Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Need Help With HiJackThis Log: Not computer literate! PLEASE

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Need Help With HiJackThis Log: Not computer literate! PL

Unread postby newjackridi » December 25th, 2011, 9:19 pm

I did the OTL fix you told me to do. A log came up telling me about the files and stuff that were successfully killed. I did the Eset scan and it finished saying 'no threats found', but there was no log.
newjackridi
Regular Member
 
Posts: 82
Joined: December 22nd, 2011, 5:35 pm
Advertisement
Register to Remove

Re: Need Help With HiJackThis Log: Not computer literate! PL

Unread postby Gary R » December 26th, 2011, 3:12 am

Can you pot me the log that OTL created please.

You'll find it at C:\_OTL\MovedFiles it will be named MMDDYYYY_HHMMSS.log (where mdyhms are replaced by numbers representing the date and time the fix was run).

How is your computer behaving now ?
User avatar
Gary R
Administrator
Administrator
 
Posts: 21866
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Need Help With HiJackThis Log: Not computer literate! PL

Unread postby newjackridi » December 26th, 2011, 4:58 pm

All processes killed
========== OTL ==========
C:\Windows\SysNative\SET8E7.tmp deleted successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
ADS C:\Users\User\AppData\Local\yhAweDThbpKz:qhzUZWuFvOFEFa88EdP061 deleted successfully.
ADS C:\Users\User\AppData\Local\PEUnWLkqALBa:uxz8HxI23c5VO5LjDCdzSmb deleted successfully.
ADS C:\ProgramData\Microsoft:ivYMonH7YB2k2tOsR7CZyjM756EQ deleted successfully.
ADS C:\ProgramData\Microsoft:RGmIqnJMFOr5MBsGhnukzj9n deleted successfully.
ADS C:\Users\User\AppData\Local\osGGpTgiCR0KF:OonU4428XiqetQjqcjq6H deleted successfully.
========== FILES ==========
C:\Users\User\AppData\Local\yhAweDThbpKz folder moved successfully.
C:\Users\User\AppData\Local\PEUnWLkqALBa folder moved successfully.
C:\Users\User\AppData\Local\osGGpTgiCR0KF folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Parent

User: Public

User: User
->Temp folder emptied: 430197 bytes
->Temporary Internet Files folder emptied: 78011108 bytes
->Java cache emptied: 104686 bytes
->Google Chrome cache emptied: 6538304 bytes
->Flash cache emptied: 57873 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 74810 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 81.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.31.0 log created on 12252011_175259

Files\Folders moved on Reboot...
C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\User\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XAR9MMPH\AdServer[1].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XAR9MMPH\ai[2].htm moved successfully.
File\Folder C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XAR9MMPH\map2_iframe[1].htm not found!
File\Folder C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UKQ17LBS\10151051333675284[1].htm not found!
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UKQ17LBS\ai[2].htm moved successfully.
File\Folder C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RWQKAAYU\CNM[1].htm not found!
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RWQKAAYU\pling[1].mp3 moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\K2A9WWAU\plusone_gadget[1].htm moved successfully.
File\Folder C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A2PSAA97\profile[1].htm not found!
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6LWED4E2\12[1].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6LWED4E2\ai[4].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6LWED4E2\ai[5].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6LWED4E2\ai[6].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\24T8PQ2I\ai[3].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\24T8PQ2I\ai[4].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\24T8PQ2I\ai[5].htm moved successfully.
File\Folder C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\24T8PQ2I\MailCounts[1].htm not found!
File\Folder C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\24T8PQ2I\messaging_upload[1].htm not found!
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...
newjackridi
Regular Member
 
Posts: 82
Joined: December 22nd, 2011, 5:35 pm

Re: Need Help With HiJackThis Log: Not computer literate! PL

Unread postby Gary R » December 26th, 2011, 7:22 pm

How is your computer behaving now ?
User avatar
Gary R
Administrator
Administrator
 
Posts: 21866
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Need Help With HiJackThis Log: Not computer literate! PL

Unread postby newjackridi » December 27th, 2011, 10:08 pm

I have a whole new problem now. I think I got a virus, so I did a system restore. The system restore partially (I think) restored Emsisoft, which I uninstalled a few days ago. Emsisoft ran on start up, for some reason turning off Norton 360 each time i started my computer. I turned it off from start up but I can't delete it! I tried uninstalling it but it says unin000.exe is missing or something. I tried uninstalling it with Revo but it says the same thing. Revo comes up with a list of a bunch of file remnants I can delete but I don't know what is safe to delete and what isn't.
I don't know if this is the emsisoft I uninstalled being partially restored on my computer after a system restore, or a virus posing as emsisoft, but PLEASE help me get it off of my computer. Pleaaasseeee.
newjackridi
Regular Member
 
Posts: 82
Joined: December 22nd, 2011, 5:35 pm

Re: Need Help With HiJackThis Log: Not computer literate! PL

Unread postby Gary R » December 28th, 2011, 3:30 am

  • Click Start and type Notepad into the Search programs and files box, then hit Enter.
  • This will open an empty Notepad file.
  • Copy/Paste the contents of the box below into Notepad.
Code: Select all
@echo off
echo Collecting support information about all installed Emsisoft services ...

echo ********************** a2util: > "%TEMP%\service_status.log"
sc query a2util >> "%TEMP%\service_status.log"
sc qc a2util >> "%TEMP%\service_status.log"
echo. >> "%TEMP%\service_status.log"

echo ********************** a2dda: >> "%TEMP%\service_status.log"
sc query a2dda >> "%TEMP%\service_status.log"
sc qc a2dda >> "%TEMP%\service_status.log"
echo. >> "%TEMP%\service_status.log"

echo ********************** a2injectiondriver: >> "%TEMP%\service_status.log"
sc query a2injectiondriver >> "%TEMP%\service_status.log"
sc qc a2injectiondriver >> "%TEMP%\service_status.log"
echo. >> "%TEMP%\service_status.log"

echo ********************** a2antimalware: >> "%TEMP%\service_status.log"
sc query a2antimalware >> "%TEMP%\service_status.log"
sc qc a2antimalware >> "%TEMP%\service_status.log"
echo. >> "%TEMP%\service_status.log"

echo ********************** a2acc: >> "%TEMP%\service_status.log"
sc query a2acc >> "%TEMP%\service_status.log"
sc qc a2acc >> "%TEMP%\service_status.log"
echo. >> "%TEMP%\service_status.log"

echo ********************** mamutu: >> "%TEMP%\service_status.log"
sc query mamutu >> "%TEMP%\service_status.log"
sc qc mamutu >> "%TEMP%\service_status.log"
echo. >> "%TEMP%\service_status.log"

echo All necessary information have been collected. Press any key to continue ...

PAUSE > NUL
notepad "%TEMP%\service_status.log"

  • Click Format and ensure Wordwrap is unchecked.
  • Save as RegExp.bat to your Desktop.
  • Save as file type All Files or it won't work.
  • Now right click on RegExp.bat and select Run as an Administrator to run it.
  • A file will open on your Desktop, please post the contents in your next reply.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21866
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Need Help With HiJackThis Log: Not computer literate! PL

Unread postby newjackridi » December 28th, 2011, 5:21 pm

A few people from Emsisoft linked me to Emsiclean, and now it is no longer on my computer. Last question, Gary. I started using WinPatrol recently and I will get things that say "run once" and it will say "win" in the title, but I don't see Microsoft as the company name? Is there a way to make sure I get all of the official windows updates? Because I don't know if my computer is being attacked or something.
newjackridi
Regular Member
 
Posts: 82
Joined: December 22nd, 2011, 5:35 pm

Re: Need Help With HiJackThis Log: Not computer literate! PL

Unread postby Gary R » December 28th, 2011, 7:12 pm

You're going to have to explain things a bit clearer about Win Patrol, because I haven't got a clue what you're trying to ask me here. There's no signs in any of the logs you've supplied that your computer has an active infection, we've just removed a few orphans and one of the 2 AV programs, which was the cause of your computer running slowly.

As far as Windows updates are concerned, provided you have Windows set to update automatically then the updates you get will be from Microsoft.

If you're worried that your updates may not be fully up to date, visit and run ..... Secunia Online Software Inspector .... the scan will notify you of any missing updates.

If your computer is now running as you'd expect it to .....

Let's clear out OTL and the files and folders it created. This will also remove TDSSKiller,
  • Double click OTL.exe to launch the programme.
  • Click on the CleanUp! button.
  • OTL will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.
  • You will be prompted to allow the clean up procedure, click Yes
  • When finished exit out of OTL
  • Now delete OTL.exe (if still present).

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.

If your computer is running slowly after your clean up, please read.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21866
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Need Help With HiJackThis Log: Not computer literate! PL

Unread postby newjackridi » December 28th, 2011, 7:19 pm

OTL.exe is gone, i think it was deleted when I did the restore. My computer has went been acting differently even since the original TDSS and OTL logs. Would it be too much to ask if I can rescan and post the newer results here?
newjackridi
Regular Member
 
Posts: 82
Joined: December 22nd, 2011, 5:35 pm

Re: Need Help With HiJackThis Log: Not computer literate! PL

Unread postby Gary R » December 28th, 2011, 7:30 pm

Yes, run a new OTL scan and post the logs please.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21866
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Need Help With HiJackThis Log: Not computer literate! PL

Unread postby newjackridi » December 28th, 2011, 8:22 pm

OTL logfile created on: 12/28/2011 6:47:32 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\User\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 4.08 Gb Available Physical Memory | 70.95% Memory free
11.50 Gb Paging File | 9.51 Gb Available in Paging File | 82.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.15 Gb Total Space | 780.61 Gb Free Space | 85.02% Space Free | Partition Type: NTFS
Drive D: | 13.26 Gb Total Space | 1.63 Gb Free Space | 12.30% Space Free | Partition Type: NTFS

Computer Name: USER-HP | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/28 18:34:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\User\Downloads\OTL.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/11/16 04:55:20 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/08/09 00:56:34 | 000,081,920 | ---- | M] (Avid Technology, Inc.) -- C:\Program Files (x86)\Digidesign\Pro Tools\MMERefresh.exe
PRC - [2011/07/09 01:36:12 | 002,932,224 | ---- | M] (PACE Anti-Piracy, Inc.) -- C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/15 14:53:20 | 000,325,512 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccsvchst.exe
PRC - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/10/08 12:51:46 | 001,919,504 | ---- | M] (Avid) -- C:\Program Files (x86)\Avid\Mbox Mini\AudioDevMon.exe
PRC - [2010/09/28 10:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/09/11 03:02:22 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2011/04/14 20:01:33 | 000,548,854 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/03/09 23:00:40 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010/08/05 21:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/08/05 21:47:48 | 000,681,528 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2010/06/07 08:33:02 | 000,167,424 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8ServiceD.exe -- (MacDrive8ServiceD)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/12 17:06:48 | 004,700,824 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2011/08/09 00:56:34 | 000,081,920 | ---- | M] (Avid Technology, Inc.) [Auto | Running] -- C:\Program Files (x86)\Digidesign\Pro Tools\MMERefresh.exe -- (DigiRefresh)
SRV - [2011/08/09 00:42:44 | 000,159,744 | ---- | M] (Avid Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)
SRV - [2011/07/09 01:36:12 | 002,932,224 | ---- | M] (PACE Anti-Piracy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe -- (PaceLicenseDServices)
SRV - [2011/06/21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/11/20 07:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/10/08 12:51:46 | 001,919,504 | ---- | M] (Avid) [Auto | Running] -- C:\Program Files (x86)\Avid\Mbox Mini\AudioDevMon.exe -- (MboxMiniAudioDevMon)
SRV - [2010/09/28 10:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/09/11 03:02:22 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/06/18 20:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/07/08 16:45:12 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/07/06 11:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2011/06/28 16:04:40 | 000,105,592 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
DRV:64bit: - [2011/05/09 22:26:45 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/05/06 13:22:01 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/04/18 09:18:47 | 000,025,720 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iLokDrvr.sys -- (iLokDrvr)
DRV:64bit: - [2011/03/30 22:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 22:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/14 21:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 01:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symds64.sys -- (SymDS)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/15 20:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/10/23 00:24:02 | 000,021,520 | ---- | M] (Avid Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\diginet.sys -- (DigiNet)
DRV:64bit: - [2010/10/08 12:51:42 | 000,419,856 | ---- | M] (Avid) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AvidMboxMini.sys -- (MBOXMINI)
DRV:64bit: - [2010/09/14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/09/03 01:59:26 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/08/13 08:35:36 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/08/13 08:35:36 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/05/18 08:07:26 | 000,306,280 | ---- | M] (Mediafour Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\MDFSYSNT.SYS -- (MDFSYSNT)
DRV:64bit: - [2010/05/11 10:46:18 | 006,790,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/05/11 09:24:20 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/05/05 08:43:24 | 000,032,352 | ---- | M] (Mediafour Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\MDPMGRNT.SYS -- (MDPMGRNT)
DRV:64bit: - [2010/03/10 10:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2010/03/01 17:59:50 | 000,024,376 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cqcpu.sys -- (cqcpu)
DRV:64bit: - [2010/03/01 17:59:50 | 000,024,376 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cpqdfw.sys -- (CpqDfw)
DRV:64bit: - [2010/02/18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/12/30 10:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/12/22 04:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011/12/26 17:30:13 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111228.002\EX64.SYS -- (NAVEX15)
DRV - [2011/12/26 17:30:13 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111228.002\ENG64.SYS -- (NAVENG)
DRV - [2011/11/14 14:28:01 | 001,156,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111221.003\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/11/11 23:28:55 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/11/11 23:28:55 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/08/22 23:17:32 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111226.001\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3193119406-1769082486-1526078369-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-21-3193119406-1769082486-1526078369-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3193119406-1769082486-1526078369-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: messagestyle-blackened@addons.instantbird.org:0.9
FF - prefs.js..extensions.enabledItems: default-palette@celtx.com:1.0
FF - prefs.js..extensions.enabledItems: messagestyle-depth@addons.instantbird.org:1.1
FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.0
FF - prefs.js..extensions.enabledItems: messagestyle-minimal20@addons.instantbird.org:1.5
FF - prefs.js..extensions.enabledItems: emoticons-msn-smileys@m513901.de:0.1
FF - prefs.js..extensions.enabledItems: calendar-timezones@mozilla.org:0.1.2008d

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@ilok.com/iLokHelper,version=3.1.0.7: C:\Program Files (x86)\PACE Anti-Piracy\iLok\NPPaceILok.dll ( PACE Anti-Piracy, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2010/11/03 21:57:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/11/03 21:58:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/11/03 21:58:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011/09/28 10:14:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_4_3 [2011/12/28 18:11:31 | 000,000,000 | ---D | M]

[2011/07/24 08:04:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions
[2011/07/24 08:04:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions\celtx@celtx.com
[2011/07/24 08:03:15 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\CALENDAR-TIMEZONES@MOZILLA.ORG
[2011/07/24 08:03:15 | 000,000,000 | ---D | M] (Default Shot Palette) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\DEFAULT-PALETTE@CELTX.COM
[2011/07/24 08:03:15 | 000,000,000 | ---D | M] (MSN-Smileys) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\EMOTICONS-MSN-SMILEYS@M513901.DE
[2011/07/24 08:03:15 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\INSPECTOR@MOZILLA.ORG
[2011/07/24 08:03:15 | 000,000,000 | ---D | M] (Blackened) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\MESSAGESTYLE-BLACKENED@ADDONS.INSTANTBIRD.ORG
[2011/07/24 08:03:15 | 000,000,000 | ---D | M] (Depth) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\MESSAGESTYLE-DEPTH@ADDONS.INSTANTBIRD.ORG
[2011/07/24 08:03:15 | 000,000,000 | ---D | M] (Minimal) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\MESSAGESTYLE-MINIMAL20@ADDONS.INSTANTBIRD.ORG

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKU\S-1-5-21-3193119406-1769082486-1526078369-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-3193119406-1769082486-1526078369-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [MacDrive 8 application for Digidesign] C:\Program Files\Mediafour\MacDrive 8\MacDriveD.exe (Mediafour Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Pro Tools\MMERefresh.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3193119406-1769082486-1526078369-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3193119406-1769082486-1526078369-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3193119406-1769082486-1526078369-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3193119406-1769082486-1526078369-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/v ... .2.6.0.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{584781DB-88DF-4907-AD59-78BBA7AC9EF1}: DhcpNameServer = 192.168.15.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/27 02:33:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\VS Revo Group
[2011/12/27 02:32:53 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\Windows\SysNative\drivers\revoflt.sys
[2011/12/27 02:32:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2011/12/27 02:32:48 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/12/26 19:06:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2011/12/26 19:06:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/26 19:06:02 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/12/26 19:06:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/12/26 15:15:26 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/12/25 17:52:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/24 20:39:52 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Up
[2011/12/24 18:22:02 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Don't Go
[2011/12/22 17:03:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\WinPatrol
[2011/12/22 17:03:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
[2011/12/22 17:03:14 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2011/12/22 17:03:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BillP Studios
[2011/12/22 14:10:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/12/22 13:35:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com
[2011/12/22 13:35:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/12/22 13:35:08 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/12/22 10:15:57 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Anti-Malware
[2011/12/17 13:36:02 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Keep Your Love
[2011/12/15 22:27:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/12/15 22:26:24 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/12/15 22:26:24 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/12/15 22:26:24 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/12/15 22:03:21 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/12/15 21:52:44 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2011/12/15 03:01:31 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/12/15 03:01:31 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/12/15 03:01:31 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/12/15 03:01:31 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/12/15 03:01:30 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/12/15 03:01:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/12/15 03:01:29 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/12/15 03:01:29 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/12/15 03:01:29 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/12/15 03:01:29 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/12/15 03:01:29 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/12/14 15:38:59 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/12/14 15:38:53 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/12/14 15:38:53 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/12/11 14:02:42 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Memoirs beats
[2011/12/09 14:20:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2011/12/09 14:18:41 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/12/02 19:06:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011/12/02 19:05:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2011/12/02 19:04:58 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/12/01 15:49:47 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Flew Too High
[2011/11/29 09:21:50 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Threw it on the ground 2
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/28 18:44:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/28 18:18:57 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/28 18:18:57 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/28 18:15:44 | 000,727,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/28 18:15:44 | 000,624,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/28 18:15:44 | 000,106,502 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/28 18:11:33 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/28 18:11:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/28 18:11:11 | 334,979,071 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/27 21:28:23 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/27 02:32:55 | 000,001,103 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2011/12/27 02:32:55 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2011/12/25 21:47:20 | 000,025,367 | ---- | M] () -- C:\Users\User\Documents\Dexter Fanfic.odt
[2011/12/24 16:29:30 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForUSER-HP$.job
[2011/12/23 22:50:13 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForUser.job
[2011/12/23 16:39:52 | 000,001,111 | ---- | M] () -- C:\Users\User\Desktop\msert - Shortcut.lnk
[2011/12/22 13:35:12 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/22 12:48:47 | 000,000,100 | ---- | M] () -- C:\index.ini
[2011/12/22 10:16:12 | 000,001,121 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2011/12/15 22:26:10 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/12/15 22:26:10 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/12/15 22:26:10 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/12/15 22:26:10 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/12/15 22:03:21 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/12/15 13:45:47 | 000,002,346 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/12/15 04:11:08 | 004,872,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/12/05 18:22:34 | 000,001,091 | ---- | M] () -- C:\Users\User\Desktop\NPE - Shortcut.lnk
[2011/12/05 18:08:50 | 000,013,361 | ---- | M] () -- C:\Users\User\Desktop\sp51943 - Shortcut.lnk
[2011/12/02 19:18:41 | 000,159,706 | ---- | M] () -- C:\Windows\SysNative\log.xml
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/27 02:32:55 | 000,001,103 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2011/12/27 02:32:54 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2011/12/26 19:06:06 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/23 16:39:52 | 000,001,111 | ---- | C] () -- C:\Users\User\Desktop\msert - Shortcut.lnk
[2011/12/22 13:35:12 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/22 12:30:40 | 000,000,100 | ---- | C] () -- C:\index.ini
[2011/12/22 10:16:12 | 000,001,121 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2011/12/19 22:03:27 | 000,025,367 | ---- | C] () -- C:\Users\User\Documents\Dexter Fanfic.odt
[2011/12/05 18:22:33 | 000,001,091 | ---- | C] () -- C:\Users\User\Desktop\NPE - Shortcut.lnk
[2011/12/05 18:08:50 | 000,013,361 | ---- | C] () -- C:\Users\User\Desktop\sp51943 - Shortcut.lnk
[2011/09/10 08:11:50 | 000,007,597 | ---- | C] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg
[2011/05/29 22:56:26 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2011/05/16 14:26:37 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/09 22:59:14 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2010/11/03 22:16:24 | 000,002,110 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/11/03 21:19:56 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/09/21 12:30:44 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/09/22 19:39:07 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Blio
[2011/08/21 00:07:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/08/20 18:26:09 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/12/26 17:20:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Digidesign
[2011/07/24 08:04:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Greyfirst
[2011/08/23 06:21:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\gtk-2.0
[2011/08/20 16:53:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ooVoo Details
[2011/04/18 07:42:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org
[2011/04/18 10:23:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PACE Anti-Piracy
[2011/12/26 17:10:57 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SoftGrid Client
[2011/11/30 16:06:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Spotify
[2011/09/30 21:39:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Tific
[2011/05/16 14:27:20 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TP
[2011/04/18 10:24:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Trillium Lane
[2011/10/05 22:29:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WinBatch
[2011/12/22 17:03:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WinPatrol
[2011/12/22 16:18:23 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 1144 bytes -> C:\ProgramData\Microsoft:ivYMonH7YB2k2tOsR7CZyjM756EQ
@Alternate Data Stream - 1083 bytes -> C:\ProgramData\Microsoft:RGmIqnJMFOr5MBsGhnukzj9n

< End of report >
newjackridi
Regular Member
 
Posts: 82
Joined: December 22nd, 2011, 5:35 pm

Re: Need Help With HiJackThis Log: Not computer literate! PL

Unread postby newjackridi » December 28th, 2011, 8:23 pm

OTL Extras logfile created on: 12/28/2011 6:35:20 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\User\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 4.10 Gb Available Physical Memory | 71.39% Memory free
11.50 Gb Paging File | 9.51 Gb Available in Paging File | 82.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.15 Gb Total Space | 780.61 Gb Free Space | 85.02% Space Free | Partition Type: NTFS
Drive D: | 13.26 Gb Total Space | 1.63 Gb Free Space | 12.30% Space Free | Partition Type: NTFS

Computer Name: USER-HP | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{01C898E1-38A7-49B1-9398-49E40636E2C5}" = Avid HD Driver (x64)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x64
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{28D77718-AB40-E3B0-E8B3-FC116733A8EC}" = AMD Fuel
"{3165EA9B-36CC-499B-96FF-36FC30E10EF4}" = License Support
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5984CE26-CF4A-4564-9511-D49589C8FE9E}" = Digidesign HFS+ Disk Support
"{5B0E60DB-7741-412F-88B3-E6975D30D019}" = Visual C++ 64-bit Redistributables
"{5F146AD2-9F9B-5284-CD9D-40C881E3ACEC}" = ATI Problem Report Wizard
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.7
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E9405C3-4A81-A757-1670-56B202B46F3C}" = ATI Catalyst Install Manager
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}" = HP MediaSmart SmartMenu
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B9F2C1A5-4080-4F9B-B3EA-A182DAD69A85}" = Avid Mbox Mini Driver 1.0.6 (x64)
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{EC68FF2E-B3B9-5FE3-7CEA-EB9F11E35C80}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F9242D4E-09E7-45C7-A53A-83375D0FAD42}" = Avid Mbox 2 USB Drivers (x64)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{0EF1A184-EF65-C37A-4A0B-C612EE8A93D2}" = Catalyst Control Center InstallProxy
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{27DB7300-9E75-FE1C-E2D0-0D22BB6175E0}" = CCC Help Danish
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{30C57796-858D-AA2B-85E4-AE805D68DC4D}" = CCC Help Korean
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{39C45959-76CF-A998-48BE-B49468D6C22F}" = CCC Help Thai
"{3A73C1A2-67B0-FFA3-50DC-A20F1108C08C}" = CCC Help Greek
"{3BB2CF34-1FC8-46E2-9D64-4A8D1D577549}" = Avid Pro Tools Creative Collection 9.0.5
"{3C61B7BD-981C-DFCF-C77D-F852A7D08DD9}" = CCC Help Spanish
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software
"{47E3E895-A798-433E-C440-A4805A5FDA10}" = CCC Help English
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53469506-A37E-4314-A9D9-38724EC23A75}" = HP Setup
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{67E88DA1-E3B7-AED7-AF6C-5D5FB7BC47CB}" = CCC Help Finnish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
"{7041C0CA-92D9-5E56-0CAD-552A3250652D}" = CCC Help French
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72E5C6B2-59C3-694C-27B7-21C910F24428}" = CCC Help Norwegian
"{75882478-B0CA-CF91-01D2-91FFB8EC0FAA}" = HydraVision
"{76341DEA-A1BC-F84F-58CD-1D0FAFDD2301}" = Catalyst Control Center Localization All
"{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79872596-B887-E700-8D56-CADBC78BA5DE}" = Adobe Download Assistant
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
"{81E970B6-6615-82B4-AC79-26EFB0749E3E}" = CCC Help Hungarian
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86FAA380-5CB7-4D55-029B-32AD650CB142}" = CCC Help Italian
"{87156DCA-AF4C-5F12-94A7-BCB5D9E92E13}" = CCC Help German
"{87F17692-2C1A-429C-9A77-7DB1E16F6EF9}" = Catalyst Control Center - Branding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D1F8068-D0AD-B84C-AD8A-3E97A98BCCB1}" = CCC Help Swedish
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{90D3946F-869E-5B31-1590-7669700FB37B}" = CCC Help Turkish
"{912CED74-88D3-4C5B-ACB0-13231864975D}" = PressReader
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AC6C5D6-91B1-439B-8695-864C058E0BE6}" = Avid Pro Tools 9.0.5
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A24C2C43-4312-493E-96B3-5D1DCE24DEBF}" = Avid Free DigiRack Plug-Ins 9.0.5
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{C2AF7B2D-7018-414B-9B8B-D3C9F3BED04F}" = Visual C++ Redistributables
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C5A75273-F01A-4E87-B64F-66F7163C99CA}" = CCC Help Japanese
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8E3F3C9-AC0C-43A2-1AB7-D2D83EF68211}" = CCC Help Portuguese
"{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB491E58-DE63-17A9-1992-78DF639A88D5}" = CCC Help Russian
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC5FF599-AFB0-EF94-5786-C49B138B106B}" = CCC Help Chinese Traditional
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD6905D5-6B2A-1088-FDB2-77E4FBD7BB9D}" = CCC Help Chinese Standard
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{DEA491FB-48BC-4B6B-8902-FCD4BAB069BE}" = iLok Client Helper
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E23FC608-7808-6573-FBC3-47F3F78F07E8}" = CCC Help Czech
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4BB2289-65F7-28A8-D0D5-26CB389EC688}" = CCC Help Polish
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E92418A7-C81C-9917-E322-ABEC0E689BB9}" = AMD VISION Engine Control Center
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F44C5224-EACA-EED8-143D-7240B2FE9322}" = CCC Help Dutch
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Celtx (2.9.1)" = Celtx (2.9.1)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Google Chrome" = Google Chrome
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{3165EA9B-36CC-499B-96FF-36FC30E10EF4}" = License Support
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{5B0E60DB-7741-412F-88B3-E6975D30D019}" = Visual C++ 64-bit Redistributables
"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"InstallShield_{C2AF7B2D-7018-414B-9B8B-D3C9F3BED04F}" = Visual C++ Redistributables
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{DEA491FB-48BC-4B6B-8902-FCD4BAB069BE}" = iLok Client Helper
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Kobo" = Kobo
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"My HP Game Console" = HP Game Console
"N360" = Norton 360
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PDF Complete" = PDF Complete Special Edition
"Spotify" = Spotify
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087335" = Build-a-lot 2
"WT087343" = Dora's World Adventure
"WT087360" = Escape Rosecliff Island
"WT087361" = FATE
"WT087362" = Final Drive Nitro
"WT087372" = Heroes of Hellas 2 - Olympia
"WT087379" = Jewel Quest Solitaire 2
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087414" = Virtual Families
"WT087415" = Wheel of Fortune 2
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089299" = Mystery P.I. - The London Caper
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/11/2011 7:32:54 PM | Computer Name = User-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .

Error - 11/11/2011 7:32:54 PM | Computer Name = User-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .

Error - 11/11/2011 7:32:54 PM | Computer Name = User-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .

Error - 11/11/2011 7:32:54 PM | Computer Name = User-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .

Error - 11/12/2011 12:07:54 AM | Computer Name = User-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .

Error - 11/12/2011 12:08:09 AM | Computer Name = User-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .

Error - 11/12/2011 12:08:10 AM | Computer Name = User-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .

Error - 11/14/2011 7:46:31 PM | Computer Name = User-HP | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d76255d Faulting module name: SYMHTML.DLL, version: 5.6.0.3, time
stamp: 0x4d6eb591 Exception code: 0xc0000005 Fault offset: 0x0007af0b Faulting process
id: 0x5d4 Faulting application start time: 0x01cca327a0d11097 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\SYMHTML.DLL Report Id: e02d0f21-0f1a-11e1-bf60-643150311f13

Error - 11/15/2011 4:42:20 PM | Computer Name = User-HP | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1358 Start
Time: 01cca3d07ad72d29 Termination Time: 16 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id:

Error - 11/19/2011 6:11:35 AM | Computer Name = User-HP | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1148 Start
Time: 01cca67938b31876 Termination Time: 65 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id:

[ Hewlett-Packard Events ]
Error - 6/10/2011 2:15:56 PM | Computer Name = User-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\061110021552.xml
File not created by asset agent

Error - 12/2/2011 8:15:03 PM | Computer Name = User-HP | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 at System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) at System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) at System.Activator.CreateInstance(Type
type, Boolean nonPublic) at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic)

at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib

Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 5887 Ram
Utilization: 20 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)

[ System Events ]
Error - 12/28/2011 4:34:22 AM | Computer Name = User-HP | Source = Service Control Manager | ID = 7000
Description = The AMD External Events Utility service failed to start due to the
following error: %%2

Error - 12/28/2011 4:34:50 AM | Computer Name = User-HP | Source = Service Control Manager | ID = 7000
Description = The AODDriver4.0 service failed to start due to the following error:
%%3

Error - 12/28/2011 3:52:16 PM | Computer Name = User-HP | Source = Service Control Manager | ID = 7000
Description = The AMD External Events Utility service failed to start due to the
following error: %%2

Error - 12/28/2011 3:52:38 PM | Computer Name = User-HP | Source = Service Control Manager | ID = 7000
Description = The AODDriver4.0 service failed to start due to the following error:
%%3

Error - 12/28/2011 5:08:04 PM | Computer Name = User-HP | Source = Service Control Manager | ID = 7000
Description = The AMD External Events Utility service failed to start due to the
following error: %%2

Error - 12/28/2011 5:08:20 PM | Computer Name = User-HP | Source = Service Control Manager | ID = 7000
Description = The AODDriver4.0 service failed to start due to the following error:
%%3

Error - 12/28/2011 5:08:23 PM | Computer Name = User-HP | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 12/28/2011 5:08:23 PM | Computer Name = User-HP | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 12/28/2011 7:11:18 PM | Computer Name = User-HP | Source = Service Control Manager | ID = 7000
Description = The AMD External Events Utility service failed to start due to the
following error: %%2

Error - 12/28/2011 7:11:54 PM | Computer Name = User-HP | Source = Service Control Manager | ID = 7000
Description = The AODDriver4.0 service failed to start due to the following error:
%%3


< End of report >
newjackridi
Regular Member
 
Posts: 82
Joined: December 22nd, 2011, 5:35 pm

Re: Need Help With HiJackThis Log: Not computer literate! PL

Unread postby newjackridi » December 29th, 2011, 1:19 am

I would just like to tell Gary R that my OTL logs are above Jangus 22's post.
newjackridi
Regular Member
 
Posts: 82
Joined: December 22nd, 2011, 5:35 pm

Re: Need Help With HiJackThis Log: Not computer literate! PL

Unread postby Gary R » December 29th, 2011, 3:35 am

I see you've installed RevoUninstaller please don't install programs while we're trying to find out what's wrong with your machine, it only makes analysing things more time consuming, and adding new programs to a potentially infected machine may make it unstable.

When you say your computer has been acting differently, what exactly do you mean ?

Nothing particularly showing in your latest OTL logs, so we'll run some more scans.

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:Files
C:\ProgramData\Ask
C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
ipconfig /flushdns /c

:OTL
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
@Alternate Data Stream - 1144 bytes -> C:\ProgramData\Microsoft:ivYMonH7YB2k2tOsR7CZyjM756EQ
@Alternate Data Stream - 1083 bytes -> C:\ProgramData\Microsoft:RGmI

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Next

  • Download aswMBR.exe to your desktop.
  • Double click aswMBR.exe to run it
Image
  • Click the SCAN button to start the scan.
Image
  • On completion of the scan click SAVE LOG and save it to your desktop.
  • Post the log contents in your next reply please.

If aswMBR finds anything, DO NOT TRY TO FIX IT at this time.

I'd like to see if there are any remnants from Emsisoft still on your computer ....

Please download SystemLook from one of the links below and save it to your Desktop.

For 32 bit Systems
Download Mirror #1
Download Mirror #2


For 64 bit Systems
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
Code: Select all
:Filefind
emsisoft
a2

:Folderfind
emsisoft
a2

:Regfind
emsisoft
a2

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Summary of the logs I need from you in your next post:
  • Latest OTL log
  • aswMBR log
  • SystemLook log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.

DO NOT MAKE ANY OTHER MATERIAL CHANGES TO YOUR COMPUTER UNTIL WE'RE SURE IT'S CLEAN.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21866
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Need Help With HiJackThis Log: Not computer literate! PL

Unread postby newjackridi » December 29th, 2011, 4:17 am

========== FILES ==========
C:\ProgramData\Ask\APN-Stub folder moved successfully.
C:\ProgramData\Ask folder moved successfully.
C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\User\Downloads\cmd.bat deleted successfully.
C:\Users\User\Downloads\cmd.txt deleted successfully.
========== OTL ==========
C:\Windows\SysNative\SET8E7.tmp deleted successfully.
ADS C:\ProgramData\Microsoft:ivYMonH7YB2k2tOsR7CZyjM756EQ deleted successfully.
Unable to delete ADS C:\ProgramData\Microsoft:RGmI .

OTL by OldTimer - Version 3.2.31.0 log created on 12292011_031156
newjackridi
Regular Member
 
Posts: 82
Joined: December 22nd, 2011, 5:35 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 35 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware