Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

malware on my computer did I remove everything?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

malware on my computer did I remove everything?

Unread postby diosaur » February 15th, 2011, 11:07 pm

My operating system is windows vista,
I have an hp pavilion dv6000 laptop

My problem is that after I removed antimalware doctor from my computer a few days later my computer started to lag, firefox started to glitch, It would glitch when I played videos, it would randomly crash, its appearance would change, windows explorer would occasionally crash. I renamed firefox.exe. to something else that worked for a day then my computer started lagging again

I just want to make sure that I removed all malware, viruses, trojans, etc.. from my laptop.

I ran Hijackthis
here is the log file

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:39:39 PM, on 2/15/2011
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Users\user\Desktop\Mozilla Firefox\my_firefox.exe
C:\Users\user\Desktop\Mozilla Firefox\my_firefox.exe
C:\Users\user\Desktop\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\user\Desktop\New Folder\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WhiteSmoke Toolbar - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll (file missing)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: WhiteSmoke Toolbar - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll (file missing)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Antimalware Doctor.lnk = C:\Users\user\AppData\Roaming\9BAEA5D7222F75B88A2034EC76B3ADA7\ut70mbd0pps.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: Metacafe.lnk = C:\Users\user\Desktop\Metacafe\MetacafeAgent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
diosaur
Active Member
 
Posts: 3
Joined: February 15th, 2011, 10:45 pm
Advertisement
Register to Remove

Re: malware on my computer did I remove everything?

Unread postby askey127 » February 19th, 2011, 2:24 pm

Hi diosaur,
-----------------------------------------------------------
Remove Registry items with HijackThis. Start HijackThis. (Right-click and "Run as administrator" in Vista/Win7)
Click Do System Scan Only. When the Scan is complete, Check the following entries:
(Some of these lines may be missing)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
O2 - BHO: WhiteSmoke Toolbar - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll (file missing)
O3 - Toolbar: WhiteSmoke Toolbar - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll (file missing)
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked
Click the "X" in the upper right corner of the HiJackThis window to close it.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

McAfee Security Scan
WhiteSmoke Toolbar

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
---------------------------------------------
Run a Scan with OTL
  1. Please download OTL.exe by OldTimer and save it to your desktop.
  2. Right click on OTL.exe and select Run As Administrator to run it. If Windows UAC prompts you, please allow it.
  3. Click on the Run Scan button at the top left hand corner.
  4. OTL will start running. When done, 2 Notepad files will open; OTL.txt and Extras.txt.
    They will be saved on your desktop.
    Please post the contents of these files.
    You may use separate replies if you wish.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: malware on my computer did I remove everything?

Unread postby diosaur » February 20th, 2011, 10:07 pm

OTL logfile created on: 2/20/2011 8:46:29 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\user\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16764)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.15 Gb Total Space | 49.01 Gb Free Space | 34.48% Space Free | Partition Type: NTFS
Drive D: | 6.90 Gb Total Space | 0.72 Gb Free Space | 10.49% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/20 20:44:28 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2011/02/03 22:49:40 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 11\plugin-container.exe
PRC - [2011/02/03 22:49:27 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 11\firefox.exe
PRC - [2010/11/23 21:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe
PRC - [2010/03/29 23:49:08 | 006,974,464 | ---- | M] (The Audacity Team) -- C:\Program Files\Audacity 1.3.12 Beta (Unicode)\audacity.exe
PRC - [2009/03/07 03:22:29 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/10/27 02:33:16 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/28 19:45:34 | 000,270,431 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapSvc.exe


========== Modules (SafeList) ==========

MOD - [2011/02/20 20:44:28 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
MOD - [2011/02/20 11:01:27 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll
MOD - [2011/02/20 11:01:27 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll
MOD - [2010/12/04 01:58:45 | 000,413,112 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\asoehook.dll
MOD - [2006/11/02 04:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/11/23 21:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe -- (NIS)
SRV - [2010/09/01 14:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2009/09/23 15:37:30 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2008/10/27 02:27:05 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/28 19:45:38 | 000,118,877 | ---- | M] () [Auto | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2007/03/28 19:45:34 | 000,270,431 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2007/01/09 16:55:34 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (SafeList) ==========

DRV - [2011/02/12 15:04:37 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110220.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/02/12 15:04:37 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/02/12 15:04:37 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/02/12 15:04:37 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110220.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/02/12 14:11:20 | 000,126,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/12/01 00:23:59 | 000,330,360 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1205000.07D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/11/22 23:08:31 | 000,509,560 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1205000.07D\SRTSP.SYS -- (SRTSP)
DRV - [2010/11/22 23:08:31 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1205000.07D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/11/22 21:20:07 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110114.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/11/17 21:59:55 | 000,652,336 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1205000.07D\SYMEFA.SYS -- (SymEFA)
DRV - [2010/11/15 20:45:33 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1205000.07D\Ironx86.SYS -- (SymIRON)
DRV - [2010/11/08 19:50:30 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110218.003\IDSvix86.sys -- (IDSVix86)
DRV - [2010/10/20 21:28:36 | 000,340,016 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1205000.07D\SYMDS.SYS -- (SymDS)
DRV - [2007/02/27 06:26:00 | 004,465,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/02/22 11:24:48 | 000,159,232 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/02/07 16:15:14 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2007/01/12 22:59:02 | 000,181,432 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/12/07 10:05:58 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/12/07 10:04:36 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/12/07 10:04:26 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/30 12:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/11/28 11:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/16 04:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/15 23:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/15 21:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 04:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 04:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 04:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/11/02 02:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/10/18 21:10:57 | 001,380,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2006/06/28 11:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBttn.sys -- (HBtnKey)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.newnormalmusic.com/"
FF - prefs.js..extensions.enabledItems: {1f2aa29a-fc45-40d3-b090-efdb2588df0d}:1.0.2
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-6665170634FE}:1.06
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.73
FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4
FF - prefs.js..extensions.enabledItems: yespopupsV1@patheticcockroach.com:0.9.8b
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011/02/14 07:49:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2011/02/12 15:54:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b11\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 11\components [2011/02/16 16:21:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b11\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 11\plugins

[2008/10/26 17:56:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2011/02/16 17:32:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\07vsn77h.default\extensions
[2009/06/26 12:11:35 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\07vsn77h.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2008/10/26 22:17:08 | 000,000,000 | ---D | M] (Just Black (A Cylence theme for Firefox 3)) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\07vsn77h.default\extensions\{1a45a8a0-3278-11dd-bd11-0800200c9a66}
[2009/01/10 11:54:01 | 000,000,000 | ---D | M] (johnnycache) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\07vsn77h.default\extensions\{1f2aa29a-fc45-40d3-b090-efdb2588df0d}
[2008/10/27 13:11:37 | 000,000,000 | ---D | M] (BlackX 2) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\07vsn77h.default\extensions\{239c61a8-e55f-11db-8314-0800200c9a66}
[2009/06/26 12:11:32 | 000,000,000 | ---D | M] (Ad blocker) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\07vsn77h.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
[2008/11/06 12:15:12 | 000,000,000 | ---D | M] (Aquatint Black Gloss) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\07vsn77h.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
[2008/10/27 13:12:13 | 000,000,000 | ---D | M] (Abstract Zune) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\07vsn77h.default\extensions\{7ef7f4d6-947d-11dc-8314-0800200c9a66}
[2009/03/09 20:46:04 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\07vsn77h.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2009/04/16 07:25:36 | 000,000,000 | ---D | M] ("Public Fox") -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\07vsn77h.default\extensions\{9AA46F4F-4DC7-4c06-97AF-6665170634FE}
[2010/09/30 19:53:52 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\07vsn77h.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/01/10 11:54:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\07vsn77h.default\extensions\{b1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1}
[2009/03/13 03:53:56 | 000,000,000 | ---D | M] (Add N Edit Cookies) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\07vsn77h.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25c}
[2009/07/18 10:54:41 | 000,000,000 | ---D | M] (PitchDark) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\07vsn77h.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2008/12/06 15:04:12 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\07vsn77h.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2009/07/18 10:54:46 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\07vsn77h.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/06/26 12:11:34 | 000,000,000 | ---D | M] ("ErrorZilla Mod") -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\07vsn77h.default\extensions\ErrorZillaMod@jaybaldwin
[2009/03/19 17:49:54 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\07vsn77h.default\extensions\moveplayer@movenetworks.com
[2009/01/18 16:05:57 | 000,000,000 | ---D | M] (TrackMeNot) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\07vsn77h.default\extensions\trackmenot@mrl.nyu.edu
[2009/01/10 11:54:00 | 000,000,000 | ---D | M] (Yes popups) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\07vsn77h.default\extensions\yespopupsV1@patheticcockroach.com
[2008/11/17 19:56:53 | 000,001,982 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\07vsn77h.default\searchplugins\imeem.xml
File not found (No name found) --
[2011/02/14 07:49:36 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN
() (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\07VSN77H.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\07VSN77H.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI

O1 HOSTS File: ([2011/02/16 15:19:40 | 000,000,734 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ips\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [ALUAlert] File not found
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.79.4.16 10.80.4.97
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/20 18:21:46 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/20 20:43:42 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2011/02/20 15:12:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/02/20 11:00:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2011/02/20 11:00:26 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2011/02/17 08:55:50 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\long awaited hybid_data
[2011/02/16 16:21:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox 4.0 Beta 11
[2011/02/16 16:20:44 | 011,864,840 | ---- | C] (Mozilla) -- C:\Users\user\Desktop\Firefox Setup 4.0 Beta 11.exe
[2011/02/15 21:38:40 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\New Folder
[2011/02/14 11:56:20 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/02/14 11:56:20 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/02/13 15:49:14 | 000,000,000 | ---D | C] -- C:\Users\user\New Folder
[2011/02/12 17:11:18 | 000,652,336 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1205000.07D\symefa.sys
[2011/02/12 17:11:18 | 000,340,016 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1205000.07D\symds.sys
[2011/02/12 17:11:18 | 000,330,360 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1205000.07D\symtdiv.sys
[2011/02/12 17:11:18 | 000,295,032 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1205000.07D\symnets.sys
[2011/02/12 17:11:18 | 000,050,168 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1205000.07D\srtspx.sys
[2011/02/12 17:11:17 | 000,509,560 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1205000.07D\srtsp.sys
[2011/02/12 17:11:17 | 000,136,312 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1205000.07D\ironx86.sys
[2011/02/12 15:54:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1205000.07D
[2011/02/12 14:11:20 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/02/12 14:11:20 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/02/12 14:10:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS
[2011/02/12 14:10:19 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2011/02/12 14:10:19 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2011/02/12 14:09:23 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/02/10 12:52:29 | 103,702,560 | ---- | C] (Symantec Corporation) -- C:\Users\user\Desktop\NAV_18.1.0.37_SYMTB_CNET_LOEM_MRFTT_175_5411.exe
[2011/02/09 22:42:51 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Tific
[2011/02/09 22:42:38 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Symantec
[2011/02/09 17:55:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/02/06 15:56:37 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\dumbb_data
[2011/01/26 23:19:43 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\fruity loop track samples
[2011/01/25 18:34:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZeallSoft
[2011/01/25 18:34:15 | 000,000,000 | ---D | C] -- C:\Program Files\Zeallsoft
[2011/01/25 18:29:57 | 003,409,741 | ---- | C] (ZeallSoft, Inc. ) -- C:\Users\user\Desktop\mmsetup.exe
[2011/01/25 17:52:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\debugmode
[2011/01/25 17:52:30 | 000,000,000 | ---D | C] -- C:\Program Files\Debugmode
[3 C:\Users\user\Documents\*.tmp files -> C:\Users\user\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/20 20:44:28 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2011/02/20 20:35:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/20 20:25:13 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/20 20:25:13 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/20 19:23:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/20 19:02:29 | 007,999,806 | ---- | M] () -- C:\Users\user\Desktop\another beat.mp3
[2011/02/20 16:35:18 | 007,295,576 | ---- | M] () -- C:\Users\user\Desktop\bass .wav
[2011/02/20 15:27:15 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/20 15:26:29 | 000,000,146 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/02/20 15:24:53 | 2145,427,456 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/20 14:38:38 | 000,002,280 | ---- | M] () -- C:\{3540B78A-A7B2-49A5-A36D-6F2C52FC225D}
[2011/02/20 14:32:49 | 000,002,368 | ---- | M] () -- C:\{8DDB1602-5629-47A7-B1AA-DC910D16C714}
[2011/02/20 11:01:55 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/02/20 10:49:25 | 002,430,465 | ---- | M] () -- C:\Users\user\Desktop\you suck.mp3
[2011/02/19 21:26:02 | 003,581,107 | ---- | M] () -- C:\Users\user\Desktop\dance track.mp3
[2011/02/19 21:17:03 | 003,738,260 | ---- | M] () -- C:\Users\user\Desktop\jazzy tune.mp3
[2011/02/19 21:11:10 | 002,842,657 | ---- | M] () -- C:\Users\user\Desktop\jazzy tune.wma
[2011/02/19 19:42:11 | 001,006,247 | ---- | M] () -- C:\Users\user\Desktop\noise voice.wma
[2011/02/19 19:22:04 | 001,325,037 | ---- | M] () -- C:\Users\user\Desktop\glitchy bass.wma
[2011/02/19 19:12:08 | 000,489,897 | ---- | M] () -- C:\Users\user\Desktop\glitched.wma
[2011/02/19 18:35:46 | 000,591,870 | ---- | M] () -- C:\Users\user\Desktop\bassline mastered.mp3
[2011/02/19 18:24:54 | 013,026,640 | ---- | M] () -- C:\Users\user\Desktop\untitled.wav
[2011/02/19 15:53:08 | 000,002,481 | ---- | M] () -- C:\Users\user\Desktop\HiJackThis.lnk
[2011/02/19 10:22:36 | 005,547,432 | ---- | M] () -- C:\Users\user\Desktop\dance shit.mp3
[2011/02/18 00:14:53 | 000,013,183 | ---- | M] () -- C:\Users\user\Documents\Richard Salam10.docx
[2011/02/17 14:09:49 | 003,534,757 | ---- | M] () -- C:\Users\user\Desktop\useless meditations.mp3
[2011/02/17 12:51:19 | 000,020,835 | ---- | M] () -- C:\Users\user\Desktop\long awaited hybid.aup
[2011/02/16 16:22:01 | 000,001,925 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 11.lnk
[2011/02/16 16:21:59 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 11.lnk
[2011/02/16 16:20:45 | 011,864,840 | ---- | M] (Mozilla) -- C:\Users\user\Desktop\Firefox Setup 4.0 Beta 11.exe
[2011/02/16 15:19:40 | 000,000,734 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/02/16 11:44:59 | 000,001,941 | ---- | M] () -- C:\Users\user\Untitled (8).zgr
[2011/02/14 14:22:08 | 010,955,310 | ---- | M] () -- C:\Users\user\Desktop\Fissunix_heart_shaped_tron.mp3
[2011/02/14 11:55:05 | 001,402,880 | ---- | M] () -- C:\Users\user\Desktop\HiJackThis.msi
[2011/02/14 07:47:57 | 000,002,184 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011/02/14 07:47:09 | 001,007,748 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1205000.07D\Cat.DB
[2011/02/13 15:02:36 | 000,014,981 | ---- | M] () -- C:\Users\user\Desktop\Netflix is in competition with online companies like Google.docx
[2011/02/13 09:05:03 | 000,062,713 | ---- | M] () -- C:\Users\user\Desktop\Competition.pptx
[2011/02/12 14:11:20 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/02/12 14:11:20 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/02/12 14:11:20 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/02/11 16:56:10 | 000,016,384 | ---- | M] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/10 13:02:41 | 103,702,560 | ---- | M] (Symantec Corporation) -- C:\Users\user\Desktop\NAV_18.1.0.37_SYMTB_CNET_LOEM_MRFTT_175_5411.exe
[2011/02/09 22:26:37 | 000,721,199 | ---- | M] () -- C:\Users\user\Desktop\rkill.exe
[2011/02/09 21:35:18 | 303,880,345 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/02/09 17:36:42 | 000,001,061 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
[2011/02/07 18:47:24 | 000,618,648 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/07 18:47:24 | 000,104,024 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/06 23:14:14 | 000,053,070 | ---- | M] () -- C:\Users\user\Desktop\dumbb.aup
[2011/02/06 09:19:35 | 000,000,680 | ---- | M] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2011/02/04 11:55:46 | 000,011,982 | ---- | M] () -- C:\Users\user\Documents\case study 1.docx
[2011/01/28 17:26:25 | 001,235,237 | ---- | M] () -- C:\Users\user\Documents\piano test 546.wma
[2011/01/25 19:08:00 | 000,000,941 | ---- | M] () -- C:\Users\user\Desktop\MagicMirror - Shortcut.lnk
[2011/01/25 18:34:18 | 000,001,017 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Magic Mirror.lnk
[2011/01/25 18:34:18 | 000,000,993 | ---- | M] () -- C:\Users\user\Desktop\Magic Mirror.lnk
[2011/01/25 18:30:00 | 003,409,741 | ---- | M] (ZeallSoft, Inc. ) -- C:\Users\user\Desktop\mmsetup.exe
[2011/01/25 17:52:33 | 000,000,826 | ---- | M] () -- C:\Users\user\Desktop\WinMorph 3.01.lnk
[2011/01/25 17:34:11 | 1026,419,072 | -H-- | M] () -- C:\Users\user\Photoshop_12_LS1.7z.part
[2011/01/25 17:29:44 | 000,000,044 | ---- | M] () -- C:\Users\user\Photoshop_12_LS1.exe
[2011/01/25 16:58:55 | 000,016,539 | ---- | M] () -- C:\Users\user\Desktop\22568_600897454659_13809887_35336319_7708755_n.jpg
[2011/01/22 01:33:32 | 000,160,876 | ---- | M] () -- C:\Users\user\Documents\irrational 2.docx
[3 C:\Users\user\Documents\*.tmp files -> C:\Users\user\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/20 19:00:15 | 007,999,806 | ---- | C] () -- C:\Users\user\Desktop\another beat.mp3
[2011/02/20 16:34:36 | 007,295,576 | ---- | C] () -- C:\Users\user\Desktop\bass .wav
[2011/02/20 14:38:38 | 000,002,280 | ---- | C] () -- C:\{3540B78A-A7B2-49A5-A36D-6F2C52FC225D}
[2011/02/20 14:32:49 | 000,002,368 | ---- | C] () -- C:\{8DDB1602-5629-47A7-B1AA-DC910D16C714}
[2011/02/20 10:48:38 | 002,430,465 | ---- | C] () -- C:\Users\user\Desktop\you suck.mp3
[2011/02/19 21:25:05 | 003,581,107 | ---- | C] () -- C:\Users\user\Desktop\dance track.mp3
[2011/02/19 21:16:00 | 003,738,260 | ---- | C] () -- C:\Users\user\Desktop\jazzy tune.mp3
[2011/02/19 21:11:09 | 002,842,657 | ---- | C] () -- C:\Users\user\Desktop\jazzy tune.wma
[2011/02/19 19:42:09 | 001,006,247 | ---- | C] () -- C:\Users\user\Desktop\noise voice.wma
[2011/02/19 19:21:59 | 001,325,037 | ---- | C] () -- C:\Users\user\Desktop\glitchy bass.wma
[2011/02/19 19:12:05 | 000,489,897 | ---- | C] () -- C:\Users\user\Desktop\glitched.wma
[2011/02/19 18:35:15 | 000,591,870 | ---- | C] () -- C:\Users\user\Desktop\bassline mastered.mp3
[2011/02/19 18:09:29 | 013,026,640 | ---- | C] () -- C:\Users\user\Desktop\untitled.wav
[2011/02/19 10:20:50 | 005,547,432 | ---- | C] () -- C:\Users\user\Desktop\dance shit.mp3
[2011/02/18 00:09:01 | 000,013,183 | ---- | C] () -- C:\Users\user\Documents\Richard Salam10.docx
[2011/02/17 14:08:56 | 003,534,757 | ---- | C] () -- C:\Users\user\Desktop\useless meditations.mp3
[2011/02/17 08:55:55 | 000,020,835 | ---- | C] () -- C:\Users\user\Desktop\long awaited hybid.aup
[2011/02/16 16:21:57 | 000,001,925 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 11.lnk
[2011/02/16 16:21:55 | 000,001,901 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 11.lnk
[2011/02/16 16:21:52 | 000,001,913 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox 4.0 Beta 11.lnk
[2011/02/16 11:44:56 | 000,012,256 | ---- | C] () -- C:\Users\user\Untitled (8) 34.wav
[2011/02/14 14:21:04 | 010,955,310 | ---- | C] () -- C:\Users\user\Desktop\Fissunix_heart_shaped_tron.mp3
[2011/02/14 11:56:20 | 000,002,481 | ---- | C] () -- C:\Users\user\Desktop\HiJackThis.lnk
[2011/02/14 11:55:04 | 001,402,880 | ---- | C] () -- C:\Users\user\Desktop\HiJackThis.msi
[2011/02/14 07:46:53 | 001,007,748 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\Cat.DB
[2011/02/13 15:02:33 | 000,014,981 | ---- | C] () -- C:\Users\user\Desktop\Netflix is in competition with online companies like Google.docx
[2011/02/13 09:05:00 | 000,062,713 | ---- | C] () -- C:\Users\user\Desktop\Competition.pptx
[2011/02/12 17:11:18 | 000,007,877 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\symnetv.cat
[2011/02/12 17:11:18 | 000,007,458 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\symnet.cat
[2011/02/12 17:11:18 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\symefa.cat
[2011/02/12 17:11:18 | 000,007,454 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\srtspx.cat
[2011/02/12 17:11:18 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\symds.cat
[2011/02/12 17:11:18 | 000,003,374 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\symefa.inf
[2011/02/12 17:11:18 | 000,002,792 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\symds.inf
[2011/02/12 17:11:18 | 000,001,474 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\symnetv.inf
[2011/02/12 17:11:18 | 000,001,446 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\symnet.inf
[2011/02/12 17:11:18 | 000,001,389 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\srtspx.inf
[2011/02/12 17:11:17 | 000,007,528 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\iron.cat
[2011/02/12 17:11:17 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\srtsp.cat
[2011/02/12 17:11:17 | 000,001,383 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\srtsp.inf
[2011/02/12 17:11:17 | 000,000,742 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\iron.inf
[2011/02/12 15:54:41 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\isolate.ini
[2011/02/12 14:11:20 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/02/12 14:11:20 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/02/12 14:11:06 | 000,002,184 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011/02/09 22:26:36 | 000,721,199 | ---- | C] () -- C:\Users\user\Desktop\rkill.exe
[2011/02/09 17:36:41 | 000,001,061 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
[2011/02/04 11:55:44 | 000,011,982 | ---- | C] () -- C:\Users\user\Documents\case study 1.docx
[2011/01/28 17:26:24 | 001,235,237 | ---- | C] () -- C:\Users\user\Documents\piano test 546.wma
[2011/01/25 19:08:00 | 000,000,941 | ---- | C] () -- C:\Users\user\Desktop\MagicMirror - Shortcut.lnk
[2011/01/25 18:34:18 | 000,000,993 | ---- | C] () -- C:\Users\user\Desktop\Magic Mirror.lnk
[2011/01/25 18:34:17 | 000,001,017 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Magic Mirror.lnk
[2011/01/25 17:52:33 | 000,000,826 | ---- | C] () -- C:\Users\user\Desktop\WinMorph 3.01.lnk
[2011/01/25 17:29:45 | 1026,419,072 | -H-- | C] () -- C:\Users\user\Photoshop_12_LS1.7z.part
[2011/01/25 17:29:44 | 000,000,044 | ---- | C] () -- C:\Users\user\Photoshop_12_LS1.exe
[2011/01/25 16:58:52 | 000,016,539 | ---- | C] () -- C:\Users\user\Desktop\22568_600897454659_13809887_35336319_7708755_n.jpg
[2011/01/22 01:33:30 | 000,160,876 | ---- | C] () -- C:\Users\user\Documents\irrational 2.docx
[2011/01/18 21:29:01 | 000,164,864 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2010/10/14 23:13:53 | 000,001,940 | ---- | C] () -- C:\Users\user\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/06/29 17:38:43 | 008,676,883 | ---- | C] () -- C:\Windows\System32\mp3Media2.dll
[2009/01/31 21:05:32 | 000,000,680 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2008/11/14 13:40:49 | 000,016,384 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/02 18:12:50 | 000,077,824 | ---- | C] () -- C:\Windows\System32\HPZIDS01.dll
[2008/10/25 18:54:01 | 000,000,000 | ---- | C] () -- C:\Users\user\AppData\Local\QSwitch.txt
[2008/10/25 18:54:01 | 000,000,000 | ---- | C] () -- C:\Users\user\AppData\Local\DSwitch.txt
[2008/10/25 18:54:00 | 000,000,000 | ---- | C] () -- C:\Users\user\AppData\Local\AtStart.txt
[2008/09/15 19:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/09/15 19:11:10 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2007/10/20 18:10:23 | 000,001,695 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/02/27 15:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/14 01:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 01:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 19:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/05/07 23:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

OTL Extras logfile created on: 2/20/2011 8:46:29 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\user\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16764)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.15 Gb Total Space | 49.01 Gb Free Space | 34.48% Space Free | Partition Type: NTFS
Drive D: | 6.90 Gb Total Space | 0.72 Gb Free Space | 10.49% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 11\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1"
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Users\user\Desktop\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Users\user\Desktop\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03BC4419-F1DB-48AA-B902-8B210895F55C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{08096FE1-9711-490E-BAC2-7EE00BBDECA1}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{1F5293B0-6E92-409F-9C91-DED32D161E5D}" = lport=54748 | protocol=6 | dir=in | name=akamai netsession interface |
"{2968F9FD-4E91-42A6-B8EC-16340A1DD441}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{734DB359-D627-48F3-A730-F8A12FCE9847}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7E837E3D-56E3-4AB0-BB45-3E1ADB091744}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CD44F46F-A7C6-4AC5-BE79-0779B5A66361}" = lport=49162 | protocol=6 | dir=in | name=akamai netsession interface |
"{E2947602-A491-4F75-BF45-EA0657730946}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06C4AF9D-A977-498D-B128-DC90CD57B556}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1264F4C7-D896-4123-9F63-81952ECCCE8E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{12DBC1F5-A463-44C3-9208-9E7771B9D337}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{20116D9E-F3F1-485D-9A46-B4A5BDCCFFEC}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{29D99AEB-ADCC-45EE-B1CD-9590A582C13E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{485E1FA4-2408-43B2-87AD-CFBD37A22145}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{818B6C4E-92F3-4FA4-9CDB-761B53DE2428}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{93B1DA9D-8B9C-4A85-A376-7FFD0991F88A}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{93C54817-BF0B-44CC-A0E0-6CE684EEB6E6}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{B37974A6-F1BA-42E9-8D0F-EA1E05FE832C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E12990A9-826A-466B-8DD8-93BC06A62262}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0BFC200F-C45D-4271-AF34-4CA969225DEB}" = muvee autoProducer 6.0
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 18
"{290B83AA-093A-45BF-A917-D1C4A1E8D917}" = HP Active Support Library
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 B1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{39523EA4-F914-4447-A551-2513766095F5}" = ESU for Microsoft Vista
"{3FFB3B34-D639-4384-9AE9-DDE58430D86F}" = MSCU for Microsoft Vista
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{9061CEF2-51F5-42C9-8A70-9ED351C6597A}" = HP Help and Support
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{EBBE2FB2-FBED-44F6-B95F-230AB5A65B28}" = Goombah Partner COM Server
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FCCC555E-166C-426A-A98C-39C80AE7C081}" = HP User Guides 0082
"7-Zip" = 7-Zip 4.65
"Acoustica Beatcraft" = Acoustica Beatcraft
"Acoustica Effects Pack" = Acoustica Effects Pack
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"ASIO4ALL" = ASIO4ALL
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Audacity_is1" = Audacity 1.2.6
"CDisplay_is1" = CDisplay 1.8
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7" = HDAUDIO Soft Data Fax Modem with SmartCP
"FFmpeg for Audacity on Windows_is1" = FFmpeg for Audacity on Windows
"FL Studio 9" = FL Studio 9
"Freez FLV to MP3 Converter v1.5_is1" = Freez FLV to MP3 Converter
"Hardcore" = Hardcore
"HighC_is1" = HighC 2.81
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"IL Download Manager" = IL Download Manager
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Magic Mirror_is1" = Magic Mirror 3.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox 4.0b11 (x86 en-US)" = Mozilla Firefox 4.0b11 (x86 en-US)
"NIS" = Norton Internet Security
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoScape" = PhotoScape
"PoiZone" = PoiZone
"RealPlayer 6.0" = RealPlayer
"Sawer" = Sawer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Toxic Biohazard" = Toxic Biohazard
"VLC media player" = VLC media player 1.0.3
"VST Bridge_is1" = VST Bridge 1.1
"WildTangent hplaptop Master Uninstall" = My HP Games
"WinMorph_is1" = WinMorph™ 3.01

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/20/2011 4:11:57 PM | Computer Name = user-PC | Source = System Restore | ID = 8193
Description =

Error - 2/20/2011 4:12:09 PM | Computer Name = user-PC | Source = System Restore | ID = 8193
Description =

Error - 2/20/2011 4:12:30 PM | Computer Name = user-PC | Source = System Restore | ID = 8193
Description =

Error - 2/20/2011 4:13:24 PM | Computer Name = user-PC | Source = System Restore | ID = 8193
Description =

Error - 2/20/2011 4:15:10 PM | Computer Name = user-PC | Source = System Restore | ID = 8193
Description =

Error - 2/20/2011 4:15:18 PM | Computer Name = user-PC | Source = System Restore | ID = 8193
Description =

Error - 2/20/2011 4:16:53 PM | Computer Name = user-PC | Source = VSS | ID = 8194
Description =

Error - 2/20/2011 4:16:55 PM | Computer Name = user-PC | Source = System Restore | ID = 8193
Description =

Error - 2/20/2011 4:20:35 PM | Computer Name = user-PC | Source = System Restore | ID = 8193
Description =

Error - 2/20/2011 4:20:45 PM | Computer Name = user-PC | Source = System Restore | ID = 8193
Description =

[ OSession Events ]
Error - 10/16/2010 1:35:47 AM | Computer Name = user-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6021.5000. This session lasted 3768
seconds with 1080 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2/12/2011 3:48:10 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 2/20/2011 4:01:19 PM | Computer Name = user-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:57:07 PM on 2/20/2011 was unexpected.

Error - 2/20/2011 4:02:44 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/20/2011 4:02:44 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 2/20/2011 4:02:46 PM | Computer Name = user-PC | Source = bowser | ID = 8003
Description =

Error - 2/20/2011 4:03:43 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 2/20/2011 4:03:43 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 2/20/2011 4:26:23 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/20/2011 4:27:13 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 2/20/2011 4:27:13 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7001
Description =


< End of report >
diosaur
Active Member
 
Posts: 3
Joined: February 15th, 2011, 10:45 pm

Re: malware on my computer did I remove everything?

Unread postby askey127 » February 21st, 2011, 8:22 am

diosaur
You have over thirty extensions installed in a beta version of Firefox. It's a wonder it works at all.
You may find bugs in that Firefox. That's why they call it a beta.

What's with installing Avast?
If you don't want Norton, and would like a free AV, please tell me, but don't install or remove things while we are working.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: malware on my computer did I remove everything?

Unread postby diosaur » February 21st, 2011, 10:30 am

my bad
I quickly uninstalled it
diosaur
Active Member
 
Posts: 3
Joined: February 15th, 2011, 10:45 pm

Re: malware on my computer did I remove everything?

Unread postby askey127 » February 22nd, 2011, 7:18 am

diosaur,
This scan takes some time but is very thorough. We need to be sure no trojans were left from the Spyware installation.
---------------------------------------------------------
Please visit Run Panda ActiveScan here:http://www.pandasecurity.com/activescan/index/, using Internet Explorer.
  • Check the Full Scan button, and click Scan Now.
  • Follow the prompts and install an Active X control Add-On if necessary.
  • Also allow it to download an Update, if it asks.
  • For either the Active-X Add-on or the Update Download, you may be required to click the popup yellow bar at the top of the window and give permission.
  • If it reports a download error, have it retry and give permission on the yellow bar again until it succeeds.
  • When the downloads are finished, the scan will begin. It will take a while. Let it run unhindered.
  • When the scan is finished, a report will be generated.
  • Don't take any action on the Report. Just Click the Export to button and save the file to your Desktop.
If you don't change it, the filename appearing on your desktop will be ActiveScan.txt
Please double click that file, and copy/paste the contents in your reply here.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: malware on my computer did I remove everything?

Unread postby askey127 » February 25th, 2011, 8:56 am

Due to Lack of Response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 65 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware