Suite

"NVIDIA Drivers" = NVIDIA Drivers

"PROR" = Microsoft Office Professional 2007

"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)

"Skifta" = Skifta

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"WildTangent hp Master Uninstall" = HP Games

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

"MusicManager" = Music Manager

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 7/31/2012 10:47:01 PM | Computer Name = Colin | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 16941

Error - 7/31/2012 10:47:02 PM | Computer Name = Colin | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/31/2012 10:47:02 PM | Computer Name = Colin | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 17955

Error - 7/31/2012 10:47:02 PM | Computer Name = Colin | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 17955

Error - 7/31/2012 10:47:03 PM | Computer Name = Colin | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/31/2012 10:47:03 PM | Computer Name = Colin | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 18969

Error - 7/31/2012 10:47:03 PM | Computer Name = Colin | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 18969

Error - 7/31/2012 10:47:04 PM | Computer Name = Colin | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/31/2012 10:47:04 PM | Computer Name = Colin | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 19968

Error - 7/31/2012 10:47:04 PM | Computer Name = Colin | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 19968

[ Media Center Events ]

Error - 5/19/2008 7:08:32 PM | Computer Name = Colin | Source = MCUpdate | ID = 0

Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed

due to an abandoned mutex.'.

Error - 5/26/2008 11:19:56 AM | Computer Name = Colin | Source = MCUpdate | ID = 0

Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/1/2008 3:57:01 AM | Computer Name = Colin | Source = MCUpdate | ID = 0

Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed

due to an abandoned mutex.'.

Error - 6/9/2008 7:16:21 AM | Computer Name = Colin | Source = MCUpdate | ID = 0

Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 8/31/2008 6:01:29 AM | Computer Name = Colin | Source = MCUpdate | ID = 0

Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed

due to an abandoned mutex.'.

Error - 1/29/2009 11:20:35 AM | Computer Name = Colin | Source = MCUpdate | ID = 0

Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed

due to an abandoned mutex.'.

Error - 3/5/2009 1:36:14 PM | Computer Name = Colin | Source = MCUpdate | ID = 0

Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed

due to an abandoned mutex.'.

Error - 4/1/2009 9:19:54 AM | Computer Name = Colin | Source = MCUpdate | ID = 0

Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed

due to an abandoned mutex.'.

Error - 5/17/2009 1:37:27 AM | Computer Name = Colin | Source = MCUpdate | ID = 0

Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed

due to an abandoned mutex.'.

Error - 6/9/2009 2:44:25 PM | Computer Name = Colin | Source = MCUpdate | ID = 0

Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]

Error - 10/1/2012 11:10:17 PM | Computer Name = Colin | Source = Service Control Manager | ID = 7001

Description =

Error - 10/2/2012 8:11:28 PM | Computer Name = Colin | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description =

Error - 10/4/2012 2:21:49 PM | Computer Name = Colin | Source = Service Control Manager | ID = 7000

Description =

Error - 10/4/2012 2:22:59 PM | Computer Name = Colin | Source = Service Control Manager | ID = 7022

Description =

Error - 10/4/2012 2:22:59 PM | Computer Name = Colin | Source = Service Control Manager | ID = 7001

Description =

Error - 10/4/2012 2:33:40 PM | Computer Name = Colin | Source = Service Control Manager | ID = 7034

Description =

Error - 10/4/2012 2:37:32 PM | Computer Name = Colin | Source = Service Control Manager | ID = 7000

Description =

Error - 10/4/2012 3:31:44 PM | Computer Name = Colin | Source = Service Control Manager | ID = 7000

Description =

Error - 10/4/2012 3:33:20 PM | Computer Name = Colin | Source = Service Control Manager | ID = 7009

Description =

Error - 10/4/2012 3:33:20 PM | Computer Name = Colin | Source = Service Control Manager | ID = 7000

Description =

< End of report >

Share this post


Link to post
Share on other sites

Hello Collin,

Older versions of Adobe Reader pose a potential security risk.

De-install your Adobe Reader: Use Control Panel's Program and Features, Un-install Adobe Reader.

Get latest Adobe Reader version

http://get.adobe.com/reader/

Be sure to un-check the box for Free McAfee Security Scan or any "toolbar" (if offered )

Step 2

Temporarily disable your Norton antivirus, and Norton script blocker (if any)

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    :otl
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2790392
    CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmnjbmphbleidpnikdjpjgpcfbabcndn\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
    :files
    C:\Users\Collin\AppData\Roaming\BitTorrent
    C:\Users\Collin\AppData\Roaming\OpenCandy
    recycler /alldrives
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [EMPTYFLASH]
    [emptyjava]
    [Reboot]
    *****************************************************************
  • Return to OTL. Right click in the customFix.png window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open. i_arrow-l.gif
  • Using your mouse, click on the red-lettered button runFixbutton.png.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Step 3

You will want to print out or copy these instructions to Notepad for offline reference!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.

Using Internet Explorer browser only, go to ESET Online Scanner website:

http://www.eset.com/onlinescan/

  • Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Enable (check) the Remove found threats option, and run the scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt.

    Look at contents of this file using Notepad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here

    http://go.eset.com/us/online-scanner/faq

    • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
      (And the prompt re-enabling when finished.)
    • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
    • Do not use the system while the scan is running. Once the full scan is underway, go take a long break popcorn.gifpepsi.gif

Re-enable the antivirus program.

Reply with copy of the Eset scan log

and advise me, Is the Snap.do gone ?

Share this post


Link to post
Share on other sites

The OTL program keeps not responding after initiating running the scan

Share this post


Link to post
Share on other sites

Make sure all of your antivirus is OFF and try just one more time.

Sometimes OTL may show not responding, but ignore that, it will eventually finish up.

Have plenty of patience. I'd allow 15 minutes or so.

IF and only if really, truly (really) OTL does not finish, then move on to the other step(s).

Share this post


Link to post
Share on other sites

OTL has locked up on me 5 times now. It says it is not responding. So I continued onto the next step and did the scan through IE. After its completion, Chrome still has the Snap.do search tab opened up. Here is the log.txt

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=ebf9de406708464c82d84476530e155b

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-10-08 09:12:58

# local_time=2012-10-08 02:12:58 (-0800, Pacific Daylight Time)

# country="United States"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=3584 16777215 100 0 0 0 0 0

# compatibility_mode=5892 16776574 100 100 68266 186322340 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=230555

# found=2

# cleaned=2

# scan_time=15965

C:\Users\Collin\Downloads\cnet2_Setup_Dolphin3D_v1_52_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Collin\Downloads\ilividsetupv1.exe Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Share this post


Link to post
Share on other sites

Let's have you do the following, in order:

Uninstall Google Chrome.

Logoff and Restart the system fresh.

Download, and save, & then run the Chrome setup program.

After that, do a new run of DDS

When all done, Copy & Paste the new DDS.txt for review

Do a simple test with Chrome. Let me know how that goes, and, How is the system overall ?

Share this post


Link to post
Share on other sites

Uninstalled, re-installed. Currently does not show up in Chrome browser. This is the second time doing this. The first time, after re-installing, I logged into chrome with my gmail account that was originally linked to my chrome browser and it popped back up with the tab. I feel it might be infected in my email username and password. Any ideas?

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Collin at 18:12:10 on 2012-10-13

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3006.1673 [GMT -7:00]

.

AV: Norton Business Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Business Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Business Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\rundll32.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\dlbccoms.exe

C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Norton Business Suite\Engine\5.2.2.3\ccSvcHst.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

C:\Program Files\Norton Business Suite\Engine\5.2.2.3\ccSvcHst.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\System32\alg.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Windows\system32\DllHost.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = Preserve

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

uInternet Settings,ProxyOverride = <local>;192.168.*.*;*.local

uInternet Settings,ProxyServer = http=127.0.0.1:51210

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton business suite\engine\5.2.2.3\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton business suite\engine\5.2.2.3\ips\IPSBHO.DLL

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton business suite\engine\5.2.2.3\coIEPlg.dll

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe

mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {58ECB495-38F0-49cb-A538-10282ABF65E7}

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} - hxxp://zone.msn.com/bingame/zpagames/zpa_dmno.cab55579.cab

DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxp://lazboy3d.icovia.com/PLANNER/Core/Player/2020PlayerAX_WEB_Win32.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab

DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36

TCP: Interfaces\{8135E2CF-7040-4017-A442-4F0357762DA7} : DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502020.003\symds.sys [2012-7-16 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502020.003\symefa.sys [2012-7-16 744568]

R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20120928.001\BHDrvx86.sys [2012-10-1 995488]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20121009.001\IDSvix86.sys [2012-10-10 386720]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502020.003\ironx86.sys [2012-7-16 136312]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0502020.003\symtdiv.sys [2012-7-16 331384]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]

R2 dlbc_device;dlbc_device;c:\windows\system32\dlbccoms.exe -service --> c:\windows\system32\dlbccoms.exe -service [?]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-3 135664]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-4 399432]

R2 N360;Norton Business Suite;c:\program files\norton business suite\engine\5.2.2.3\ccsvchst.exe [2012-7-16 130008]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-10 106656]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-11-3 22856]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-11-3 676936]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-10-5 250808]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-3 135664]

S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2009-7-10 25856]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2011-4-4 20480]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-1-29 8320]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2009-5-8 42752]

S3 MusCAudio;MusCAudio;c:\windows\system32\drivers\MusCAudio.sys [2010-11-3 23608]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-10-09 19:28:42 6980552 ------w- c:\programdata\microsoft\windows defender\definition updates\{d268d7e3-1434-4ffa-9504-3432c98c24a9}\mpengine.dll

2012-10-09 19:22:56 985088 ----a-w- c:\windows\system32\crypt32.dll

2012-10-09 19:22:56 98304 ----a-w- c:\windows\system32\cryptnet.dll

2012-10-09 19:22:56 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2012-10-09 19:22:41 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-10-09 19:22:34 2048 ----a-w- c:\windows\system32\tzres.dll

2012-10-09 19:22:13 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-10-09 19:22:13 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-10-09 00:28:21 9575864 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

2012-10-08 16:40:02 -------- d-----w- c:\program files\ESET

2012-10-05 16:15:47 -------- d-----w- C:\3656c5c6c724db7808abe7a117434b

2012-10-05 15:41:37 -------- d-----w- C:\_OTL

2012-10-05 14:56:28 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-05 14:56:28 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-10-04 14:23:50 -------- d-----w- c:\program files\trend micro

2012-10-03 00:02:30 6980552 ------w- c:\programdata\microsoft\windows defender\definition updates\updates\mpengine.dll

2012-10-02 02:34:47 -------- d-----w- C:\N360_BACKUP

2012-10-02 01:39:52 -------- d-----w- C:\$RECYCLE.BIN

2012-10-02 01:35:53 -------- d-----w- c:\users\collin\appdata\local\temp

2012-10-02 01:10:57 98816 ----a-w- c:\windows\sed.exe

2012-10-02 01:10:57 518144 ----a-w- c:\windows\SWREG.exe

2012-10-02 01:10:57 256000 ----a-w- c:\windows\PEV.exe

2012-10-02 01:10:57 208896 ----a-w- c:\windows\MBR.exe

2012-10-02 00:51:30 -------- d-----w- c:\users\collin\appdata\local\Avg2013

2012-09-27 19:57:48 -------- d-----w- c:\program files\common files\Bitdefender

2012-09-27 15:14:45 -------- d-----w- c:\users\collin\appdata\roaming\TuneUp Software

2012-09-27 15:01:35 -------- d--h--w- c:\programdata\Common Files

2012-09-27 15:01:35 -------- d-----w- c:\users\collin\appdata\local\MFAData

2012-09-27 15:01:35 -------- d-----w- c:\programdata\MFAData

2012-09-27 03:23:15 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-09-27 03:17:13 -------- d-----w- c:\program files\iPod

2012-09-27 03:16:58 -------- d-----w- c:\program files\iTunes

2012-09-26 16:30:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware(362)

2012-09-25 17:31:45 -------- d-----w- c:\program files\doubleTwist 2.0

2012-09-25 17:04:08 -------- d-----w- c:\users\collin\appdata\local\AirParrot

2012-09-23 00:38:25 -------- d-----w- c:\program files\MediaMall

2012-09-23 00:36:20 -------- d-----w- c:\programdata\MediaMall

2012-09-19 20:45:20 -------- d-----w- c:\program files\iPod(360)

2012-09-19 20:45:13 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1

2012-09-19 20:45:13 -------- d-----w- c:\program files\iTunes(361)

.

==================== Find3M ====================

.

2012-09-08 00:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-08-21 20:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll

.

============= FINISH: 18:13:13.57 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 3/19/2008 9:28:30 AM

System Uptime: 10/13/2012 5:58:01 PM (1 hours ago)

.

Motherboard: Quanta | | 30CF

Processor: AMD Turion 64 X2 Mobile Technology TL-60 | Socket S1 | 800/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 137 GiB total, 18.609 GiB free.

D: is FIXED (NTFS) - 12 GiB total, 1.992 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: Bluetooth Peripheral Device

Device ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_VID&00010008_PID&B008\7&A6BEB30&0&40FC8929F9EC_C00000001

Manufacturer:

Name: Bluetooth Peripheral Device

PNP Device ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_VID&00010008_PID&B008\7&A6BEB30&0&40FC8929F9EC_C00000001

Service:

.

Class GUID:

Description: Bluetooth Peripheral Device

Device ID: BTHENUM\{453994D5-D58B-96F9-6616-B37F586BA2EC}_VID&00010008_PID&B008\7&A6BEB30&0&40FC8929F9EC_C00000000

Manufacturer:

Name: Bluetooth Peripheral Device

PNP Device ID: BTHENUM\{453994D5-D58B-96F9-6616-B37F586BA2EC}_VID&00010008_PID&B008\7&A6BEB30&0&40FC8929F9EC_C00000000

Service:

.

Class GUID:

Description: Bluetooth Peripheral Device

Device ID: BTHENUM\{936DA01F-9ABD-4D9D-80C7-02AF85C822A8}_VID&00010008_PID&B008\7&A6BEB30&0&40FC8929F9EC_C00000000

Manufacturer:

Name: Bluetooth Peripheral Device

PNP Device ID: BTHENUM\{936DA01F-9ABD-4D9D-80C7-02AF85C822A8}_VID&00010008_PID&B008\7&A6BEB30&0&40FC8929F9EC_C00000000

Service:

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

7-Zip 9.20

Activation Assistant for the 2007 Microsoft Office suites

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.4)

Adobe Shockwave Player

Adobe Shockwave Player 11.6

Amazon MP3 Downloader 1.0.17

AppInventor Setup

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcSoft MediaConverter 2

Atheros Driver Installation Program

Bonjour

Canon MP Navigator EX 2.0

Canon MP240 series MP Drivers

Canon MP240 series User Registration

Canon Utilities Easy-PhotoPrint EX

Canon Utilities My Printer

Canon Utilities Solution Menu

Cards_Calendar_OrderGift_DoMorePlugout

CCleaner

Cisco Connect

Citrix Presentation Server Client

Compatibility Pack for the 2007 Office system

Conexant HD Audio

CPC Lite Plugin

DVD Suite

ERUNT 1.1j

ESET Online Scanner v3

Google Chrome

Google Drive

Google Update Helper

Hauppauge MCE XP/Vista Software Encoder (2.0.25149)

HDAUDIO Soft Data Fax Modem with SmartCP

Hewlett-Packard Active Check

Hewlett-Packard Asset Agent for Health Check

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)

HP Active Support Library

HP Customer Experience Enhancements

HP Doc Viewer

HP Easy Setup - Frontend

HP Games

HP Help and Support

HP Integrated Module with Bluetooth wireless technology 6.0.1.5500

HP Photosmart Essential 2.5

HP Quick Launch Buttons 6.30 E1

HP QuickPlay 3.6

HP QuickTouch 1.00 C4

HP Smart Web Printing

HP Total Care Advisor

HP Update

HP User Guides 0087

HP Wireless Assistant

HPNetworkAssistant

HPPhotoSmartDiscLabel_PaperLabel

HPPhotoSmartDiscLabel_PrintOnDisc

HPPhotoSmartDiscLabel_Tattoo

HPPhotoSmartDiscLabelContent1

hpphotosmartdisclabelplugin

HPPhotoSmartPhotobookHolidayPack1

HPPhotoSmartPhotobookModernPack1

HPPhotoSmartPhotobookPlayfulPack1

HPPhotoSmartPhotobookScrapbookPack1

HPPhotoSmartPhotobookWebPack1

Inkjet Printer/Scanner Extended Survey Program

iTunes

K-Lite Codec Pack 8.4.0 (Basic)

LabelPrint

LightScribe System Software 1.10.13.1

LiveUpdate (Symantec Corporation)

Malwarebytes Anti-Malware version 1.65.0.1400

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Professional 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Works

MotoHelper 2.0.40 Driver 4.8.0

MotoHelper MergeModules

Motorola Mobile Drivers Installation 5.4.0

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Music Manager

muvee autoProducer 6.1

Netflix Movie Viewer

NetWaiting

Norton Business Suite

NVIDIA Drivers

NVIDIA PhysX v8.10.29

OGA Notifier 2.0.0048.0

Power2Go

PowerDirector

PSSWCORE

RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01

RSDLite

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition

Skifta

swMSM

Synaptics Pointing Device Driver

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 Help for Common Features (KB957244)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB957246)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition

Update for Microsoft Office Publisher 2007 Help (KB957249)

VC80CRTRedist - 8.0.50727.6195

VideoToolkit01

WeatherBug Gadget

Windows Media Player Firefox Plugin

.

==== Event Viewer Messages From Past Week ========

.

10/8/2012 9:30:42 AM, Error: EventLog [6008] - The previous system shutdown at 9:29:01 AM on 10/8/2012 was unexpected.

10/8/2012 9:28:31 AM, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

10/8/2012 9:28:31 AM, Error: Service Control Manager [7031] - The Norton Business Suite service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

10/8/2012 8:56:42 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {73C9DFA0-750D-11E1-B0C4-0800200C9A66}. The error: "2" Happened while starting this command: C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_278_ActiveX.exe -Embedding

10/8/2012 5:23:33 PM, Error: EventLog [6008] - The previous system shutdown at 5:06:17 PM on 10/8/2012 was unexpected.

10/8/2012 3:01:03 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

10/8/2012 3:00:05 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 eeCtrl IDSVix86 spldr SRTSPX SymIRON SYMTDIv Wanarpv6

10/8/2012 3:00:05 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

10/8/2012 2:59:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

10/8/2012 2:59:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

10/8/2012 2:59:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

10/8/2012 2:59:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

10/7/2012 8:40:24 AM, Error: Microsoft-Windows-PrintSpooler [6161] - The document 1299.pdf, owned by Collin, failed to print on printer Canon MP240 series Printer. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 327680. Number of bytes printed: 146260. Total number of pages in the document: 2. Number of pages printed: 0. Client computer: \\COLIN. Win32 error code returned by the print processor: 1. Incorrect function.

10/7/2012 8:37:56 AM, Error: Microsoft-Windows-PrintSpooler [6161] - The document Microsoft Word - Olson Confirmation _1_.doc, owned by Collin, failed to print on printer Canon MP240 series Printer. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 66104. Number of bytes printed: 26152. Total number of pages in the document: 2. Number of pages printed: 0. Client computer: \\COLIN. Win32 error code returned by the print processor: 1. Incorrect function.

10/7/2012 7:32:09 AM, Error: EventLog [6008] - The previous system shutdown at 3:42:27 PM on 10/6/2012 was unexpected.

10/7/2012 6:01:50 PM, Error: EventLog [6008] - The previous system shutdown at 5:59:33 PM on 10/7/2012 was unexpected.

10/6/2012 1:07:23 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.137.1152.0).

10/13/2012 5:59:41 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

10/13/2012 5:57:04 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.137.1642.0).

10/10/2012 3:10:22 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

10/10/2012 3:10:22 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/10/2012 3:03:40 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Hello Collin,

You said

I feel it might be infected in my email username and password. Any ideas?

I would doubt that gmail service itself is the originator of the issue with the rogue browser window.

More likely, it was something like a utility or app you may have downloaded & installed, OR

a silent drive-by download from visiting an infected website page.

We can wrap this up now. I see that you are clear of your original issues.

If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used. Advise me after you have completed the cleanups.

We have to remove Combofix and all its associated folders. By whichever name you named it, ( you had named it ComboFix icon_exclaim.gif),

put that name in the RUN box stated just below.

The "/uninstall" in the Run line below is to start Combofix for it's cleanup & removal function.

Note the space before the slash mark.

The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.

  • Highlight the line in this CODEBOX.
    Select & Copy the entire line within this codebox (so that it is in Windows clipboard memory)
    C:\Users\Collin\Desktop\ComboFix.exe /uninstall


  • Start >> type in cmd >> press the Ctrl+Shift+Enter keyboard combination and cmd.exe will be launched as if you selected Run as Administrator. You will then see a User Account Control prompt asking if you would like to allow the Command Prompt to be able to make changes on your computer. Click on the Yes button and you will now be at the Elevated Command Prompt.
    Do a Right click within the command prompt window and select Paste. This must show the line from Codebox above.
    Then tap Enter

IF in the case Combofix un-install has an issue, skip that step.

NEXT

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

ERUNT you should keep and use periodically to backup Windows registry.

Delete the following if still present:

RogueKiller.exe

adwCleaner.exe

SecurityCheck.exe

FSS.exe

You may use Control Panel >> Add-or-Remove programs & Uninstall ESET Online scanner

Safer practices & malware prevention

We are finished here. Best regards. cool.gif

Share this post


Link to post
Share on other sites

Everything has worked so far. Thank you so much for the help. Huge stress relief has been lifted.

Share this post


Link to post
Share on other sites

You are very welcome. Cheers.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.