Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Contracted iLivid and other malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Contracted iLivid and other malware

Unread postby EnglishSettlement » October 16th, 2012, 11:51 pm

Askey127, I have one other question:

This afternoon, suddenly my Windows Live Mail isn't working properly: it seems to pull email just fine, but the preview window is blank, and when I open an email to view, the body is blank. It seems to get hung up, and the little blue processing wheel just spins when I have the cursor in the body of the email.

Wondering if that could possibly be a side-effect related to anything we've done the past couple days. It seems to have just started today. Any ideas?

I'll update and run Norton now.
EnglishSettlement
Regular Member
 
Posts: 23
Joined: October 14th, 2012, 1:53 am
Advertisement
Register to Remove

Re: Contracted iLivid and other malware

Unread postby askey127 » October 17th, 2012, 8:39 am

Thank you.
It's more complicated to uninstall Constant Guard using OTL, but if you have trouble getting it to go, let me know.

Sometimes when a program does not Uninstall properly, you can use Revo Uninstaller to do the job.
Revo Uninstaller Freeware is here: http://www.revouninstaller.com/revo_uninstaller_free_download.html
It is very thorough.

About Live Mail:
We have not done anything to disrupt Live mail. I cannot be sure about the effects of Constant Guard.
One user said it wiped out the fingerprint ID app on his laptop.

I will tell you that the failure happened to me and others while using Live Mail.
I ended up installing Thunderbird instead, because I couldn't get satisfactory answers or remedies.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Contracted iLivid and other malware

Unread postby EnglishSettlement » October 18th, 2012, 2:44 am

Askey127, I'd like to update you on a couple things, and if you'll indulge me one more step, show the current logs.

First, I obeyed Microsoft and called HP re: the issue I was having with Windows Live Mail. Despite my (better?) judgment, I listened to the tech and reverted to a restore point from 10/14/12, the last showing before the email problems began (but after the malware infection). I explained the malware we had diligently tried to remove, and he assured me that it would not recur. Well, I got email working again, but when I did a new DDS, and SystemLook, it appeared that the malware was still showing, specifically MusicOasis, Tarma Installer, Yahoo! & Companion, and Searchqu.

I did manage to then remove two Poker games from WildTangent, using RevoUninstall, as well as Constant Guard and that Coupon thing (which was a bear because it had left remnants in a number of places). I then retraced every step that you'd given me from the beginning, this time in one sitting, rebooting at every point you asked. If I am reading logs right, it looks like I got rid of or moved via OTL a number of them, but Yahoo!, Searchqu, MusicOasis, and Yontoo may be lingering.

Here is the most recent SystemLook log. I had modified the search parameters to include some of the new malware filenames that I got that were not in the original. Would you mind looking them over and giving your opinion, please? Thanks again, ES


SystemLook 30.07.11 by jpshortstuff
Log created at 00:34 on 18/10/2012 by MEACB Fam Desktop
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*Tarma*"
No files found.

Searching for "*Yahoo!*"
No files found.

Searching for "*MusicOasis*"
No files found.

Searching for "*Default Search*"
No files found.

Searching for "*Yontoo*"
No files found.

Searching for "*Yontoo 1.10.02*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*Tarma*"
C:\_OTL\MovedFiles\10162012_150131\C_ProgramData\Tarma Installer d------ [22:45 12/10/2012]
C:\_OTL\MovedFiles\10172012_232355\C_ProgramData\Tarma Installer d------ [22:45 12/10/2012]

Searching for "*Yahoo!*"
C:\Program Files (x86)\Yahoo! d------ [22:45 12/10/2012]
C:\ProgramData\Yahoo! d------ [22:45 12/10/2012]
C:\Users\All Users\Yahoo! d------ [22:45 12/10/2012]
C:\Users\MEACB Fam Desktop\AppData\LocalLow\Yahoo! d------ [22:45 12/10/2012]
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo! d------ [22:52 12/10/2012]
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo! Companion d------ [22:52 12/10/2012]

Searching for "*MusicOasis*"
C:\_OTL\MovedFiles\10162012_150131\C_Users\MEACB Fam Desktop\AppData\Roaming\MusicOasis d------ [22:46 12/10/2012]

Searching for "*Default Search*"
No folders found.

Searching for "*Yontoo*"
No folders found.

Searching for "*Yontoo 1.10.02*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchnu"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
No data found.

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
No data found.

Searching for "Tarma"
[HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer]

Searching for "Yahoo!"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}]
"DisplayName"="Yahoo! Search"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}\1.0\0\win32]
@="C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\visic_coupon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}\1.0\HELPDIR]
@="C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}\InprocServer32]
@="C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\visic_coupon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}\InprocServer32]
@="C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\visic_coupon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}\1.0\0\win32]
@="C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\visic_coupon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}\1.0\HELPDIR]
@="C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar]
@="Yahoo! Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1]
@="Yahoo! Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Yahoo\Companion]
"Apptitle"="Yahoo! Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}\InprocServer32]
@="C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\visic_coupon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}\InprocServer32]
@="C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\visic_coupon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}\1.0\0\win32]
@="C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\visic_coupon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}\1.0\HELPDIR]
@="C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0"
[HKEY_USERS\S-1-5-21-2241471103-1476502067-508736179-1000\Software\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}]
"DisplayName"="Yahoo! Search"

Searching for "MusicOasis"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\65e6b425_0]
@="{0.0.0.00000000}.{634460aa-a2d3-4d7e-afcc-3685c6da8611}|\Device\HarddiskVolume2\Program Files (x86)\MusicOasis\MusicOasis.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-2241471103-1476502067-508736179-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\65e6b425_0]
@="{0.0.0.00000000}.{634460aa-a2d3-4d7e-afcc-3685c6da8611}|\Device\HarddiskVolume2\Program Files (x86)\MusicOasis\MusicOasis.exe%b{00000000-0000-0000-0000-000000000000}"

Searching for "Default Search"
No data found.

Searching for "Yontoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Products\{361E80BE-388B-4270-BF54-A10C2B756504}]
"TizPath"="C:\Users\MEACBF~1\AppData\Local\Temp\pkg_162b19f00\yontoo-c1_2.exe"

Searching for "Yontoo 1.10.02"
No data found.

-= EOF =-
EnglishSettlement
Regular Member
 
Posts: 23
Joined: October 14th, 2012, 1:53 am

Re: Contracted iLivid and other malware

Unread postby EnglishSettlement » October 18th, 2012, 2:58 am

askey127,

After every step in doing this whole process again, I checked Windows Live Mail to make sure it continued to work (i.e., my emails were previewable and could be opened and read), and it behaved normally. However, I neglected to after the last couple of steps (including the last run of OTL Run Fix and Quick Search, and run of SystemLook).

Now, once again, Windows Live Mail stopped working right--the same problem: emails come in, but are blank, and can't be open and viewed. The "processing" circle just keeps spinning around when the cursor is placed in the email body. I'm at a loss! Any ideas?

Here are the logs from the OTL Run Fix and OTL.Txt

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ not found.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}\ deleted successfully.
C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B84CDBE7-1B46-494B-A188-01D4C52DEB61}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B84CDBE7-1B46-494B-A188-01D4C52DEB61}\ not found.
File C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.12.1002.3\NativeBHO.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}\ deleted successfully.
C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll moved successfully.
HKEY_USERS\S-1-5-21-2241471103-1476502067-508736179-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2241471103-1476502067-508736179-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2241471103-1476502067-508736179-1003\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_USERS\S-1-5-21-2241471103-1476502067-508736179-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
HKEY_USERS\S-1-5-21-2241471103-1476502067-508736179-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2241471103-1476502067-508736179-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2241471103-1476502067-508736179-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
========== FILES ==========
File\Folder C:\ProgramData\WeCareReminder not found.
File\Folder C:\Users\MEACB Fam Desktop\AppData\Roaming\MusicOasis not found.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} folder moved successfully.
C:\ProgramData\Tarma Installer folder moved successfully.
File\Folder C:\Users\All Users\Tarma Installer not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\_OTL\MovedFiles\cmd.bat deleted successfully.
C:\_OTL\MovedFiles\cmd.txt deleted successfully.
========== REGISTRY ==========
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\65e6b425_0\\@|"" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\musicoasis_d165409_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\musicoasis_d165409_RASMANCS\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\MusicOasis_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\MusicOasis_RASMANCS\ deleted successfully.
HKEY_USERS\S-1-5-21-2241471103-1476502067-508736179-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\65e6b425_0\\@|"" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Products\{361E80BE-388B-4270-BF54-A10C2B756504} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-1818_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-1818_RASMANCS\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\ not found.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: MEACB Fam Desktop
->Java cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: MEACB Fam Desktop
->Flash cache emptied: 506 bytes

User: Public

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: MEACB Fam Desktop
->Temp folder emptied: 5347 bytes
->Temporary Internet Files folder emptied: 1337072 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8824 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10172012_232355

Files\Folders moved on Reboot...
C:\Users\MEACB Fam Desktop\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


OTL logfile created on: 10/17/2012 11:37:31 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\_OTL\MovedFiles
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.98 Gb Total Physical Memory | 4.29 Gb Available Physical Memory | 71.69% Memory free
11.96 Gb Paging File | 10.12 Gb Available in Paging File | 84.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.31 Gb Total Space | 847.98 Gb Free Space | 92.24% Space Free | Partition Type: NTFS
Drive D: | 12.11 Gb Total Space | 1.48 Gb Free Space | 12.25% Space Free | Partition Type: NTFS

Computer Name: MEACBFAMDESKTOP | User Name: MEACB Fam Desktop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/17 13:16:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\_OTL\MovedFiles\OTL.exe
PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/08/05 14:59:56 | 000,686,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe
PRC - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/07 01:08:00 | 002,458,944 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/06/17 12:24:24 | 000,445,232 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe
PRC - [2011/06/17 12:24:14 | 000,129,840 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2011/06/09 07:37:18 | 000,264,008 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
PRC - [2011/06/09 07:37:00 | 000,653,128 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
PRC - [2011/06/09 07:36:34 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
PRC - [2011/04/16 18:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe
PRC - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/03/23 11:16:38 | 000,136,488 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Cyberlink\YouCam\YCMMirage.exe
PRC - [2011/03/09 16:47:08 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2011/02/25 12:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/24 02:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2011/02/01 15:41:24 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 15:41:20 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2011/02/15 13:59:00 | 000,015,624 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP My Display\ACPIDll.dll


========== Services (SafeList) ==========

SRV:64bit: - [2011/10/23 14:50:28 | 000,309,760 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/10/11 04:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/02 19:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/07 01:08:00 | 002,458,944 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/06/17 12:24:14 | 000,129,840 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2011/06/09 07:37:18 | 000,264,008 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)
SRV - [2011/04/16 18:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/03/09 16:47:08 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2011/03/07 17:43:30 | 002,375,168 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/03/01 23:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 12:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/24 02:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2011/02/01 15:41:24 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 15:41:20 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/01 17:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 10:50:16 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/12/07 05:31:02 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv)
DRV:64bit: - [2011/12/07 05:07:06 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/12/07 05:07:06 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/10/23 14:50:28 | 000,535,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/05/04 18:44:00 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/04/22 04:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/21 19:46:54 | 001,360,960 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2011/04/21 06:07:22 | 000,399,944 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci)
DRV:64bit: - [2011/04/21 06:07:22 | 000,131,656 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3)
DRV:64bit: - [2011/04/20 19:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/03/30 21:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 21:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011/03/23 11:17:06 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011/03/14 20:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/01/27 00:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symds64.sys -- (SymDS)
DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/15 19:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/11/06 02:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/19 18:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/07/13 06:57:08 | 000,069,736 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2010/01/18 17:40:26 | 000,004,608 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcmirror.sys -- (rcmirror)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 14:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2012/10/17 13:03:48 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121016.021_e49\ex64.sys -- (NAVEX15)
DRV - [2012/10/17 13:03:48 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121016.021_e49\eng64.sys -- (NAVENG)
DRV - [2012/10/16 15:30:32 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121017.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/31 16:09:13 | 001,385,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120928.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/08/10 20:58:50 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/10 20:58:50 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{6C1FCA4D-F277-41F1-8E37-B6A2DC20C973}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea ... -keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572 ... com/?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{6C1FCA4D-F277-41F1-8E37-B6A2DC20C973}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea ... -keywords={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572 ... com/?_nkw={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20121041,17118,0,18,0
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572 ... com/?_nkw={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/10/17 13:00:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_13_2 [2012/10/17 23:26:36 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [DT HPO] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe (Portrait Displays, Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/CSMWeb/Custo ... anager.CAB (Hewlett-Packard Online Support Services)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B4FA6AB-AAEC-4DAB-9708-67B1E14BAEF8}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/17 20:27:16 | 000,000,000 | ---D | C] -- C:\2bb62fecf984874382aa8dc1
[2012/10/17 14:06:31 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Roaming\Roxio Log Files
[2012/10/17 13:22:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/10/17 13:02:50 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{B6349ED2-3BED-4CB0-AFD2-6549489530F0}
[2012/10/17 12:04:36 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{2E621614-3817-4A43-AC9F-811EB136D6ED}
[2012/10/16 14:48:44 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{23A4C51B-6A16-4496-A9B1-60C4919FC2F5}
[2012/10/15 23:41:06 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{1034BE7F-EA50-4575-B569-0C2757556D23}
[2012/10/15 11:15:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/15 08:07:05 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{08669D63-1A8B-4BB4-B424-695C89C3DB84}
[2012/10/14 10:54:24 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{792061C5-E1CB-47A9-97F2-35FDD37EB362}
[2012/10/14 00:10:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/10/14 00:10:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/10/14 00:10:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/10/14 00:09:22 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/10/13 23:20:58 | 000,000,000 | ---D | C] -- C:\Program Files\Anti-Malware
[2012/10/13 21:49:29 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Roaming\Malwarebytes
[2012/10/13 21:49:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/13 21:49:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/13 21:49:17 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/10/13 21:49:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/10/13 14:45:08 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{63AA384D-553B-4472-BF60-9A70DF3EDBE7}
[2012/10/13 01:56:19 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\Kobo
[2012/10/13 01:51:02 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Roaming\ZinioReader4
[2012/10/13 01:29:40 | 000,000,000 | ---D | C] -- C:\ProgramData\PDFC
[2012/10/13 01:21:26 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\VS Revo Group
[2012/10/13 01:21:21 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/10/13 00:29:38 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{31883C3D-FB5A-467B-8AF3-8288EB9C0192}
[2012/10/12 21:36:44 | 000,000,000 | ---D | C] -- C:\ID Vault
[2012/10/12 21:32:59 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\NPE
[2012/10/12 16:45:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2012/10/12 16:45:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2012/10/12 07:37:18 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{92AFC30E-490D-47F8-A34B-662B1FB5361F}
[2012/10/11 12:53:38 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{21D83205-9715-46B0-921E-971BF4974DCF}
[2012/10/11 12:49:48 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\Documents\OneNote Notebooks
[2012/10/10 20:01:04 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{0E008CF5-7F29-4429-9671-A608607FBEC0}
[2012/10/10 06:54:34 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{726B5BC4-21D0-4481-B20B-625E37C724F2}
[2012/10/09 14:58:06 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{52078DA1-A0D0-40D6-AA11-A388BB0E4507}
[2012/10/08 19:54:53 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{0FC9DBB8-7336-4418-8275-6286A39D1416}
[2012/10/08 07:54:30 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{A4BFB3DE-DB14-44CD-AAA0-6418EA2A1AE6}
[2012/10/07 19:37:24 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{35D6BD80-AAF1-497B-8BB7-4CC6699718FC}
[2012/10/06 09:21:58 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{3B819532-50AE-4940-94D0-ED23149C126B}
[2012/10/05 09:06:14 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{9CD3C714-06ED-4A67-8B98-A328D02DD67A}
[2012/10/04 16:36:59 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{51A1563E-80BD-43A5-9941-7317A4D2FE32}
[2012/10/03 20:06:57 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{07CD33FE-379E-4E64-818F-1CD4C884F0FA}
[2012/10/03 08:06:34 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{11FD3448-0873-4D2F-BB75-E181EC7E6E11}
[2012/10/02 18:40:47 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{B7D81391-FEAA-430F-98AA-F8F9F04FF4C3}
[2012/10/02 06:28:04 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{F7369093-D213-4B08-AE47-B748E55842E3}
[2012/10/01 16:21:40 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{5080F52E-1A1F-4F73-B8D5-551B5FCB26A8}
[2012/09/30 22:30:40 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{CAD513A3-ADEB-4B8A-AE73-820F2FC2A144}
[2012/09/30 09:09:19 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{D9A77CCE-8062-4196-A668-E8E9BA94F744}
[2012/09/29 18:20:39 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{32578E33-2483-4379-A6EA-9199AD0A97B0}
[2012/09/28 12:31:46 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{23384781-F390-4ACC-8195-14D9185C7272}
[2012/09/27 21:43:19 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{9C4A0F26-7E15-450D-8387-07E2DFD7B7A2}
[2012/09/27 09:42:56 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{73AD0A44-CB2F-4549-BDA8-9C0FDA1C0EC7}
[2012/09/25 18:50:47 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{3C0F2F73-6425-40BB-98A9-ABCC1ED2432C}
[2012/09/25 06:47:05 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{DCA2DE73-CDF8-4D29-9C85-5B5A2D9663FB}
[2012/09/24 09:33:52 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{CAA36B3A-27BE-42BF-A67F-7FFFFB3AAFE5}
[2012/09/23 10:01:21 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{01F34754-535B-4939-91A2-FF7A461425EA}
[2012/09/23 09:58:40 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/09/22 16:06:41 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{FEC5BD43-AD28-4CE9-A7FB-5A192B387C90}
[2012/09/22 07:16:14 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{B8C59C5E-4E13-4740-B7F6-149FB3D9CA30}
[2012/09/21 15:08:25 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{52E5FE43-8C32-4CBB-A8C8-AD82FB9B1E71}
[2012/09/20 19:10:18 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{DD5EDDF5-A423-49B8-B2D2-71430E5ACB5C}
[2012/09/20 17:15:47 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\Microsoft Help
[2012/09/20 17:15:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/09/20 06:44:07 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{69C7D921-4CD7-44AC-BF14-854F4D3D5E3B}
[2012/09/19 16:39:29 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{A96D65E8-B3B7-4F67-8F01-6D25A7023C78}
[2012/09/19 15:38:19 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{72656B01-D0FF-4FC1-9506-6CD8080610E0}
[2012/09/18 19:52:15 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{01643235-04E1-4EBF-AAC8-7E34F2451AC2}
[2012/09/18 07:51:53 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{26C90FC9-C2D3-4388-8494-CF8623B18926}

========== Files - Modified Within 30 Days ==========

[2012/10/17 23:34:01 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/17 23:34:01 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/17 23:31:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/17 23:26:53 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/17 23:26:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/17 23:25:59 | 521,396,223 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/17 22:20:19 | 000,001,513 | ---- | M] () -- C:\Users\MEACB Fam Desktop\Desktop\dds - Shortcut.lnk
[2012/10/17 21:01:43 | 000,001,747 | ---- | M] () -- C:\Users\MEACB Fam Desktop\Desktop\RevoUninPro - Shortcut.lnk
[2012/10/17 13:48:02 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMEACB Fam Desktop.job
[2012/10/17 13:47:53 | 000,307,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/10/17 13:23:08 | 000,000,971 | ---- | M] () -- C:\Users\MEACB Fam Desktop\Desktop\OTL - Shortcut.lnk
[2012/10/17 13:22:36 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/10/17 13:07:50 | 000,779,724 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/17 13:07:50 | 000,660,520 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/17 13:07:50 | 000,121,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/17 13:04:58 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\file.ext
[2012/10/12 19:12:14 | 000,181,650 | ---- | M] () -- C:\Users\MEACB Fam Desktop\Documents\DBD Movie2.wlmp
[2012/10/11 17:50:44 | 001,533,240 | ---- | M] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 020.jpg
[2012/10/11 17:49:53 | 000,000,945 | ---- | M] () -- C:\Users\MEACB Fam Desktop\Desktop\Picture 037 - Shortcut.lnk
[2012/09/23 09:58:37 | 2126,888,244 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/09/18 08:57:14 | 000,771,223 | ---- | M] () -- C:\Users\MEACB Fam Desktop\Documents\Milan fall 2012 roster.pdf

========== Files Created - No Company Name ==========

[2012/10/17 22:20:19 | 000,001,513 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Desktop\dds - Shortcut.lnk
[2012/10/17 21:01:43 | 000,001,747 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Desktop\RevoUninPro - Shortcut.lnk
[2012/10/17 13:23:08 | 000,000,971 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Desktop\OTL - Shortcut.lnk
[2012/10/12 21:59:20 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/10/11 18:19:40 | 122,882,498 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 154.avi
[2012/10/11 18:19:34 | 036,580,968 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 152.avi
[2012/10/11 18:19:23 | 002,089,281 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 128.jpg
[2012/10/11 18:19:07 | 002,208,060 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 114.jpg
[2012/10/11 18:19:03 | 002,320,199 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 111.jpg
[2012/10/11 18:17:02 | 001,872,253 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 059.jpg
[2012/10/11 18:16:57 | 000,885,101 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 055.jpg
[2012/10/11 18:16:49 | 001,141,104 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 036.jpg
[2012/10/11 18:16:19 | 000,939,057 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 028.jpg
[2012/10/11 18:16:04 | 000,972,686 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 014.jpg
[2012/10/11 18:15:50 | 001,949,389 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\GSCamp 2011 164.jpg
[2012/10/11 18:04:09 | 001,561,828 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 557.jpg
[2012/10/11 18:04:00 | 001,547,854 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 487.jpg
[2012/10/11 18:03:41 | 004,541,742 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 430.MOV
[2012/10/11 18:03:27 | 001,423,044 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 411.jpg
[2012/10/11 18:03:10 | 001,506,615 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 358.jpg
[2012/10/11 18:02:51 | 001,533,682 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 328.jpg
[2012/10/11 18:02:44 | 001,543,713 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 298.jpg
[2012/10/11 17:57:49 | 001,545,214 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 262.jpg
[2012/10/11 17:57:45 | 001,512,136 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 267.jpg
[2012/10/11 17:57:33 | 001,471,182 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 233.jpg
[2012/10/11 17:57:29 | 001,557,870 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 225.jpg
[2012/10/11 17:57:25 | 001,534,319 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 224.jpg
[2012/10/11 17:57:18 | 001,543,210 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 180.jpg
[2012/10/11 17:57:07 | 001,499,299 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 179.jpg
[2012/10/11 17:57:01 | 014,050,336 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 175.MOV
[2012/10/11 17:56:55 | 010,965,992 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 174.MOV
[2012/10/11 17:56:22 | 001,544,011 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 146.jpg
[2012/10/11 17:56:12 | 001,523,183 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 142.jpg
[2012/10/11 17:51:17 | 001,495,507 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 039.jpg
[2012/10/11 17:51:00 | 001,564,827 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 032.jpg
[2012/10/11 17:50:43 | 001,533,240 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 020.jpg
[2012/10/11 17:50:25 | 001,525,391 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 015.jpg
[2012/10/11 17:50:17 | 001,512,477 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 010.jpg
[2012/10/11 17:50:09 | 002,169,412 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 115.MOV
[2012/10/11 17:49:59 | 003,644,872 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 037.MOV
[2012/10/11 17:49:53 | 000,000,945 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Desktop\Picture 037 - Shortcut.lnk
[2012/10/11 17:44:03 | 002,104,812 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 072.MOV
[2012/10/11 15:41:08 | 000,181,650 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\DBD Movie2.wlmp
[2012/09/23 09:58:37 | 2126,888,244 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/09/18 08:57:14 | 000,771,223 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Milan fall 2012 roster.pdf
[2012/08/29 11:05:04 | 000,100,344 | ---- | C] () -- C:\Windows\HPBroker.dll
[2011/12/31 13:05:25 | 000,000,089 | ---- | C] () -- C:\Users\MEACB Fam Desktop\AppData\Local\msmathematics.qat.MEACB Fam Desktop
[2011/12/07 05:31:53 | 000,002,792 | ---- | C] () -- C:\Program Files\HP SimplePass 2011
[2011/07/24 15:50:36 | 000,305,256 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/06/21 02:07:00 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/06/07 11:08:58 | 000,045,056 | ---- | C] () -- C:\Windows\devenum.exe
[2011/06/07 11:08:58 | 000,024,576 | ---- | C] () -- C:\Windows\shortcut.exe
[2011/02/11 11:15:43 | 000,773,448 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/12/31 12:46:46 | 000,000,000 | ---D | M] -- C:\Users\MEACB Fam Desktop\AppData\Roaming\Blio
[2012/10/17 13:53:11 | 000,000,000 | ---D | M] -- C:\Users\MEACB Fam Desktop\AppData\Roaming\ID Vault
[2012/10/13 19:42:43 | 000,000,000 | ---D | M] -- C:\Users\MEACB Fam Desktop\AppData\Roaming\SoftGrid Client
[2012/01/04 22:28:32 | 000,000,000 | ---D | M] -- C:\Users\MEACB Fam Desktop\AppData\Roaming\TP
[2012/02/21 10:00:46 | 000,000,000 | ---D | M] -- C:\Users\MEACB Fam Desktop\AppData\Roaming\WinBatch
[2012/01/04 16:35:07 | 000,000,000 | ---D | M] -- C:\Users\MEACB Fam Desktop\AppData\Roaming\Windows Live Writer
[2012/10/13 01:51:02 | 000,000,000 | ---D | M] -- C:\Users\MEACB Fam Desktop\AppData\Roaming\ZinioReader4

========== Purity Check ==========



< End of report >
EnglishSettlement
Regular Member
 
Posts: 23
Joined: October 14th, 2012, 1:53 am

Re: Contracted iLivid and other malware

Unread postby askey127 » October 18th, 2012, 6:28 am

EnglishSettlement,
I'm not sure of what's going on with Windows Live Mail.
For example, DDS and SystemLook do nothing to the system whatever.

The sequence below should get rid of the Yahoo, etc.
Those ISearchquery helper items in the Registry are part of Windows, not searchqu.
Anything showing in the C:\OTL\Moved Files\ folder is already quarantined and will be removed later.

(If you hit the Clean Up button in OTL when you are really all done, it removes the quarantined items and most of our tools).
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :processes
    killallprocesses
    
    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Products\{361E80BE-388B-4270-BF54-A10C2B756504}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}\1.0\0\win32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}\1.0\HELPDIR]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}\InprocServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}\InprocServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}\1.0\0\win32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}\1.0\HELPDIR]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Yahoo\Companion]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}\InprocServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}\InprocServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}\1.0\0\win32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}\1.0\HELPDIR]
    [-HKEY_USERS\S-1-5-21-2241471103-1476502067-508736179-1000\Software\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\65e6b425_0]
    @=""
    [HKEY_USERS\S-1-5-21-2241471103-1476502067-508736179-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\65e6b425_0]
    @=""
    
    :Files
    C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo! Companion
    C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo!
    C:\Users\MEACB Fam Desktop\AppData\LocalLow\Yahoo!
    C:\Users\All Users\Yahoo!
    C:\ProgramData\Yahoo!
    C:\Program Files (x86)\Yahoo!
    ipconfig /flushdns /c
    
    :Commands
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, and click to allow the Reboot when it is done.
    When the computer Reboots, and you start your usual account, a Notepad text file will appear.
  • Copy the contents of that file and post it in your next reply.
    The file will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log
----------------------------------------------
After posting the Resulting log, Please Rescan as follows:
Open OTL again and click the Quick Scan button. Post the new log it produces, OTL.txt, in your next reply.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Contracted iLivid and other malware

Unread postby EnglishSettlement » October 19th, 2012, 12:18 am

Grazie, askey127, for translating the logs for me, and for sticking with me through this. I have no clue what could be messing up Live Mail, but it must be something in the steps we're doing since it has happened the same way twice. Needless to say, I won't be taking HP's advice of using a restore point. I'll try to get MS updates, and see if there's a way of reloading Live Mail or something.

By the way, after I ran the OTL fix and pasted its log below, I got a pop-up window asking if I wanted to run jucheck.exe from Oracle America, Inc. (and showing the Java cup logo). Not knowing what that was or if it were legit, I clicked NO.

I presume the files named Yahoo! and Yahoo! Companion are bogus and have nothing to do with Yahoo! but deviously are given those names as a decoy so people think they are harmless or actually from Yahoo?

Here's the OTL runfix log, followed by the QuickScan log. Oh, before running Quick Scan, I checked Scan All Users, LOP Check and Purity Check, but left the Extra Registry checked as None. If that was incorrect, please let me know and I'll uncheck them and re-run.

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== PROCESSES ==========
All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Products\{361E80BE-388B-4270-BF54-A10C2B756504}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{361E80BE-388B-4270-BF54-A10C2B756504}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}\1.0\0\win32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}\1.0\HELPDIR\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}\InprocServer32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}\InprocServer32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}\1.0\0\win32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}\1.0\HELPDIR\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Yahoo\Companion\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}\InprocServer32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}\InprocServer32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}\1.0\0\win32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}\1.0\HELPDIR\ not found.
Registry key HKEY_USERS\S-1-5-21-2241471103-1476502067-508736179-1000\Software\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\65e6b425_0\ deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\65e6b425_0\\@|"" /E : value set successfully!
HKEY_USERS\S-1-5-21-2241471103-1476502067-508736179-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\65e6b425_0\\@|"" /E : value set successfully!
========== FILES ==========
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo! Companion\Modules folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo! Companion\Media folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo! Companion\Icons\skins folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo! Companion\Icons\e folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo! Companion\Icons folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo! Companion\Download folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo! Companion\Data\default folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo! Companion\Data folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo! Companion folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo!\Companion\Buttons\Cache folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo!\Companion\Buttons folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo!\Companion folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo! folder moved successfully.
C:\Users\MEACB Fam Desktop\AppData\LocalLow\Yahoo!\Companion\Buttons\Cache folder moved successfully.
C:\Users\MEACB Fam Desktop\AppData\LocalLow\Yahoo!\Companion\Buttons folder moved successfully.
C:\Users\MEACB Fam Desktop\AppData\LocalLow\Yahoo!\Companion folder moved successfully.
C:\Users\MEACB Fam Desktop\AppData\LocalLow\Yahoo! folder moved successfully.
C:\Users\All Users\Yahoo! folder moved successfully.
File\Folder C:\ProgramData\Yahoo! not found.
C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0 folder moved successfully.
C:\Program Files (x86)\Yahoo!\Companion\Installs folder moved successfully.
C:\Program Files (x86)\Yahoo!\Companion\Data folder moved successfully.
C:\Program Files (x86)\Yahoo!\Companion folder moved successfully.
C:\Program Files (x86)\Yahoo!\Common folder moved successfully.
C:\Program Files (x86)\Yahoo! folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\_OTL\MovedFiles\cmd.bat deleted successfully.
C:\_OTL\MovedFiles\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 10182012_213842

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



Quick Scan Log:


OTL logfile created on: 10/18/2012 10:02:56 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\_OTL\MovedFiles
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.98 Gb Total Physical Memory | 4.26 Gb Available Physical Memory | 71.23% Memory free
11.96 Gb Paging File | 10.20 Gb Available in Paging File | 85.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.31 Gb Total Space | 848.02 Gb Free Space | 92.25% Space Free | Partition Type: NTFS
Drive D: | 12.11 Gb Total Space | 1.48 Gb Free Space | 12.25% Space Free | Partition Type: NTFS

Computer Name: MEACBFAMDESKTOP | User Name: MEACB Fam Desktop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/17 13:16:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\_OTL\MovedFiles\OTL.exe
PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/08/05 14:59:56 | 000,686,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe
PRC - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/07 01:08:00 | 002,458,944 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/06/17 12:24:24 | 000,445,232 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe
PRC - [2011/06/17 12:24:14 | 000,129,840 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2011/06/09 07:37:18 | 000,264,008 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
PRC - [2011/06/09 07:37:00 | 000,653,128 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
PRC - [2011/06/09 07:36:34 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
PRC - [2011/04/16 18:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe
PRC - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/03/23 11:16:38 | 000,136,488 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Cyberlink\YouCam\YCMMirage.exe
PRC - [2011/03/09 16:47:08 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2011/02/25 12:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/24 02:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2011/02/01 15:41:24 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 15:41:20 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2011/02/15 13:59:00 | 000,015,624 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP My Display\ACPIDll.dll


========== Services (SafeList) ==========

SRV:64bit: - [2011/10/23 14:50:28 | 000,309,760 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/10/11 04:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/02 19:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/07 01:08:00 | 002,458,944 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/06/17 12:24:14 | 000,129,840 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2011/06/09 07:37:18 | 000,264,008 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)
SRV - [2011/04/16 18:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/03/09 16:47:08 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2011/03/07 17:43:30 | 002,375,168 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/03/01 23:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 12:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/24 02:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2011/02/01 15:41:24 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 15:41:20 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/01 17:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 10:50:16 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/12/07 05:31:02 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv)
DRV:64bit: - [2011/12/07 05:07:06 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/12/07 05:07:06 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/10/23 14:50:28 | 000,535,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/05/04 18:44:00 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/04/22 04:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/21 19:46:54 | 001,360,960 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2011/04/21 06:07:22 | 000,399,944 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci)
DRV:64bit: - [2011/04/21 06:07:22 | 000,131,656 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3)
DRV:64bit: - [2011/04/20 19:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/03/30 21:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 21:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011/03/23 11:17:06 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011/03/14 20:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/01/27 00:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symds64.sys -- (SymDS)
DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/15 19:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/11/06 02:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/19 18:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/07/13 06:57:08 | 000,069,736 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2010/01/18 17:40:26 | 000,004,608 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcmirror.sys -- (rcmirror)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 14:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2012/10/17 13:03:48 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121017.019\ex64.sys -- (NAVEX15)
DRV - [2012/10/17 13:03:48 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/10/17 13:03:48 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121017.019\eng64.sys -- (NAVENG)
DRV - [2012/10/16 15:30:32 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121017.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/31 16:09:13 | 001,385,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120928.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/08/10 20:58:50 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{6C1FCA4D-F277-41F1-8E37-B6A2DC20C973}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea ... -keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572 ... com/?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{6C1FCA4D-F277-41F1-8E37-B6A2DC20C973}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea ... -keywords={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572 ... com/?_nkw={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2241471103-1476502067-508736179-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-21-2241471103-1476502067-508736179-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2241471103-1476502067-508736179-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-2241471103-1476502067-508736179-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-2241471103-1476502067-508736179-1000\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572 ... com/?_nkw={searchTerms}
IE - HKU\S-1-5-21-2241471103-1476502067-508736179-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2241471103-1476502067-508736179-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-2241471103-1476502067-508736179-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-21-2241471103-1476502067-508736179-1003\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-21-2241471103-1476502067-508736179-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-21-2241471103-1476502067-508736179-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2241471103-1476502067-508736179-1003\..\SearchScopes\{6C1FCA4D-F277-41F1-8E37-B6A2DC20C973}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea ... -keywords={searchTerms}
IE - HKU\S-1-5-21-2241471103-1476502067-508736179-1003\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKU\S-1-5-21-2241471103-1476502067-508736179-1003\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-2241471103-1476502067-508736179-1003\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572 ... com/?_nkw={searchTerms}


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/10/17 13:00:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_13_2 [2012/10/18 21:41:31 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKU\S-1-5-21-2241471103-1476502067-508736179-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-2241471103-1476502067-508736179-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [DT HPO] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe (Portrait Displays, Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2241471103-1476502067-508736179-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2241471103-1476502067-508736179-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/CSMWeb/Custo ... anager.CAB (Hewlett-Packard Online Support Services)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B4FA6AB-AAEC-4DAB-9708-67B1E14BAEF8}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/18 15:08:58 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{20838693-2FBE-4AC1-8DCF-48D8403B4C91}
[2012/10/17 20:27:16 | 000,000,000 | ---D | C] -- C:\2bb62fecf984874382aa8dc1
[2012/10/17 14:06:31 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Roaming\Roxio Log Files
[2012/10/17 13:22:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/10/17 13:02:50 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{B6349ED2-3BED-4CB0-AFD2-6549489530F0}
[2012/10/17 12:04:36 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{2E621614-3817-4A43-AC9F-811EB136D6ED}
[2012/10/16 14:48:44 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{23A4C51B-6A16-4496-A9B1-60C4919FC2F5}
[2012/10/15 23:41:06 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{1034BE7F-EA50-4575-B569-0C2757556D23}
[2012/10/15 11:15:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/15 08:07:05 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{08669D63-1A8B-4BB4-B424-695C89C3DB84}
[2012/10/14 10:54:24 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{792061C5-E1CB-47A9-97F2-35FDD37EB362}
[2012/10/14 00:10:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/10/14 00:10:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/10/14 00:10:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/10/14 00:09:22 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/10/13 23:20:58 | 000,000,000 | ---D | C] -- C:\Program Files\Anti-Malware
[2012/10/13 21:49:29 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Roaming\Malwarebytes
[2012/10/13 21:49:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/13 21:49:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/13 21:49:17 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/10/13 21:49:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/10/13 14:45:08 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{63AA384D-553B-4472-BF60-9A70DF3EDBE7}
[2012/10/13 01:56:19 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\Kobo
[2012/10/13 01:51:02 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Roaming\ZinioReader4
[2012/10/13 01:29:40 | 000,000,000 | ---D | C] -- C:\ProgramData\PDFC
[2012/10/13 01:21:26 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\VS Revo Group
[2012/10/13 01:21:21 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/10/13 00:29:38 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{31883C3D-FB5A-467B-8AF3-8288EB9C0192}
[2012/10/12 21:36:44 | 000,000,000 | ---D | C] -- C:\ID Vault
[2012/10/12 21:32:59 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\NPE
[2012/10/12 07:37:18 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{92AFC30E-490D-47F8-A34B-662B1FB5361F}
[2012/10/11 12:53:38 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{21D83205-9715-46B0-921E-971BF4974DCF}
[2012/10/11 12:49:48 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\Documents\OneNote Notebooks
[2012/10/10 20:01:04 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{0E008CF5-7F29-4429-9671-A608607FBEC0}
[2012/10/10 06:54:34 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{726B5BC4-21D0-4481-B20B-625E37C724F2}
[2012/10/09 14:58:06 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{52078DA1-A0D0-40D6-AA11-A388BB0E4507}
[2012/10/08 19:54:53 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{0FC9DBB8-7336-4418-8275-6286A39D1416}
[2012/10/08 07:54:30 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{A4BFB3DE-DB14-44CD-AAA0-6418EA2A1AE6}
[2012/10/07 19:37:24 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{35D6BD80-AAF1-497B-8BB7-4CC6699718FC}
[2012/10/06 09:21:58 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{3B819532-50AE-4940-94D0-ED23149C126B}
[2012/10/05 09:06:14 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{9CD3C714-06ED-4A67-8B98-A328D02DD67A}
[2012/10/04 16:36:59 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{51A1563E-80BD-43A5-9941-7317A4D2FE32}
[2012/10/03 20:06:57 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{07CD33FE-379E-4E64-818F-1CD4C884F0FA}
[2012/10/03 08:06:34 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{11FD3448-0873-4D2F-BB75-E181EC7E6E11}
[2012/10/02 18:40:47 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{B7D81391-FEAA-430F-98AA-F8F9F04FF4C3}
[2012/10/02 06:28:04 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{F7369093-D213-4B08-AE47-B748E55842E3}
[2012/10/01 16:21:40 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{5080F52E-1A1F-4F73-B8D5-551B5FCB26A8}
[2012/09/30 22:30:40 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{CAD513A3-ADEB-4B8A-AE73-820F2FC2A144}
[2012/09/30 09:09:19 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{D9A77CCE-8062-4196-A668-E8E9BA94F744}
[2012/09/29 18:20:39 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{32578E33-2483-4379-A6EA-9199AD0A97B0}
[2012/09/28 12:31:46 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{23384781-F390-4ACC-8195-14D9185C7272}
[2012/09/27 21:43:19 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{9C4A0F26-7E15-450D-8387-07E2DFD7B7A2}
[2012/09/27 09:42:56 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{73AD0A44-CB2F-4549-BDA8-9C0FDA1C0EC7}
[2012/09/25 18:50:47 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{3C0F2F73-6425-40BB-98A9-ABCC1ED2432C}
[2012/09/25 06:47:05 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{DCA2DE73-CDF8-4D29-9C85-5B5A2D9663FB}
[2012/09/24 09:33:52 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{CAA36B3A-27BE-42BF-A67F-7FFFFB3AAFE5}
[2012/09/23 10:01:21 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{01F34754-535B-4939-91A2-FF7A461425EA}
[2012/09/23 09:58:40 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/09/22 16:06:41 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{FEC5BD43-AD28-4CE9-A7FB-5A192B387C90}
[2012/09/22 07:16:14 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{B8C59C5E-4E13-4740-B7F6-149FB3D9CA30}
[2012/09/21 15:08:25 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{52E5FE43-8C32-4CBB-A8C8-AD82FB9B1E71}
[2012/09/20 19:10:18 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{DD5EDDF5-A423-49B8-B2D2-71430E5ACB5C}
[2012/09/20 17:15:47 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\Microsoft Help
[2012/09/20 17:15:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/09/20 06:44:07 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{69C7D921-4CD7-44AC-BF14-854F4D3D5E3B}
[2012/09/19 16:39:29 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{A96D65E8-B3B7-4F67-8F01-6D25A7023C78}
[2012/09/19 15:38:19 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{72656B01-D0FF-4FC1-9506-6CD8080610E0}

========== Files - Modified Within 30 Days ==========

[2012/10/18 21:48:48 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/18 21:48:48 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/18 21:43:35 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/18 21:41:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/18 21:41:12 | 521,396,223 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/18 21:40:21 | 000,161,214 | ---- | M] () -- C:\Users\MEACB Fam Desktop\Documents\DBD Movie2.wlmp
[2012/10/18 21:31:10 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/18 00:00:07 | 000,165,376 | ---- | M] () -- C:\Users\MEACB Fam Desktop\Desktop\SystemLook_x64.exe
[2012/10/17 22:20:19 | 000,001,513 | ---- | M] () -- C:\Users\MEACB Fam Desktop\Desktop\dds - Shortcut.lnk
[2012/10/17 21:01:43 | 000,001,747 | ---- | M] () -- C:\Users\MEACB Fam Desktop\Desktop\RevoUninPro - Shortcut.lnk
[2012/10/17 13:48:02 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMEACB Fam Desktop.job
[2012/10/17 13:47:53 | 000,307,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/10/17 13:23:08 | 000,000,971 | ---- | M] () -- C:\Users\MEACB Fam Desktop\Desktop\OTL - Shortcut.lnk
[2012/10/17 13:22:36 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/10/17 13:07:50 | 000,779,724 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/17 13:07:50 | 000,660,520 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/17 13:07:50 | 000,121,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/17 13:04:58 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\file.ext
[2012/10/11 17:50:44 | 001,533,240 | ---- | M] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 020.jpg
[2012/10/11 17:49:53 | 000,000,945 | ---- | M] () -- C:\Users\MEACB Fam Desktop\Desktop\Picture 037 - Shortcut.lnk
[2012/09/23 09:58:37 | 2126,888,244 | ---- | M] () -- C:\Windows\MEMORY.DMP

========== Files Created - No Company Name ==========

[2012/10/18 15:57:35 | 001,755,122 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\002.JPG
[2012/10/18 15:45:30 | 001,528,958 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\DSCN1377.JPG
[2012/10/18 15:41:59 | 001,839,800 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Cristina TSA 2012 065.JPG
[2012/10/18 15:37:01 | 001,776,312 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Cristina TSA 2012 003.JPG
[2012/10/18 15:36:02 | 001,184,483 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\IMG_8506.JPG
[2012/10/18 15:34:27 | 022,730,328 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\124.AVI
[2012/10/18 15:30:56 | 001,352,288 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\047.JPG
[2012/10/18 15:30:51 | 001,781,130 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\037.JPG
[2012/10/18 15:29:03 | 001,750,969 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\112.JPG
[2012/10/18 15:28:43 | 001,999,311 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\158.JPG
[2012/10/18 15:28:08 | 001,844,599 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\069.JPG
[2012/10/18 15:19:07 | 001,632,881 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\539.JPG
[2012/10/18 15:17:42 | 002,008,097 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\478.JPG
[2012/10/18 15:16:59 | 002,068,651 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\463.JPG
[2012/10/18 15:15:44 | 002,111,730 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\420.JPG
[2012/10/18 15:14:38 | 002,024,335 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\331.JPG
[2012/10/17 23:59:34 | 000,165,376 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Desktop\SystemLook_x64.exe
[2012/10/17 22:20:19 | 000,001,513 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Desktop\dds - Shortcut.lnk
[2012/10/17 21:01:43 | 000,001,747 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Desktop\RevoUninPro - Shortcut.lnk
[2012/10/17 13:23:08 | 000,000,971 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Desktop\OTL - Shortcut.lnk
[2012/10/12 21:59:20 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/10/11 18:19:40 | 122,882,498 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 154.avi
[2012/10/11 18:19:34 | 036,580,968 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 152.avi
[2012/10/11 18:19:23 | 002,089,281 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 128.jpg
[2012/10/11 18:19:07 | 002,208,060 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 114.jpg
[2012/10/11 18:19:03 | 002,320,199 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 111.jpg
[2012/10/11 18:17:02 | 001,872,253 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 059.jpg
[2012/10/11 18:16:57 | 000,885,101 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 055.jpg
[2012/10/11 18:16:49 | 001,141,104 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 036.jpg
[2012/10/11 18:16:19 | 000,939,057 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 028.jpg
[2012/10/11 18:16:04 | 000,972,686 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 014.jpg
[2012/10/11 18:15:50 | 001,949,389 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\GSCamp 2011 164.jpg
[2012/10/11 18:04:09 | 001,561,828 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 557.jpg
[2012/10/11 18:04:00 | 001,547,854 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 487.jpg
[2012/10/11 18:03:41 | 004,541,742 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 430.MOV
[2012/10/11 18:03:27 | 001,423,044 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 411.jpg
[2012/10/11 18:03:10 | 001,506,615 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 358.jpg
[2012/10/11 18:02:51 | 001,533,682 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 328.jpg
[2012/10/11 18:02:44 | 001,543,713 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 298.jpg
[2012/10/11 17:57:49 | 001,545,214 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 262.jpg
[2012/10/11 17:57:45 | 001,512,136 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 267.jpg
[2012/10/11 17:57:33 | 001,471,182 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 233.jpg
[2012/10/11 17:57:29 | 001,557,870 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 225.jpg
[2012/10/11 17:57:25 | 001,534,319 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 224.jpg
[2012/10/11 17:57:18 | 001,543,210 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 180.jpg
[2012/10/11 17:57:07 | 001,499,299 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 179.jpg
[2012/10/11 17:57:01 | 014,050,336 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 175.MOV
[2012/10/11 17:56:55 | 010,965,992 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 174.MOV
[2012/10/11 17:56:22 | 001,544,011 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 146.jpg
[2012/10/11 17:56:12 | 001,523,183 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 142.jpg
[2012/10/11 17:51:17 | 001,495,507 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 039.jpg
[2012/10/11 17:51:00 | 001,564,827 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 032.jpg
[2012/10/11 17:50:43 | 001,533,240 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 020.jpg
[2012/10/11 17:50:25 | 001,525,391 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 015.jpg
[2012/10/11 17:50:17 | 001,512,477 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 010.jpg
[2012/10/11 17:50:09 | 002,169,412 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 115.MOV
[2012/10/11 17:49:59 | 003,644,872 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 037.MOV
[2012/10/11 17:49:53 | 000,000,945 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Desktop\Picture 037 - Shortcut.lnk
[2012/10/11 17:44:03 | 002,104,812 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 072.MOV
[2012/10/11 15:41:08 | 000,161,214 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\DBD Movie2.wlmp
[2012/09/23 09:58:37 | 2126,888,244 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/08/29 11:05:04 | 000,100,344 | ---- | C] () -- C:\Windows\HPBroker.dll
[2011/12/31 13:05:25 | 000,000,089 | ---- | C] () -- C:\Users\MEACB Fam Desktop\AppData\Local\msmathematics.qat.MEACB Fam Desktop
[2011/12/07 05:31:53 | 000,002,792 | ---- | C] () -- C:\Program Files\HP SimplePass 2011
[2011/07/24 15:50:36 | 000,305,256 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/06/21 02:07:00 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/06/07 11:08:58 | 000,045,056 | ---- | C] () -- C:\Windows\devenum.exe
[2011/06/07 11:08:58 | 000,024,576 | ---- | C] () -- C:\Windows\shortcut.exe
[2011/02/11 11:15:43 | 000,773,448 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/12/31 12:46:46 | 000,000,000 | ---D | M] -- C:\Users\MEACB Fam Desktop\AppData\Roaming\Blio
[2012/10/17 13:53:11 | 000,000,000 | ---D | M] -- C:\Users\MEACB Fam Desktop\AppData\Roaming\ID Vault
[2012/10/13 19:42:43 | 000,000,000 | ---D | M] -- C:\Users\MEACB Fam Desktop\AppData\Roaming\SoftGrid Client
[2012/01/04 22:28:32 | 000,000,000 | ---D | M] -- C:\Users\MEACB Fam Desktop\AppData\Roaming\TP
[2012/02/21 10:00:46 | 000,000,000 | ---D | M] -- C:\Users\MEACB Fam Desktop\AppData\Roaming\WinBatch
[2012/01/04 16:35:07 | 000,000,000 | ---D | M] -- C:\Users\MEACB Fam Desktop\AppData\Roaming\Windows Live Writer
[2012/10/13 01:51:02 | 000,000,000 | ---D | M] -- C:\Users\MEACB Fam Desktop\AppData\Roaming\ZinioReader4

========== Purity Check ==========



< End of report >
EnglishSettlement
Regular Member
 
Posts: 23
Joined: October 14th, 2012, 1:53 am

Re: Contracted iLivid and other malware

Unread postby askey127 » October 19th, 2012, 7:12 am

EnglishSettlement,
Let's go again. I don't like that file in the Windows folder.
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    IE - HKU\S-1-5-21-2241471103-1476502067-508736179-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    IE - HKU\S-1-5-21-2241471103-1476502067-508736179-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-2241471103-1476502067-508736179-1003\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    IE - HKU\S-1-5-21-2241471103-1476502067-508736179-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    
    :Files
    C:\Windows\devenum.exe
    ipconfig /flushdns /c
    
    :Commands
    [EMPTYTEMP]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, and click to allow the Reboot when it is done.
    When the computer Reboots, and you start your usual account, a Notepad text file will appear.
  • Copy the contents of that file and post it in your next reply.
    The file will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log

----------------------------------------------
After posting the Resulting log, Please Rescan as follows:
Open OTL again and click the Quick Scan button. Post the new log it produces, OTL.txt, in your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Contracted iLivid and other malware

Unread postby EnglishSettlement » October 19th, 2012, 4:50 pm

askey127,

To which file in Windows were you referring? btw & fyi, I resolved the Live Mail problem using appwiz.cpl. I was going to uninstall and reinstall it, but when I clicked on Live Essentials, and above clicked Uninstall/Change, it gave me the options of unistalling or repairing. I clicked repair Live Essentials, and that fixed the whole problem--with a lot less headache than just nuking the whole thing.

Here are my runfix & OTL.txt logs:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKU\S-1-5-21-2241471103-1476502067-508736179-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKEY_USERS\S-1-5-21-2241471103-1476502067-508736179-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2241471103-1476502067-508736179-1003\Software\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ not found.
HKU\S-1-5-21-2241471103-1476502067-508736179-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ not found.
========== FILES ==========
C:\Windows\devenum.exe moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\_OTL\MovedFiles\cmd.bat deleted successfully.
C:\_OTL\MovedFiles\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: MEACB Fam Desktop
->Temp folder emptied: 20301952 bytes
->Temporary Internet Files folder emptied: 4811452 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 598 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 102691 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 134 bytes
RecycleBin emptied: 2258450 bytes

Total Files Cleaned = 26.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10192012_141142

Files\Folders moved on Reboot...
C:\Users\MEACB Fam Desktop\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\MEACB Fam Desktop\AppData\Local\Temp\~DF012CCCA74CD8AABF.TMP not found!
File\Folder C:\Users\MEACB Fam Desktop\AppData\Local\Temp\~DF52B69482EB138362.TMP not found!
File\Folder C:\Users\MEACB Fam Desktop\AppData\Local\Temp\~DF7EC43B9E751BB64C.TMP not found!
File\Folder C:\Users\MEACB Fam Desktop\AppData\Local\Temp\~DFBD52FE0923088109.TMP not found!
File\Folder C:\Users\MEACB Fam Desktop\AppData\Local\Temp\~DFBF5B017C6F5B8EE7.TMP not found!
File\Folder C:\Users\MEACB Fam Desktop\AppData\Local\Temp\~DFCC08300E01D9FF47.TMP not found!
File\Folder C:\Users\MEACB Fam Desktop\AppData\Local\Temp\~DFEB70EE3F59305ED6.TMP not found!
File\Folder C:\Users\MEACB Fam Desktop\AppData\Local\Temp\~DFF7468FD7FEF63DAD.TMP not found!
C:\Users\MEACB Fam Desktop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\MEACB Fam Desktop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...




OTL logfile created on: 10/19/2012 2:18:13 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\_OTL\MovedFiles
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.98 Gb Total Physical Memory | 4.36 Gb Available Physical Memory | 72.97% Memory free
11.96 Gb Paging File | 10.32 Gb Available in Paging File | 86.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.31 Gb Total Space | 849.94 Gb Free Space | 92.45% Space Free | Partition Type: NTFS
Drive D: | 12.11 Gb Total Space | 1.48 Gb Free Space | 12.25% Space Free | Partition Type: NTFS

Computer Name: MEACBFAMDESKTOP | User Name: MEACB Fam Desktop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/17 13:16:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\_OTL\MovedFiles\OTL.exe
PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/07 01:08:00 | 002,458,944 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/06/17 12:24:24 | 000,445,232 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe
PRC - [2011/06/17 12:24:14 | 000,129,840 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2011/06/09 07:37:18 | 000,264,008 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
PRC - [2011/06/09 07:37:00 | 000,653,128 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
PRC - [2011/06/09 07:36:34 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
PRC - [2011/04/16 18:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe
PRC - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/03/23 11:16:38 | 000,136,488 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Cyberlink\YouCam\YCMMirage.exe
PRC - [2011/03/09 16:47:08 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2011/02/25 12:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/24 02:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2011/02/01 15:41:24 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 15:41:20 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2011/02/15 13:59:00 | 000,015,624 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP My Display\ACPIDll.dll


========== Services (SafeList) ==========

SRV:64bit: - [2011/10/23 14:50:28 | 000,309,760 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/10/11 04:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/02 19:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/07 01:08:00 | 002,458,944 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/06/17 12:24:14 | 000,129,840 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2011/06/09 07:37:18 | 000,264,008 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)
SRV - [2011/04/16 18:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/03/09 16:47:08 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2011/03/07 17:43:30 | 002,375,168 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/03/01 23:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 12:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/24 02:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2011/02/01 15:41:24 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 15:41:20 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/01 17:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 10:50:16 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/12/07 05:31:02 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv)
DRV:64bit: - [2011/12/07 05:07:06 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/12/07 05:07:06 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/10/23 14:50:28 | 000,535,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/05/04 18:44:00 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/04/22 04:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/21 19:46:54 | 001,360,960 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2011/04/21 06:07:22 | 000,399,944 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci)
DRV:64bit: - [2011/04/21 06:07:22 | 000,131,656 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3)
DRV:64bit: - [2011/04/20 19:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/03/30 21:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 21:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011/03/23 11:17:06 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011/03/14 20:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/01/27 00:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symds64.sys -- (SymDS)
DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/15 19:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/11/06 02:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/19 18:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/07/13 06:57:08 | 000,069,736 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2010/01/18 17:40:26 | 000,004,608 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcmirror.sys -- (rcmirror)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 14:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2012/10/17 13:03:48 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121019.002\ex64.sys -- (NAVEX15)
DRV - [2012/10/17 13:03:48 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/10/17 13:03:48 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121019.002\eng64.sys -- (NAVENG)
DRV - [2012/10/16 15:30:32 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121018.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/31 16:09:13 | 001,385,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120928.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/08/10 20:58:50 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{6C1FCA4D-F277-41F1-8E37-B6A2DC20C973}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea ... -keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572 ... com/?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{6C1FCA4D-F277-41F1-8E37-B6A2DC20C973}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea ... -keywords={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572 ... com/?_nkw={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572 ... com/?_nkw={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/10/17 13:00:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_13_2 [2012/10/19 14:14:51 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [DT HPO] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe (Portrait Displays, Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B4FA6AB-AAEC-4DAB-9708-67B1E14BAEF8}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/19 13:36:56 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{032CF713-6706-4FBE-9351-7A4C157DA3A1}
[2012/10/18 15:08:58 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{20838693-2FBE-4AC1-8DCF-48D8403B4C91}
[2012/10/17 20:27:16 | 000,000,000 | ---D | C] -- C:\2bb62fecf984874382aa8dc1
[2012/10/17 14:06:31 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Roaming\Roxio Log Files
[2012/10/17 13:02:50 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{B6349ED2-3BED-4CB0-AFD2-6549489530F0}
[2012/10/17 12:04:36 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{2E621614-3817-4A43-AC9F-811EB136D6ED}
[2012/10/16 14:48:44 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{23A4C51B-6A16-4496-A9B1-60C4919FC2F5}
[2012/10/15 23:41:06 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{1034BE7F-EA50-4575-B569-0C2757556D23}
[2012/10/15 11:15:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/15 08:07:05 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{08669D63-1A8B-4BB4-B424-695C89C3DB84}
[2012/10/14 10:54:24 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{792061C5-E1CB-47A9-97F2-35FDD37EB362}
[2012/10/14 00:10:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/10/14 00:10:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/10/14 00:10:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/10/14 00:09:22 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/10/13 23:20:58 | 000,000,000 | ---D | C] -- C:\Program Files\Anti-Malware
[2012/10/13 21:49:29 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Roaming\Malwarebytes
[2012/10/13 21:49:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/13 21:49:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/13 21:49:17 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/10/13 21:49:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/10/13 14:45:08 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{63AA384D-553B-4472-BF60-9A70DF3EDBE7}
[2012/10/13 01:56:19 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\Kobo
[2012/10/13 01:51:02 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Roaming\ZinioReader4
[2012/10/13 01:29:40 | 000,000,000 | ---D | C] -- C:\ProgramData\PDFC
[2012/10/13 01:21:26 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\VS Revo Group
[2012/10/13 01:21:21 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/10/13 00:29:38 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{31883C3D-FB5A-467B-8AF3-8288EB9C0192}
[2012/10/12 21:36:44 | 000,000,000 | ---D | C] -- C:\ID Vault
[2012/10/12 21:32:59 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\NPE
[2012/10/12 07:37:18 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{92AFC30E-490D-47F8-A34B-662B1FB5361F}
[2012/10/11 12:53:38 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{21D83205-9715-46B0-921E-971BF4974DCF}
[2012/10/11 12:49:48 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\Documents\OneNote Notebooks
[2012/10/10 20:01:04 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{0E008CF5-7F29-4429-9671-A608607FBEC0}
[2012/10/10 06:54:34 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{726B5BC4-21D0-4481-B20B-625E37C724F2}
[2012/10/09 14:58:06 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{52078DA1-A0D0-40D6-AA11-A388BB0E4507}
[2012/10/08 19:54:53 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{0FC9DBB8-7336-4418-8275-6286A39D1416}
[2012/10/08 07:54:30 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{A4BFB3DE-DB14-44CD-AAA0-6418EA2A1AE6}
[2012/10/07 19:37:24 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{35D6BD80-AAF1-497B-8BB7-4CC6699718FC}
[2012/10/06 09:21:58 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{3B819532-50AE-4940-94D0-ED23149C126B}
[2012/10/05 09:06:14 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{9CD3C714-06ED-4A67-8B98-A328D02DD67A}
[2012/10/04 16:36:59 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{51A1563E-80BD-43A5-9941-7317A4D2FE32}
[2012/10/03 20:06:57 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{07CD33FE-379E-4E64-818F-1CD4C884F0FA}
[2012/10/03 08:06:34 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{11FD3448-0873-4D2F-BB75-E181EC7E6E11}
[2012/10/02 18:40:47 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{B7D81391-FEAA-430F-98AA-F8F9F04FF4C3}
[2012/10/02 06:28:04 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{F7369093-D213-4B08-AE47-B748E55842E3}
[2012/10/01 16:21:40 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{5080F52E-1A1F-4F73-B8D5-551B5FCB26A8}
[2012/09/30 22:30:40 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{CAD513A3-ADEB-4B8A-AE73-820F2FC2A144}
[2012/09/30 09:09:19 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{D9A77CCE-8062-4196-A668-E8E9BA94F744}
[2012/09/29 18:20:39 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{32578E33-2483-4379-A6EA-9199AD0A97B0}
[2012/09/28 12:31:46 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{23384781-F390-4ACC-8195-14D9185C7272}
[2012/09/27 21:43:19 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{9C4A0F26-7E15-450D-8387-07E2DFD7B7A2}
[2012/09/27 09:42:56 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{73AD0A44-CB2F-4549-BDA8-9C0FDA1C0EC7}
[2012/09/25 18:50:47 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{3C0F2F73-6425-40BB-98A9-ABCC1ED2432C}
[2012/09/25 06:47:05 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{DCA2DE73-CDF8-4D29-9C85-5B5A2D9663FB}
[2012/09/24 09:33:52 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{CAA36B3A-27BE-42BF-A67F-7FFFFB3AAFE5}
[2012/09/23 10:01:21 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{01F34754-535B-4939-91A2-FF7A461425EA}
[2012/09/23 09:58:40 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/09/22 16:06:41 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{FEC5BD43-AD28-4CE9-A7FB-5A192B387C90}
[2012/09/22 07:16:14 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{B8C59C5E-4E13-4740-B7F6-149FB3D9CA30}
[2012/09/21 15:08:25 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{52E5FE43-8C32-4CBB-A8C8-AD82FB9B1E71}
[2012/09/20 19:10:18 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{DD5EDDF5-A423-49B8-B2D2-71430E5ACB5C}
[2012/09/20 17:15:47 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\Microsoft Help
[2012/09/20 17:15:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/09/20 06:44:07 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{69C7D921-4CD7-44AC-BF14-854F4D3D5E3B}
[2012/09/19 16:39:29 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{A96D65E8-B3B7-4F67-8F01-6D25A7023C78}
[2012/09/19 15:38:19 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{72656B01-D0FF-4FC1-9506-6CD8080610E0}

========== Files - Modified Within 30 Days ==========

[2012/10/19 14:16:37 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/19 14:14:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/19 14:14:27 | 521,396,223 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/19 13:44:06 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/19 13:44:06 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/19 13:42:46 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\file.ext
[2012/10/18 22:50:49 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/18 22:31:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/18 21:40:21 | 000,161,214 | ---- | M] () -- C:\Users\MEACB Fam Desktop\Documents\DBD Movie2.wlmp
[2012/10/18 00:00:07 | 000,165,376 | ---- | M] () -- C:\Users\MEACB Fam Desktop\Desktop\SystemLook_x64.exe
[2012/10/17 22:20:19 | 000,001,513 | ---- | M] () -- C:\Users\MEACB Fam Desktop\Desktop\dds - Shortcut.lnk
[2012/10/17 21:01:43 | 000,001,747 | ---- | M] () -- C:\Users\MEACB Fam Desktop\Desktop\RevoUninPro - Shortcut.lnk
[2012/10/17 13:48:02 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMEACB Fam Desktop.job
[2012/10/17 13:47:53 | 000,307,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/10/17 13:23:08 | 000,000,971 | ---- | M] () -- C:\Users\MEACB Fam Desktop\Desktop\OTL - Shortcut.lnk
[2012/10/17 13:22:36 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/10/17 13:07:50 | 000,779,724 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/17 13:07:50 | 000,660,520 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/17 13:07:50 | 000,121,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/11 17:50:44 | 001,533,240 | ---- | M] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 020.jpg
[2012/10/11 17:49:53 | 000,000,945 | ---- | M] () -- C:\Users\MEACB Fam Desktop\Desktop\Picture 037 - Shortcut.lnk
[2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/23 09:58:37 | 2126,888,244 | ---- | M] () -- C:\Windows\MEMORY.DMP

========== Files Created - No Company Name ==========

[2012/10/19 13:58:45 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012/10/18 22:50:49 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/18 15:57:35 | 001,755,122 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\002.JPG
[2012/10/18 15:45:30 | 001,528,958 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\DSCN1377.JPG
[2012/10/18 15:41:59 | 001,839,800 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Cristina TSA 2012 065.JPG
[2012/10/18 15:37:01 | 001,776,312 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Cristina TSA 2012 003.JPG
[2012/10/18 15:36:02 | 001,184,483 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\IMG_8506.JPG
[2012/10/18 15:34:27 | 022,730,328 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\124.AVI
[2012/10/18 15:30:56 | 001,352,288 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\047.JPG
[2012/10/18 15:30:51 | 001,781,130 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\037.JPG
[2012/10/18 15:29:03 | 001,750,969 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\112.JPG
[2012/10/18 15:28:43 | 001,999,311 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\158.JPG
[2012/10/18 15:28:08 | 001,844,599 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\069.JPG
[2012/10/18 15:19:07 | 001,632,881 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\539.JPG
[2012/10/18 15:17:42 | 002,008,097 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\478.JPG
[2012/10/18 15:16:59 | 002,068,651 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\463.JPG
[2012/10/18 15:15:44 | 002,111,730 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\420.JPG
[2012/10/18 15:14:38 | 002,024,335 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\331.JPG
[2012/10/17 23:59:34 | 000,165,376 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Desktop\SystemLook_x64.exe
[2012/10/17 22:20:19 | 000,001,513 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Desktop\dds - Shortcut.lnk
[2012/10/17 21:01:43 | 000,001,747 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Desktop\RevoUninPro - Shortcut.lnk
[2012/10/17 13:23:08 | 000,000,971 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Desktop\OTL - Shortcut.lnk
[2012/10/12 21:59:20 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/10/11 18:19:40 | 122,882,498 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 154.avi
[2012/10/11 18:19:34 | 036,580,968 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 152.avi
[2012/10/11 18:19:23 | 002,089,281 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 128.jpg
[2012/10/11 18:19:07 | 002,208,060 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 114.jpg
[2012/10/11 18:19:03 | 002,320,199 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 111.jpg
[2012/10/11 18:17:02 | 001,872,253 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 059.jpg
[2012/10/11 18:16:57 | 000,885,101 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 055.jpg
[2012/10/11 18:16:49 | 001,141,104 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 036.jpg
[2012/10/11 18:16:19 | 000,939,057 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 028.jpg
[2012/10/11 18:16:04 | 000,972,686 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 014.jpg
[2012/10/11 18:15:50 | 001,949,389 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\GSCamp 2011 164.jpg
[2012/10/11 18:04:09 | 001,561,828 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 557.jpg
[2012/10/11 18:04:00 | 001,547,854 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 487.jpg
[2012/10/11 18:03:41 | 004,541,742 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 430.MOV
[2012/10/11 18:03:27 | 001,423,044 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 411.jpg
[2012/10/11 18:03:10 | 001,506,615 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 358.jpg
[2012/10/11 18:02:51 | 001,533,682 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 328.jpg
[2012/10/11 18:02:44 | 001,543,713 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 298.jpg
[2012/10/11 17:57:49 | 001,545,214 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 262.jpg
[2012/10/11 17:57:45 | 001,512,136 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 267.jpg
[2012/10/11 17:57:33 | 001,471,182 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 233.jpg
[2012/10/11 17:57:29 | 001,557,870 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 225.jpg
[2012/10/11 17:57:25 | 001,534,319 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 224.jpg
[2012/10/11 17:57:18 | 001,543,210 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 180.jpg
[2012/10/11 17:57:07 | 001,499,299 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 179.jpg
[2012/10/11 17:57:01 | 014,050,336 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 175.MOV
[2012/10/11 17:56:55 | 010,965,992 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 174.MOV
[2012/10/11 17:56:22 | 001,544,011 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 146.jpg
[2012/10/11 17:56:12 | 001,523,183 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 142.jpg
[2012/10/11 17:51:17 | 001,495,507 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 039.jpg
[2012/10/11 17:51:00 | 001,564,827 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 032.jpg
[2012/10/11 17:50:43 | 001,533,240 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 020.jpg
[2012/10/11 17:50:25 | 001,525,391 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 015.jpg
[2012/10/11 17:50:17 | 001,512,477 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 010.jpg
[2012/10/11 17:50:09 | 002,169,412 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 115.MOV
[2012/10/11 17:49:59 | 003,644,872 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 037.MOV
[2012/10/11 17:49:53 | 000,000,945 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Desktop\Picture 037 - Shortcut.lnk
[2012/10/11 17:44:03 | 002,104,812 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 072.MOV
[2012/10/11 15:41:08 | 000,161,214 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\DBD Movie2.wlmp
[2012/09/23 09:58:37 | 2126,888,244 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/08/29 11:05:04 | 000,100,344 | ---- | C] () -- C:\Windows\HPBroker.dll
[2011/12/31 13:05:25 | 000,000,089 | ---- | C] () -- C:\Users\MEACB Fam Desktop\AppData\Local\msmathematics.qat.MEACB Fam Desktop
[2011/12/07 05:31:53 | 000,002,792 | ---- | C] () -- C:\Program Files\HP SimplePass 2011
[2011/07/24 15:50:36 | 000,305,256 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/06/21 02:07:00 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/02/11 11:15:43 | 000,773,448 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/12/31 12:46:46 | 000,000,000 | ---D | M] -- C:\Users\MEACB Fam Desktop\AppData\Roaming\Blio
[2012/10/17 13:53:11 | 000,000,000 | ---D | M] -- C:\Users\MEACB Fam Desktop\AppData\Roaming\ID Vault
[2012/10/13 19:42:43 | 000,000,000 | ---D | M] -- C:\Users\MEACB Fam Desktop\AppData\Roaming\SoftGrid Client
[2012/01/04 22:28:32 | 000,000,000 | ---D | M] -- C:\Users\MEACB Fam Desktop\AppData\Roaming\TP
[2012/02/21 10:00:46 | 000,000,000 | ---D | M] -- C:\Users\MEACB Fam Desktop\AppData\Roaming\WinBatch
[2012/01/04 16:35:07 | 000,000,000 | ---D | M] -- C:\Users\MEACB Fam Desktop\AppData\Roaming\Windows Live Writer
[2012/10/13 01:51:02 | 000,000,000 | ---D | M] -- C:\Users\MEACB Fam Desktop\AppData\Roaming\ZinioReader4

========== Purity Check ==========



< End of report >
EnglishSettlement
Regular Member
 
Posts: 23
Joined: October 14th, 2012, 1:53 am

Re: Contracted iLivid and other malware

Unread postby askey127 » October 19th, 2012, 6:12 pm

English,
Looks pretty good.
If you want to help protect yourself going forward, Installing a HOSTS file will help.
It basically blocks thousands of known malicious web sites from accidentally connecting.
---------------------------------------------------------------
Disable DNS Client Service. This is necessary when installing a large HOSTS file.
From Start, or Start, Run
Type services.msc in the box and hit <Enter>
Give permission to continue if necessary.
Scroll down to DNS Client on the list, Right Click it and choose Properties.
Under Service Status, click Stop. Wait until it reports the service stopped.
Under Startup Type, choose Disabled.
Then click Apply, OK

If this part was successful, then proceed:
-------------------------------------------------------------
Use HostsXpert to Install the HOSTS File
Download HostsXpert and unzip it to your computer, somewhere where you can find it.
  • Right click on HostsXpert.exe and "Run as administrator".
  • Check to see if top button on left hand side says Make Writable ?
    • If it does. click on it once, then proceed to next instruction. (When you click, the label will change to Make Read Only)
    • If it already says Make Read Only, just proceed to next instruction
  • Click on the Download button (lower left hand side)
    • Click on MVPs Hosts... button.
    • Click on Replace button.
    • Press OK in the box that pops up. (HostsXpert will now download and update your Hosts file)
  • When finished.
    • Click on File Handling button.
    • Click on Make Read Only ? once, to secure it against infection.(When you click, the label will change to Make Writable?)
  • Exit the program.

If you have a separate third party firewall, or Winpatrol, you may have to give permissions at various times to Unlock the present default HOSTS file and install the new one.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Contracted iLivid and other malware

Unread postby EnglishSettlement » October 22nd, 2012, 4:48 pm

askey127,

I followed your Rx and am using HostsXpert, which sounds like the last step I need to take, except I just remembered:

On 10/18 you advised "Anything showing in the C:\OTL\Moved Files\ folder is already quarantined and will be removed later.

(If you hit the Clean Up button in OTL when you are really all done, it removes the quarantined items and most of our tools)."

So, doing that now, it requires a reboot. I'll be back with a final follow-up.
EnglishSettlement
Regular Member
 
Posts: 23
Joined: October 14th, 2012, 1:53 am

Re: Contracted iLivid and other malware

Unread postby EnglishSettlement » October 22nd, 2012, 5:27 pm

Askey127,

It looks like that OTL Cleanup deleted some OTL logs that I'd saved on the Desktop, so I guess it worked as planned. I was going to do some cleaning up of my own, removing the remnant logs of all this work: Extras, SystemLook, dds, attach & the OTL runfix txt files--or should I save in a folder for future reference if needed?

Although I've said thanks many times over the course of these postings, it really seems an insufficient way of expressing my true gratitude for all you've done: the time you've spent poring over my logs, typing replies and instructions, and in the process, educating me. This computer isn't even a year old, and I was dismayed when this happened. It fueled my paranoia that "evildoers" lurk the internet, subverting its usefulness and preying upon the unwitting clicker, in this case, my kid. It's regrettable that Google and other search engines aren't more vigilant about blocking malware sites from coming up in search results. Maybe they don't care, they get their one cent per click, regardless.

All that said, you single-handedly partially restored my faith in humankind (partially, only because I know bad guys are still out there), by demonstrating benevolent altruism toward the ignorant (me) and unselfishly taking up my cause and helping. In so doing, you make the world a better place. I too try to practice altrusim, and will pass along your good deed at the next opportunity in whichever way I can, thinking of you in the process. That's a verbose and well-intended way of simply saying THANKS! May that warm feeling of satisfaction from anonymously doing a good thing flare up nice and cozy sometime in January when it's freezing in New Hapshire!

Best wishes,

EnglishSettlement
EnglishSettlement
Regular Member
 
Posts: 23
Joined: October 14th, 2012, 1:53 am

Re: Contracted iLivid and other malware

Unread postby askey127 » October 23rd, 2012, 7:44 am

Thank you for the kind words !

Since it looks like we have this resolved, this thread will be closed.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 47 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware