TheTechGuide Forum

General Category => Tech Clinic => Topic started by: Dale on July 16, 2012, 08:19:26 PM

Title: Virus - can't turn on firewall, bogus alerts while running microso
Post by: Dale on July 16, 2012, 08:19:26 PM

Hi,

This is my granddaughter's laptop and it's running Windows 7, which I've only used rarely.

Her mom said it has a virus and I volunteered to look at it.  I'm not really sure what's wrong, if anything, but for sure the antivirus software seems off as is the firewall and I'm not sure what to do about it.

I'd sure appreciate some help.

Thank you,
Dale

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:32:18 PM, on 7/16/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\SelectRebates\SelectRebates.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:55414
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: ShopAtHomeIEHelper - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: ShopAtHome.com Toolbar - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [WirelessAssistant] "C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
O4 - HKLM\..\Run: [WebrootTrayApp] "C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [SelectRebates] "C:\Program Files (x86)\SelectRebates\SelectRebates.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] "C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Allmyapps] "C:\Program Files (x86)\Allmyapps\AllmyappsNotifier.exe" startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc.  - C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe

--
End of file - 12113 bytes

Title: Virus - can't turn on firewall, bogus alerts while running microso
Post by: guestolo on July 18, 2012, 06:44:13 AM

Sorry for the delay, my time on the computer is limited.
But if you need a hand, I'll try posting back as soon as I can
Let's first do the following please
Download [color="#FF0000"]OTL.exe[/color] (http://"http://oldtimer.geekstogo.com/OTL.exe")[/url] by OldTimer to your Desktop.

• Right click on OTL.exe and choose to "Run as Administrator"
• Click Run Scan and let the program run uninterrupted.
  
• It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  
  

Title: Virus - can't turn on firewall, bogus alerts while running microso
Post by: Dale on July 18, 2012, 06:11:47 PM

I really appreciate your help!!!
Dale

OTL logfile created on: 7/18/2012 6:16:04 PM - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.93 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 54.17% Memory free
5.86 Gb Paging File | 4.32 Gb Available in Paging File | 73.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.83 Gb Total Space | 220.39 Gb Free Space | 77.65% Space Free | Partition Type: NTFS
Drive D: | 13.96 Gb Total Space | 2.31 Gb Free Space | 16.55% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 92.67 Mb Free Space | 93.29% Space Free | Partition Type: FAT32
 
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/07/18 18:15:06 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2012/01/03 16:31:34 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011/09/12 18:54:12 | 003,381,184 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe
PRC - [2011/09/12 18:54:09 | 001,382,984 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe
PRC - [2011/08/24 18:29:02 | 003,997,912 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/11/01 15:15:12 | 000,886,752 | ---- | M] () -- C:\Program Files (x86)\SelectRebates\SelectRebates.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/09/12 18:54:13 | 002,557,952 | ---- | M] () -- C:\Program Files (x86)\Webroot\Security\Current\Framework\frameworkresources.dll
MOD - [2010/11/01 15:15:12 | 000,886,752 | ---- | M] () -- C:\Program Files (x86)\SelectRebates\SelectRebates.exe
MOD - [2010/11/01 15:15:10 | 000,177,616 | ---- | M] () -- C:\Program Files (x86)\SelectRebates\SRebates.dll
MOD - [2010/06/03 13:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/02/22 13:19:10 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/02/22 13:19:08 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/02/22 13:19:08 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010/01/18 17:04:08 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV:64bit: - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/16 19:53:13 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/09/12 18:54:12 | 003,381,184 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe -- (WRConsumerService)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/08/24 18:29:02 | 003,997,912 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe -- (WebrootSpySweeperService)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/04 13:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/18 17:31:32 | 000,136,224 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ssidrv.sys -- (ssidrv)
DRV:64bit: - [2011/05/18 17:31:30 | 000,056,408 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\ssfmonm.sys -- (ssfmonm)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/03/05 14:57:18 | 000,144,896 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2010/02/05 19:49:04 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/01/19 20:55:34 | 001,088,544 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/11/27 20:45:00 | 000,295,424 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/10/13 13:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/22 20:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/09/22 20:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {07C6E258-13A9-43A8-8A41-73063CFBF2B2}
IE:64bit: - HKLM\..\SearchScopes\{07C6E258-13A9-43A8-8A41-73063CFBF2B2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{94901FCF-5CCF-445C-9C02-8FD61FA1A445}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {07C6E258-13A9-43A8-8A41-73063CFBF2B2}
IE - HKLM\..\SearchScopes\{07C6E258-13A9-43A8-8A41-73063CFBF2B2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{94901FCF-5CCF-445C-9C02-8FD61FA1A445}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKCU\..\SearchScopes,DefaultScope = {07C6E258-13A9-43A8-8A41-73063CFBF2B2}
IE - HKCU\..\SearchScopes\{07C6E258-13A9-43A8-8A41-73063CFBF2B2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{8A545E97-23B7-4001-A81E-49EF4CF39D3B}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=3CD624F5-3826-4C1C-8FB5-FF0A33E47B0B&apn_sauid=B589FEC6-F141-4D65-8428-AF07E8C7B29E
IE - HKCU\..\SearchScopes\{94901FCF-5CCF-445C-9C02-8FD61FA1A445}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:55414
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/24 14:41:23 | 000,000,000 | ---D | M]
 
[2012/06/24 19:26:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/10 14:14:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
 
O1 HOSTS File: ([2011/10/09 15:14:20 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [SelectRebates] C:\Program Files (x86)\SelectRebates\SelectRebates.exe ()
O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
O4 - HKCU..\Run: [Allmyapps] C:\Program Files (x86)\Allmyapps\AllmyappsNotifier.exe (Allmyapps)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FA37FA0-BDA4-4A53-BCF9-27A325F26A3D}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\_avp32.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\_avpcc.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\_avpm.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\~1.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\~2.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\a.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\aAvgApi.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\AAWTray.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\About.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\ackwin32.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\adaware.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\Ad-Aware.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\advxdwin.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\AdwarePrj.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\agent.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\agentsvr.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\agentw.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\alertsvc.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\alevir.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\alogserv.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\AlphaAV: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\AlphaAV.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\AluSchedulerSvc.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\amon9x.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\AntispywarXP2009.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\anti-trojan.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\Anti-Virus Professional.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\antivirus.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\AntiVirus_Pro.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\AntivirusPlus: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\AntivirusPlus.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\AntivirusPro_2010.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\AntivirusXP: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\AntivirusXP.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\antivirusxppro2009.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\ants.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\apimonitor.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\aplica32.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\apvxdwin.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\arr.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\ashAvast.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\ashBug.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\ashChest.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\ashCnsnt.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\ashDisp.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\ashLogV.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\ashMaiSv.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\ashPopWz.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\ashQuick.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\ashServ.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\ashSimp2.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\ashSimpl.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\ashSkPcc.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\ashSkPck.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\ashUpd.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\ashWebSv.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\aswChLic.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\aswRegSvr.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\aswRunDll.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\aswUpdSv.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\atcon.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\atguard.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\atro55en.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\atupdater.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\atwatch.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\au.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\aupdate.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\autodown.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\auto-protect.nav80try.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\autotrace.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\autoupdate.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\av360.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avadmin.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avastSvc.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avastUI.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\AVCare.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avcenter.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avciman.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avconfig.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avconsol.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\ave32.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\AVENGINE.EXE: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avgcc32.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avgchk.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avgcmgr.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avgcsrvx.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avgctrl.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avgdumpx.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avgemc.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avgiproxy.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avgnsx.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avgnt.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avgrsx.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avgscanx.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avgserv.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avgserv9.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avgsrmax.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avgtray.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avguard.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avgui.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avgupd.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avgw.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avgwdsvc.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avkpop.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avkserv.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avkservice.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avkwctl9.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avltmain.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avmailc.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avmcdlg.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avnotify.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avnt.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avp32.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avpcc.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avpdos32.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avpm.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avptc32.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avpupd.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avsched32.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avshadow.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avsynmgr.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avupgsvc.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\AVWEBGRD.EXE: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avwin.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avwin95.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avwinnt.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avwsc.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avwupd.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avwupd32.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avwupsrv.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avxmonitor9x.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avxmonitornt.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avxquar.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\b.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\backweb.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\bargains.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\bd_professional.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\bdfvcl.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\bdfvwiz.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\BDInProcPatch.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\bdmcon.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\BDMsnScan.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\BDSurvey.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\beagle.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\belt.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\bidef.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\bidserver.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\bipcp.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\bipcpevalsetup.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\bisp.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\blackd.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\blackice.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\blink.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\blss.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\bootconf.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\bootwarn.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\borg2.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\bpc.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\brasil.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\brastk.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\brw.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\bs120.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\bspatch.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\bundle.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\bvt.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\c.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\cavscan.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\ccapp.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\ccevtmgr.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\ccpxysvc.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\ccSvcHst.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\cdp.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\cfd.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\cfgwiz.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\cfiadmin.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\cfiaudit.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\cfinet.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\cfinet32.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\cfp.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\cfpconfg.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\cfplogvw.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\cfpupdat.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\claw95.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\claw95cf.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\clean.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\cleaner.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\cleaner3.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\cleanIELow.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\cleanpc.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\click.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\cmd32.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\cmdagent.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\cmesys.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\cmgrdian.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\cmon016.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\connectionmonitor.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\control: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\cpd.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\cpf9x206.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\cpfnt206.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\crashrep.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\csc.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\cssconfg.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\cssupdat.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\cssurf.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\ctrl.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\cv.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\cwnb181.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\cwntdwmo.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\d.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\datemanager.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\dcomx.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\defalert.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\defscangui.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\defwatch.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\deloeminfs.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\deputy.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\divx.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\dllcache.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\dllreg.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\doors.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\dop.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\dpf.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\dpfsetup.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\dpps2.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\driverctrl.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\drwatson.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\drweb32.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\drwebupw.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\dssagent.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\dvp95.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\dvp95_0.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\ecengine.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\efpeadm.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\emsw.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\ent.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\esafe.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\escanhnt.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\escanv95.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\espwatch.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\ethereal.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\etrustcipe.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\evpn.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\exantivirus-cnet.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\exe.avxw.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\expert.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\explore.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\fact.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\f-agnt95.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\fameh32.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\fast.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\fch32.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\fih32.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\findviru.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\firewall.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\fixcfg.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\fixfp.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\fnrb32.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\fprot.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\f-prot.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\f-prot95.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\fp-win.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\fp-win_trial.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\frmwrk32.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\frw.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\fsaa.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\fsav.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\fsav32.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\fsav530stbyb.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\fsav530wtbyb.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\fsav95.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\fsgk32.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\fsm32.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\fsma32.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\fsmb32.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\f-stopw.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\gator.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\gav.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\gbmenu.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\gbn976rl.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\gbpoll.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\generics.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\gmt.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\guard.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\guarddog.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\guardgui.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\guardxkickoff.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\hacktracersetup.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\hbinst.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\hbsrv.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\History.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\homeav2010.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\hotactio.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\hotpatch.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\htlog.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\htpatch.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit:[/b

Title: Virus - can't turn on firewall, bogus alerts while running microso
Post by: guestolo on July 18, 2012, 10:26:57 PM

Download ComboFix from the following location

[color="#0000FF"]Link 1[/color] (http://"http://download.bleepingcomputer.com/sUBs/ComboFix.exe")
Save it ONLY to your Desktop

      --------------------------------------------------------------------
[color="#2E8B57"]Temporarily Disable your AntiVirus/AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with this tool
[/color]

Double click on ComboFix.exe & follow the prompts.

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix will/may run again on startup, it will prompt that it's creating a log
This process could take up to 10 minutes, let it run uninterrupted please

Title: Virus - can't turn on firewall, bogus alerts while running microso
Post by: Dale on July 19, 2012, 06:49:58 AM

I'd hoped to be able to post the log from ComboFix before I went to work but the things been running now for over 20 minutes (maybe 30), and I need to go to work.  What should I do if it is still stuck when I get home tonight?  Reboot and try again?

Title: Virus - can't turn on firewall, bogus alerts while running microso
Post by: Dale on July 19, 2012, 06:51:16 AM

I meant to mention that it says it has completed stage_1 thru stage_4 so far.

Title: Virus - can't turn on firewall, bogus alerts while running microso
Post by: Dale on July 19, 2012, 09:15:48 PM

I tried multiple times to get ComboFix to run to completion but it never would.  I waited all day and at least 60 minutes a try and it got stuck on step 4, all but once, which was the time I tried running it as an administrator.  That time it got to step 6a and got stuck.

I reran OldTimer in case you could clean something from whatever Combofix may have done to the system.

Here's the latest logs.

Dale

OTL logfile created on: 7/19/2012 9:17:04 PM - Run 2
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.93 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 60.40% Memory free
5.86 Gb Paging File | 4.59 Gb Available in Paging File | 78.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.83 Gb Total Space | 219.95 Gb Free Space | 77.49% Space Free | Partition Type: NTFS
Drive D: | 13.96 Gb Total Space | 2.31 Gb Free Space | 16.55% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 92.67 Mb Free Space | 93.29% Space Free | Partition Type: FAT32
 
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/07/18 18:15:06 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2012/01/03 16:31:34 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011/09/12 18:54:12 | 003,381,184 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe
PRC - [2011/09/12 18:54:09 | 001,382,984 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe
PRC - [2011/08/24 18:29:02 | 003,997,912 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/11/01 15:15:12 | 000,886,752 | ---- | M] () -- C:\Program Files (x86)\SelectRebates\SelectRebates.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/09/12 18:54:13 | 002,557,952 | ---- | M] () -- C:\Program Files (x86)\Webroot\Security\Current\Framework\frameworkresources.dll
MOD - [2010/11/01 15:15:12 | 000,886,752 | ---- | M] () -- C:\Program Files (x86)\SelectRebates\SelectRebates.exe
MOD - [2010/06/03 13:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/02/22 13:19:10 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/02/22 13:19:08 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/02/22 13:19:08 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010/01/18 17:04:08 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV:64bit: - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/19 18:11:44 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/09/12 18:54:12 | 003,381,184 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe -- (WRConsumerService)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/08/24 18:29:02 | 003,997,912 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe -- (WebrootSpySweeperService)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/04 13:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/18 17:31:32 | 000,136,224 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ssidrv.sys -- (ssidrv)
DRV:64bit: - [2011/05/18 17:31:30 | 000,056,408 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\ssfmonm.sys -- (ssfmonm)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/03/05 14:57:18 | 000,144,896 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2010/02/05 19:49:04 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/01/19 20:55:34 | 001,088,544 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/11/27 20:45:00 | 000,295,424 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/10/13 13:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/22 20:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/09/22 20:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {07C6E258-13A9-43A8-8A41-73063CFBF2B2}
IE:64bit: - HKLM\..\SearchScopes\{07C6E258-13A9-43A8-8A41-73063CFBF2B2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{94901FCF-5CCF-445C-9C02-8FD61FA1A445}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {07C6E258-13A9-43A8-8A41-73063CFBF2B2}
IE - HKLM\..\SearchScopes\{07C6E258-13A9-43A8-8A41-73063CFBF2B2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{94901FCF-5CCF-445C-9C02-8FD61FA1A445}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKCU\..\SearchScopes,DefaultScope = {07C6E258-13A9-43A8-8A41-73063CFBF2B2}
IE - HKCU\..\SearchScopes\{07C6E258-13A9-43A8-8A41-73063CFBF2B2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{8A545E97-23B7-4001-A81E-49EF4CF39D3B}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=3CD624F5-3826-4C1C-8FB5-FF0A33E47B0B&apn_sauid=B589FEC6-F141-4D65-8428-AF07E8C7B29E
IE - HKCU\..\SearchScopes\{94901FCF-5CCF-445C-9C02-8FD61FA1A445}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:55414
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/24 14:41:23 | 000,000,000 | ---D | M]
 
[2012/06/24 19:26:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/10 14:14:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
 
O1 HOSTS File: ([2011/10/09 15:14:20 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [SelectRebates] C:\Program Files (x86)\SelectRebates\SelectRebates.exe ()
O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
O4 - HKCU..\Run: [Allmyapps] C:\Program Files (x86)\Allmyapps\AllmyappsNotifier.exe (Allmyapps)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FA37FA0-BDA4-4A53-BCF9-27A325F26A3D}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/07/19 20:20:52 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/07/19 06:19:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/19 06:19:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/19 06:19:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/19 06:19:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/19 06:18:49 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/19 06:18:46 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/07/19 06:18:01 | 004,582,475 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/07/18 18:15:06 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/07/16 20:27:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/07/16 20:16:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2012/07/16 20:14:50 | 000,000,000 | ---D | C] -- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
[2012/07/16 20:03:13 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\HP Support Assistant
[2012/07/16 19:58:36 | 000,157,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/07/16 19:58:36 | 000,149,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/07/16 19:58:36 | 000,149,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/07/16 19:57:20 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/07/16 19:45:57 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/16 19:45:57 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/16 19:45:57 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/16 19:45:57 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/16 19:45:56 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/16 19:45:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/16 19:45:55 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/16 19:45:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/16 19:45:54 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/16 19:45:54 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/16 19:45:54 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/16 19:45:54 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/16 19:45:54 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/16 19:44:18 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/07/16 19:44:17 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/07/16 19:44:15 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/16 19:44:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/07/16 19:44:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/06/24 18:07:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SelectRebates
[2012/06/24 17:57:08 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/06/24 17:53:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\.minecraft
[2012/06/24 17:53:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
[2012/06/24 17:53:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Minecraft
[2012/06/24 17:45:56 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Allmyapps
[2012/06/24 17:45:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Allmyapps
[2012/06/24 17:45:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Allmyapps
[2012/06/24 17:45:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Allmyapps
[2012/06/23 17:42:45 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/23 17:42:45 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/23 17:42:45 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/23 17:42:35 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/23 17:42:35 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/23 17:42:35 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/23 17:42:23 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/23 17:42:23 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012/07/19 21:22:08 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/19 21:22:08 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/19 21:17:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/19 21:14:56 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/19 21:14:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/19 21:14:36 | 2361,593,856 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/19 20:53:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/19 20:14:51 | 009,372,450 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/19 20:14:51 | 003,177,474 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/19 20:14:51 | 000,005,156 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/19 18:16:38 | 004,582,475 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/07/19 18:11:44 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/19 18:11:44 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/18 18:15:06 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/07/16 20:27:36 | 000,002,975 | ---- | M] () -- C:\Users\Owner\Desktop\HiJackThis.lnk
[2012/07/16 20:16:51 | 000,002,179 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/07/16 19:51:14 | 000,386,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/28 20:23:50 | 000,476,976 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012/06/28 20:23:46 | 000,472,880 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/06/28 20:20:51 | 000,157,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/06/28 20:20:48 | 000,149,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/06/28 20:20:42 | 000,149,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/06/24 18:18:07 | 000,000,683 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\result.db
[2012/06/24 17:45:49 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\Allmyapps.lnk
 
========== Files Created - No Company Name ==========
 
[2012/07/19 06:19:19 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/19 06:19:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/19 06:19:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/19 06:19:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/19 06:19:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/16 20:27:36 | 000,002,975 | ---- | C] () -- C:\Users\Owner\Desktop\HiJackThis.lnk
[2012/07/16 20:16:51 | 000,002,179 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/06/24 18:18:07 | 000,000,683 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\result.db
[2012/06/24 17:57:12 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/24 17:45:47 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\Allmyapps.lnk
[2011/07/22 23:02:39 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\{9BF6F044-92E8-4479-9960-7329C633FB9D}
[2011/06/22 01:10:21 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\{924F3980-0A8F-49FA-9233-0400E3DADE29}
[2010/08/14 20:56:27 | 000,030,424 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 705 bytes -> C:\Users\Owner\Desktop\PAP_test.eml:OECustomProperty

< End of report >










OTL Extras logfile created on: 7/18/2012 6:16:04 PM - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.93 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 54.17% Memory free
5.86 Gb Paging File | 4.32 Gb Available in Paging File | 73.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.83 Gb Total Space | 220.39 Gb Free Space | 77.65% Space Free | Partition Type: NTFS
Drive D: | 13.96 Gb Total Space | 2.31 Gb Free Space | 16.55% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 92.67 Mb Free Space | 93.29% Space Free | Partition Type: FAT32
 
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{054847F1-65F2-4D93-A62F-55CD944F50F5}" = rport=445 | protocol=6 | dir=out | app=system |
"{06804A3B-CC10-40BA-A40F-B453D5FBBC95}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0CC7ED60-0960-4161-9ACD-2B73687B0982}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{16327044-0998-4312-91A0-62B860577ECA}" = lport=137 | protocol=17 | dir=in | app=system |
"{1A0B6FAE-C098-499E-985F-378E915AE36C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{28739C60-3EEE-4092-BF6F-6EB0DB758D0E}" = rport=137 | protocol=17 | dir=out | app=system |
"{2FF9D5D5-2C36-47FE-98DA-E49F6856632E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3D0D5FE4-47A5-4E38-A7DB-76F03FD07E05}" = rport=139 | protocol=6 | dir=out | app=system |
"{41645D42-0851-4B85-94B8-771EA38D7DB6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{47387814-318A-4AB9-8834-B6663FDF44AD}" = lport=445 | protocol=6 | dir=in | app=system |
"{570DD558-C902-4D6A-BEB0-1DBCE905B058}" = rport=10243 | protocol=6 | dir=out | app=system |
"{580CF592-C434-42D6-B1BB-E58DAEF2182B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{65C0E7B8-5C06-4A56-B901-788665F31C5C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6EA5971E-9213-43FA-94E7-7E7FC8AFDAC5}" = rport=138 | protocol=17 | dir=out | app=system |
"{70A22E80-BEEF-432C-B178-FE8C7BF94D47}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{8A7880DA-E2D7-4F8D-8A7E-CEF478BE1E4F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9AD23BD2-2A64-490D-860A-410AC42F290F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A6E83905-4B16-4335-9DEC-CB49457F7FE2}" = lport=139 | protocol=6 | dir=in | app=system |
"{A7BB5C9D-25DF-4AC9-9BED-546EA08F6BAF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C06E54FE-674A-43CB-B44B-7CECD3A7C2D2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C48DC9CE-7A81-4403-B4F3-9561B8C536BD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C5B2C555-F8CC-406E-84E5-184E53C7656E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CAB117B7-B741-4AE2-BDD6-1E77B41D85D3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CDDC081C-E1C6-41D7-A99F-768176096EAA}" = lport=138 | protocol=17 | dir=in | app=system |
"{EDEE7AA2-13BF-45B3-96DD-7FFF62ABA8B5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{033265D3-6EA6-4E5B-B2EC-8CFF5FE77B6C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{049FFA53-E471-4C06-AAFE-51EFEA3CB5CE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{0CECB5A3-0CB8-43E9-9004-5C94FA70D9FD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{10B4103C-7CC1-4323-994C-6F5819AADF11}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1745F285-2776-450E-A244-AC508AC3F6A1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1AF6E58A-69F8-4D16-A64C-FE177AD6FCA4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{25585EC5-A380-45EE-BA64-AB1383405668}" = protocol=58 | dir=out | [email protected],-28546 |
"{321E2DB2-93B6-4CF8-BABB-A6C0288C5B9E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{3A108129-04B1-4E50-9A10-18D508CB62DF}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{40D6FCBB-D307-47BF-900C-9FC1ABA83E7B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{47BFDA4B-B9CE-46DE-B1B6-7C47D5BA2E65}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{4E930AC6-DEF8-4DCA-863D-6DF5653C1A7D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5CC0F3C9-5A04-42DA-AAC9-5C3605447BC1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6647ED6B-966E-4C7C-9117-61D4A08D8066}" = protocol=1 | dir=in | [email protected],-28543 |
"{6B5E66D2-34AC-463E-AD87-A5569A8A06A6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{801980B0-0FA5-4E86-B32F-A25583959BB8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{895CCEA7-61E9-4C24-A1E9-D5530308C796}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{89C9B58B-112C-4192-9CAF-4910910E50E5}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{92913B3E-2613-4DE3-BDB7-C6AE29FF626C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9984BC29-E3EE-44FA-904B-A27793AC4C89}" = protocol=58 | dir=in | [email protected],-28545 |
"{A8628E54-4C1B-49E5-9854-D9C09D1C021A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BF624B07-2E0F-4E2A-A643-8947511F0C13}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C8E8BE7F-F3AF-480A-9496-0FFD3C9260F0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CFE92435-CCA0-4C25-A7F7-62F06BD215FC}" = protocol=1 | dir=out | [email protected],-28544 |
"{D47AF400-36F3-42C4-A641-902703F8D8E2}" = protocol=6 | dir=out | app=system |
"{DE515D2F-D07C-4C82-9FAB-86646EA94DE6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E14E2A1A-6266-4980-9182-2E286A6E6CB4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E3DE8576-485E-4DCD-88D3-5FBABBDB251D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"TCP Query User{2D2AD786-9A8B-49DA-9D92-346744C38063}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{A93A2DA5-D03D-490D-B08F-6A0C3FFC40E5}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{10F539B1-31AF-43BF-9F0C-0EB66E918922}" = HP Quick Launch
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B613A9BB-2B34-4824-A4BE-2427653D59D6}" = iTunes
"{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
"{EB418DDD-5365-4381-87F6-D8BBB21CC1CA}" = Garmin Communicator Plugin x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17079027-EB8A-42C6-9BF8-825B78889F6A}" = Garmin Communicator Plugin
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{223E2363-6643-49CB-A062-59A9858EE8EE}" = HP Software Framework
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 33
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{43BA31BA-04BD-2EA3-0A60-A9C54E06D3F2}" = muvee Reveal
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{47D7C9B8-BD44-4D2E-9040-E946477B2F9A}" = Microsoft Live Search Toolbar
"{49A143E9-4A6A-43E7-86B1-388194C79248}" = HP Smart Web Printing
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}" = LightScribe System Software
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B287B75-DF8D-40C8-9620-8E4492C38EF1}" = Webroot Software
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{901F0D4C-009D-1112-8DE4-03599E7B0C5C}" = REALTEK Wireless LAN Software
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A4317FB-5775-4FB3-BDC9-995595106F1F}" = HP User Guides 0178
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Allmyapps" = Allmyapps
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Minecraft_is1" = Minecraft version 1.2.3
"My HP Game Console" = HP Game Console
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"SelectRebatesUninstall" = ShopAtHome.com Toolbar
"Webroot Software" = Webroot Software
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3

Title: Virus - can't turn on firewall, bogus alerts while running microso
Post by: Dale on July 19, 2012, 09:17:46 PM

FYI I meant gleen something up above, not clean.   /rolleyes.gif\' class=\'bbc_emoticon\' alt=\':rolleyes:\' />

Title: Virus - can't turn on firewall, bogus alerts while running microso
Post by: guestolo on July 19, 2012, 09:34:27 PM

Shouldn't take longer than 5 to 10 minutes to get past stage 4, Can you try running ComboFix in Safe mode and see what happens please

Title: Virus - can't turn on firewall, bogus alerts while running microso
Post by: Dale on July 20, 2012, 05:54:26 AM

Took me several tries, but I got her system to restart in safe mode, and ComboFix must have ran and rebooted okay when I did because when I came back to her system 30 minutes later the log file was open on the desktop.  I rebooted again - to get network support, and the log appears below.

Thanks you!

ComboFix 12-07-19.02 - Owner 07/20/2012   5:47.5.2 - x64 MINIMAL
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3003.1810 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E}
SP: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\SelectRebates
c:\program files (x86)\SelectRebates\FFToolbar\chrome.manifest
c:\program files (x86)\SelectRebates\FFToolbar\chrome\sahtoolbar.jar
c:\program files (x86)\SelectRebates\FFToolbar\defaults\preferences\sahtoolbar.js
c:\program files (x86)\SelectRebates\FFToolbar\install.rdf
c:\program files (x86)\SelectRebates\SahImages\alert.png
c:\program files (x86)\SelectRebates\SahImages\check.png
c:\program files (x86)\SelectRebates\SahImages\close.png
c:\program files (x86)\SelectRebates\SelectAlerts.dat
c:\program files (x86)\SelectRebates\SelectRebates.exe
c:\program files (x86)\SelectRebates\SelectRebates.ini
c:\program files (x86)\SelectRebates\SelectRebatesA.dat
c:\program files (x86)\SelectRebates\SelectRebatesApi.exe
c:\program files (x86)\SelectRebates\SelectRebatesB.dat
c:\program files (x86)\SelectRebates\SelectRebatesBT.dat
c:\program files (x86)\SelectRebates\SelectRebatesDownload.exe
c:\program files (x86)\SelectRebates\SelectRebatesUninstall.exe
c:\program files (x86)\SelectRebates\SRebates.dll
c:\program files (x86)\SelectRebates\SRFF3.dll
c:\program files (x86)\SelectRebates\Toolbar\AddtoList.bmp
c:\program files (x86)\SelectRebates\Toolbar\basis.xml
c:\program files (x86)\SelectRebates\Toolbar\Basis.xml.dym
c:\program files (x86)\SelectRebates\Toolbar\Blank.bmp
c:\program files (x86)\SelectRebates\Toolbar\CashBack.bmp
c:\program files (x86)\SelectRebates\Toolbar\Coupons.bmp
c:\program files (x86)\SelectRebates\Toolbar\GroceryCoupon.bmp
c:\program files (x86)\SelectRebates\Toolbar\i_magnifying.bmp
c:\program files (x86)\SelectRebates\Toolbar\icons.bmp
c:\program files (x86)\SelectRebates\Toolbar\ImageCache\alert-red.bmp
c:\program files (x86)\SelectRebates\Toolbar\logo.bmp
c:\program files (x86)\SelectRebates\Toolbar\logo_24.bmp
c:\program files (x86)\SelectRebates\Toolbar\logo_HotSpots.bmp
c:\program files (x86)\SelectRebates\Toolbar\ReviewSite.bmp
c:\program files (x86)\SelectRebates\Toolbar\RightControls.dym
c:\program files (x86)\SelectRebates\Toolbar\sahtb-alert.bmp
c:\program files (x86)\SelectRebates\Toolbar\sahtb-go.bmp
c:\program files (x86)\SelectRebates\Toolbar\sahtb-grocerycoupons.bmp
c:\program files (x86)\SelectRebates\Toolbar\sahtb-icons.bmp
c:\program files (x86)\SelectRebates\Toolbar\sahtb-restaurant.bmp
c:\program files (x86)\SelectRebates\Toolbar\sahtb-wishlist.bmp
c:\program files (x86)\SelectRebates\Toolbar\Scissors.bmp
c:\program files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
c:\users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\{012BB8F2-185A-4BC9-9899-E261EAF8A16C}.xps
c:\users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8303B53C-861E-4002-BCF1-CA8559EFC158}.xps
c:\users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\{90F2694C-3F88-4EAA-919F-B783B54BD12D}.xps
c:\users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D794886A-082D-4CCD-88EE-898CEA72B565}.xps
c:\users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DE10E8E3-A17E-42B4-9480-5A73CA763233}.xps
c:\users\Owner\AppData\Roaming\result.db
.
.
(((((((((((((((((((((((((   Files Created from 2012-06-20 to 2012-07-20  )))))))))))))))))))))))))))))))
.
.
2012-07-20 10:54 . 2012-07-20 10:54   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-07-17 01:27 . 2012-07-17 01:27   388096   ----a-r-   c:\users\Owner\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-17 01:27 . 2012-07-17 01:27   --------   d-----w-   c:\program files (x86)\Trend Micro
2012-07-17 01:14 . 2012-07-17 01:14   --------   d-----w-   c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-07-17 01:03 . 2012-07-17 01:03   --------   d-----w-   c:\users\Owner\AppData\Roaming\HP Support Assistant
2012-07-17 00:57 . 2012-07-17 00:57   --------   d-----w-   c:\programdata\McAfee
2012-07-17 00:48 . 2012-06-12 03:08   3148800   ----a-w-   c:\windows\system32\win32k.sys
2012-07-17 00:44 . 2012-06-09 05:43   14172672   ----a-w-   c:\windows\system32\shell32.dll
2012-06-24 22:57 . 2012-07-19 23:11   426184   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-24 22:53 . 2012-06-24 22:53   --------   d-----w-   c:\users\Owner\AppData\Roaming\.minecraft
2012-06-24 22:53 . 2012-06-24 22:53   --------   d-----w-   c:\program files (x86)\Minecraft
2012-06-24 22:45 . 2012-06-24 22:46   --------   d-----w-   c:\users\Owner\AppData\Roaming\Allmyapps
2012-06-24 22:45 . 2012-07-19 23:15   --------   d-----w-   c:\program files (x86)\Allmyapps
2012-06-24 22:45 . 2012-07-20 10:32   --------   d-----w-   c:\programdata\Allmyapps
2012-06-23 22:42 . 2012-06-02 22:19   2428952   ----a-w-   c:\windows\system32\wuaueng.dll
2012-06-23 22:42 . 2012-06-02 22:19   57880   ----a-w-   c:\windows\system32\wuauclt.exe
2012-06-23 22:42 . 2012-06-02 22:19   44056   ----a-w-   c:\windows\system32\wups2.dll
2012-06-23 22:42 . 2012-06-02 22:15   2622464   ----a-w-   c:\windows\system32\wucltux.dll
2012-06-23 22:42 . 2012-06-02 22:19   38424   ----a-w-   c:\windows\system32\wups.dll
2012-06-23 22:42 . 2012-06-02 22:19   701976   ----a-w-   c:\windows\system32\wuapi.dll
2012-06-23 22:42 . 2012-06-02 22:15   99840   ----a-w-   c:\windows\system32\wudriver.dll
2012-06-23 22:42 . 2012-06-02 20:19   186752   ----a-w-   c:\windows\system32\wuwebv.dll
2012-06-23 22:42 . 2012-06-02 20:15   36864   ----a-w-   c:\windows\system32\wuapp.exe
2012-06-23 02:23 . 2012-05-31 04:04   9013136   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{825F2EBE-314B-44BC-94D1-D15DB1ECEE0D}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-19 23:11 . 2011-12-10 03:06   70344   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-17 00:46 . 2010-08-15 01:41   59701280   ----a-w-   c:\windows\system32\MRT.exe
2012-06-29 01:23 . 2012-06-10 19:14   476976   ----a-w-   c:\windows\SysWow64\npdeployJava1.dll
2012-06-29 01:23 . 2010-08-15 01:38   472880   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2012-05-04 11:06 . 2012-06-17 04:50   5559664   ----a-w-   c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-17 04:50   3968368   ----a-w-   c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-17 04:50   3913072   ----a-w-   c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-17 04:51   209920   ----a-w-   c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-17 04:49   210944   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-17 04:52   77312   ----a-w-   c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-17 04:52   149504   ----a-w-   c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-17 04:52   9216   ----a-w-   c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-17 04:49   184320   ----a-w-   c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-17 04:49   140288   ----a-w-   c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-17 04:49   1462272   ----a-w-   c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-17 04:49   140288   ----a-w-   c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-17 04:49   1158656   ----a-w-   c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-17 04:49   103936   ----a-w-   c:\windows\SysWow64\cryptnet.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 21:31   1514152   ----a-w-   c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-02-22 2363392]
"Allmyapps"="c:\program files (x86)\Allmyapps\AllmyappsNotifier.exe" [2012-07-19 861688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"WebrootTrayApp"="c:\program files (x86)\Webroot\Security\Current\Framework\WRTray.exe" [2011-09-12 1382984]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-28 00:10   35696   ----a-w-   c:\program files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-15 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-19 250056]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-15 136176]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 225280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-15 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
S2 ssfmonm;ssfmonm;c:\windows\system32\DRIVERS\ssfmonm.sys [2011-05-18 56408]
S2 WRConsumerService;Webroot Client Service;c:\program files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe [2011-09-12 3381184]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-03-05 144896]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-11-28 295424]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-01-20 1088544]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 18:38   451872   ----a-w-   c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 23:11]
.
2012-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-15 20:09]
.
2012-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-15 20:09]
.
2012-07-20 c:\windows\Tasks\HPCeeScheduleForOwner.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-01-29 6160928]
"RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2010-01-13 995840]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-24 172032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:55414
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-SelectRebates - c:\program files (x86)\SelectRebates\SelectRebates.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{1E61ED7C-7CB8-49D6-B9E9-AB4C880C8414}"=hex:51,66,7a,6c,4c,1d,38,12,12,ee,72,
   1a,8a,32,b8,0c,c6,ff,e8,0c,8d,52,c0,00
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
   07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
   b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
   d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
   fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
   51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:1b,b7,e9,2d,f6,f7,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe
.
**************************************************************************
.
Completion time: 2012-07-20  06:03:25 - machine was rebooted
ComboFix-quarantined-files.txt  2012-07-20 11:03
.
Pre-Run: 236,190,289,920 bytes free
Post-Run: 237,718,196,224 bytes free
.
- - End Of File - - EC1241C71C440495B3ED95838C5E530E

Title: Virus - can't turn on firewall, bogus alerts while running microso
Post by: guestolo on July 22, 2012, 06:50:02 AM

very sorry for the delay, can you reopen OTL.exe and run a fresh Scan
Only one log will be produced when it's complete, can you post it's contents please

Title: Virus - can't turn on firewall, bogus alerts while running microso
Post by: Dale on July 22, 2012, 07:23:57 AM

I'm running OTL right now and will post the log as soon as I can.

Just FYI, I'm going to be out of pocket after today for a week.  When I said I'd "fix" the PC, I told them they couldn't be in a hurry, so...  Assuming we aren't done with it today, and that they don't want it back today before I go, I'll pick back up on this a week from Monday.  But I have all day today.  At a minimum, I'll get the OTL log posted as soon as it finishes running on her PC.

Dale

Title: Virus - can't turn on firewall, bogus alerts while running microso
Post by: Dale on July 22, 2012, 07:27:04 AM

Wow, it ran faster than I expected.  :-)

Here's the log.

Thank you again for your help on this.

Dale

OTL logfile created on: 7/22/2012 7:34:38 AM - Run 3
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.93 Gb Total Physical Memory | 1.82 Gb Available Physical Memory | 61.92% Memory free
5.86 Gb Paging File | 4.36 Gb Available in Paging File | 74.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.83 Gb Total Space | 222.38 Gb Free Space | 78.35% Space Free | Partition Type: NTFS
Drive D: | 13.96 Gb Total Space | 2.31 Gb Free Space | 16.55% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 92.67 Mb Free Space | 93.29% Space Free | Partition Type: FAT32
 
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/07/18 18:15:06 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2012/01/03 16:31:34 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011/09/12 18:54:12 | 003,381,184 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe
PRC - [2011/09/12 18:54:09 | 001,382,984 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe
PRC - [2011/08/24 18:29:02 | 003,997,912 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/09/12 18:54:13 | 002,557,952 | ---- | M] () -- C:\Program Files (x86)\Webroot\Security\Current\Framework\frameworkresources.dll
MOD - [2010/06/03 13:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/02/22 13:19:10 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/02/22 13:19:08 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/02/22 13:19:08 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010/01/18 17:04:08 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV:64bit: - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/19 18:11:44 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/09/12 18:54:12 | 003,381,184 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe -- (WRConsumerService)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/08/24 18:29:02 | 003,997,912 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe -- (WebrootSpySweeperService)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/04 13:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/18 17:31:32 | 000,136,224 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ssidrv.sys -- (ssidrv)
DRV:64bit: - [2011/05/18 17:31:30 | 000,056,408 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\ssfmonm.sys -- (ssfmonm)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/03/05 14:57:18 | 000,144,896 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2010/02/05 19:49:04 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/01/19 20:55:34 | 001,088,544 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/11/27 20:45:00 | 000,295,424 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/10/13 13:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/22 20:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/09/22 20:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {07C6E258-13A9-43A8-8A41-73063CFBF2B2}
IE:64bit: - HKLM\..\SearchScopes\{07C6E258-13A9-43A8-8A41-73063CFBF2B2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{94901FCF-5CCF-445C-9C02-8FD61FA1A445}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {07C6E258-13A9-43A8-8A41-73063CFBF2B2}
IE - HKLM\..\SearchScopes\{07C6E258-13A9-43A8-8A41-73063CFBF2B2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{94901FCF-5CCF-445C-9C02-8FD61FA1A445}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKCU\..\SearchScopes,DefaultScope = {07C6E258-13A9-43A8-8A41-73063CFBF2B2}
IE - HKCU\..\SearchScopes\{07C6E258-13A9-43A8-8A41-73063CFBF2B2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{8A545E97-23B7-4001-A81E-49EF4CF39D3B}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=3CD624F5-3826-4C1C-8FB5-FF0A33E47B0B&apn_sauid=B589FEC6-F141-4D65-8428-AF07E8C7B29E
IE - HKCU\..\SearchScopes\{94901FCF-5CCF-445C-9C02-8FD61FA1A445}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:55414
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/24 14:41:23 | 000,000,000 | ---D | M]
 
[2012/06/24 19:26:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/10 14:14:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
 
O1 HOSTS File: ([2012/07/20 05:56:45 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
O4 - HKCU..\Run: [Allmyapps] C:\Program Files (x86)\Allmyapps\AllmyappsNotifier.exe (Allmyapps)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FA37FA0-BDA4-4A53-BCF9-27A325F26A3D}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/07/20 06:03:27 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/20 05:56:54 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/07/19 06:19:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/19 06:19:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/19 06:19:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/19 06:19:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/19 06:18:49 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/19 06:18:01 | 004,582,475 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/07/18 18:15:06 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/07/16 20:27:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/07/16 20:16:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2012/07/16 20:14:50 | 000,000,000 | ---D | C] -- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
[2012/07/16 20:03:13 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\HP Support Assistant
[2012/07/16 19:58:36 | 000,157,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/07/16 19:58:36 | 000,149,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/07/16 19:58:36 | 000,149,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/07/16 19:57:20 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/07/16 19:45:57 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/16 19:45:57 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/16 19:45:57 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/16 19:45:57 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/16 19:45:56 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/16 19:45:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/16 19:45:55 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/16 19:45:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/16 19:45:54 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/16 19:45:54 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/16 19:45:54 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/16 19:45:54 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/16 19:45:54 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/16 19:44:18 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/07/16 19:44:17 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/07/16 19:44:15 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/16 19:44:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/07/16 19:44:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/06/24 17:57:08 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/06/24 17:53:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\.minecraft
[2012/06/24 17:53:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
[2012/06/24 17:53:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Minecraft
[2012/06/24 17:45:56 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Allmyapps
[2012/06/24 17:45:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Allmyapps
[2012/06/24 17:45:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Allmyapps
[2012/06/24 17:45:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Allmyapps
[2012/06/23 17:42:45 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/23 17:42:45 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/23 17:42:45 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/23 17:42:35 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/23 17:42:35 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/23 17:42:35 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/23 17:42:23 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/23 17:42:23 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012/07/22 07:36:54 | 009,385,262 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/22 07:36:54 | 003,182,058 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/22 07:36:54 | 000,005,156 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/22 07:34:05 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/22 07:34:05 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/22 07:33:20 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/22 07:33:20 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/22 07:33:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/20 06:07:16 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/20 06:07:00 | 2361,593,856 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/20 05:56:45 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/20 05:33:25 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOwner.job
[2012/07/19 18:16:38 | 004,582,475 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/07/19 18:11:44 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/19 18:11:44 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/18 18:15:06 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/07/16 20:27:36 | 000,002,975 | ---- | M] () -- C:\Users\Owner\Desktop\HiJackThis.lnk
[2012/07/16 20:16:51 | 000,002,179 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/07/16 19:51:14 | 000,386,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/28 20:23:50 | 000,476,976 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012/06/28 20:23:46 | 000,472,880 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/06/28 20:20:51 | 000,157,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/06/28 20:20:48 | 000,149,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/06/28 20:20:42 | 000,149,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/06/24 17:45:49 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\Allmyapps.lnk
 
========== Files Created - No Company Name ==========
 
[2012/07/19 21:27:12 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForOwner.job
[2012/07/19 06:19:19 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/19 06:19:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/19 06:19:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/19 06:19:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/19 06:19:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/16 20:27:36 | 000,002,975 | ---- | C] () -- C:\Users\Owner\Desktop\HiJackThis.lnk
[2012/07/16 20:16:51 | 000,002,179 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/06/24 17:57:12 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/24 17:45:47 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\Allmyapps.lnk
[2011/07/22 23:02:39 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\{9BF6F044-92E8-4479-9960-7329C633FB9D}
[2011/06/22 01:10:21 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\{924F3980-0A8F-49FA-9233-0400E3DADE29}
[2010/08/14 20:56:27 | 000,030,424 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 705 bytes -> C:\Users\Owner\Desktop\PAP_test.eml:OECustomProperty

< End of report >

Title: Virus - can't turn on firewall, bogus alerts while running microso
Post by: guestolo on July 27, 2012, 06:49:41 AM

Sorry for the late reply Dale. I won't have access to my computer till next Thursday
I'll check back to see if your still in need of a hand.... Again, I apologize... Later

Title: Virus - can't turn on firewall, bogus alerts while running microso
Post by: Dale on August 02, 2012, 06:38:46 AM

I could still use your help.   /smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

Title: Virus - can't turn on firewall, bogus alerts while running microso
Post by: guestolo on August 02, 2012, 12:02:45 PM

hi again Dale, can you please do the following
Run a Scan with OTL again, post the new log that opens
We'll take it from there... I should be around a lot more for the next couple weeks

Title: Virus - can't turn on firewall, bogus alerts while running microso
Post by: Dale on August 02, 2012, 01:19:33 PM

I can do that, but I have done nothing with this system (other than to turn it off) since I posted the last scan...

Title: Virus - can't turn on firewall, bogus alerts while running microso
Post by: Dale on August 02, 2012, 01:20:42 PM

I meant to say, I can do that (post another OTL log) when I get home later today.  :-)

Title: Virus - can't turn on firewall, bogus alerts while running microso
Post by: Dale on August 02, 2012, 05:24:49 PM

Here's a fresh OTL log file.

Just FYI, I got some message about the techguide web page not responding due to a long running script, at the bottom of my IE window, so I took the option to cancel it, in order to make this post.

Dale

OTL logfile created on: 8/2/2012 5:34:20 PM - Run 4
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.93 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 48.35% Memory free
5.86 Gb Paging File | 4.32 Gb Available in Paging File | 73.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.83 Gb Total Space | 223.02 Gb Free Space | 78.58% Space Free | Partition Type: NTFS
Drive D: | 13.96 Gb Total Space | 2.31 Gb Free Space | 16.55% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 92.67 Mb Free Space | 93.29% Space Free | Partition Type: FAT32
 
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/07/18 18:15:06 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2012/01/03 16:31:34 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011/09/12 18:54:12 | 003,381,184 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe
PRC - [2011/09/12 18:54:09 | 001,382,984 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe
PRC - [2011/08/24 18:29:02 | 003,997,912 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2009/07/16 13:35:18 | 000,130,400 | ---- | M] (Microsoft Corp.) -- c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msntask.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/09/12 18:54:13 | 002,557,952 | ---- | M] () -- C:\Program Files (x86)\Webroot\Security\Current\Framework\frameworkresources.dll
MOD - [2010/06/03 13:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/02/22 13:19:10 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/02/22 13:19:08 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/02/22 13:19:08 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010/01/18 17:04:08 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV:64bit: - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/27 16:53:15 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/09/12 18:54:12 | 003,381,184 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe -- (WRConsumerService)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/08/24 18:29:02 | 003,997,912 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe -- (WebrootSpySweeperService)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/04 13:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/18 17:31:32 | 000,136,224 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ssidrv.sys -- (ssidrv)
DRV:64bit: - [2011/05/18 17:31:30 | 000,056,408 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\ssfmonm.sys -- (ssfmonm)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/03/05 14:57:18 | 000,144,896 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2010/02/05 19:49:04 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/01/19 20:55:34 | 001,088,544 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/11/27 20:45:00 | 000,295,424 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/10/13 13:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/22 20:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/09/22 20:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {07C6E258-13A9-43A8-8A41-73063CFBF2B2}
IE:64bit: - HKLM\..\SearchScopes\{07C6E258-13A9-43A8-8A41-73063CFBF2B2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{94901FCF-5CCF-445C-9C02-8FD61FA1A445}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {07C6E258-13A9-43A8-8A41-73063CFBF2B2}
IE - HKLM\..\SearchScopes\{07C6E258-13A9-43A8-8A41-73063CFBF2B2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{94901FCF-5CCF-445C-9C02-8FD61FA1A445}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKCU\..\SearchScopes,DefaultScope = {07C6E258-13A9-43A8-8A41-73063CFBF2B2}
IE - HKCU\..\SearchScopes\{07C6E258-13A9-43A8-8A41-73063CFBF2B2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{8A545E97-23B7-4001-A81E-49EF4CF39D3B}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=3CD624F5-3826-4C1C-8FB5-FF0A33E47B0B&apn_sauid=B589FEC6-F141-4D65-8428-AF07E8C7B29E
IE - HKCU\..\SearchScopes\{94901FCF-5CCF-445C-9C02-8FD61FA1A445}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:55414
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/24 14:41:23 | 000,000,000 | ---D | M]
 
[2012/06/24 19:26:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/10 14:14:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
 
O1 HOSTS File: ([2012/07/20 05:56:45 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
O4 - HKCU..\Run: [Allmyapps] C:\Program Files (x86)\Allmyapps\AllmyappsNotifier.exe (Allmyapps)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FA37FA0-BDA4-4A53-BCF9-27A325F26A3D}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/07/20 06:03:27 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/20 05:56:54 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/07/19 06:19:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/19 06:19:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/19 06:19:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/19 06:19:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/19 06:18:49 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/19 06:18:01 | 004,582,475 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/07/18 18:15:06 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/07/16 20:27:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/07/16 20:16:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2012/07/16 20:14:50 | 000,000,000 | ---D | C] -- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
[2012/07/16 20:03:13 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\HP Support Assistant
[2012/07/16 19:58:36 | 000,157,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/07/16 19:58:36 | 000,149,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/07/16 19:58:36 | 000,149,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/07/16 19:57:20 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/07/16 19:45:57 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/16 19:45:57 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/16 19:45:57 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/16 19:45:57 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/16 19:45:56 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/16 19:45:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/16 19:45:55 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/16 19:45:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/16 19:45:54 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/16 19:45:54 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/16 19:45:54 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/16 19:45:54 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/16 19:45:54 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/16 19:44:18 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/07/16 19:44:17 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/07/16 19:44:15 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/16 19:44:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/07/16 19:44:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012/08/02 17:17:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/02 17:16:12 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOwner.job
[2012/08/02 17:11:48 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/02 17:11:48 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/02 17:04:05 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/02 17:03:49 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/02 17:03:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/02 17:03:05 | 2361,593,856 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/27 16:55:58 | 009,398,074 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/27 16:55:58 | 003,186,642 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/27 16:55:57 | 000,005,156 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/27 16:53:14 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/27 16:53:14 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/20 05:56:45 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/19 18:16:38 | 004,582,475 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/07/18 18:15:06 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/07/16 20:27:36 | 000,002,975 | ---- | M] () -- C:\Users\Owner\Desktop\HiJackThis.lnk
[2012/07/16 20:16:51 | 000,002,179 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/07/16 19:51:14 | 000,386,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012/07/19 21:27:12 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForOwner.job
[2012/07/19 06:19:19 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/19 06:19:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/19 06:19:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/19 06:19:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/19 06:19:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/16 20:27:36 | 000,002,975 | ---- | C] () -- C:\Users\Owner\Desktop\HiJackThis.lnk
[2012/07/16 20:16:51 | 000,002,179 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2011/07/22 23:02:39 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\{9BF6F044-92E8-4479-9960-7329C633FB9D}
[2011/06/22 01:10:21 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\{924F3980-0A8F-49FA-9233-0400E3DADE29}
[2010/08/14 20:56:27 | 000,030,424 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 705 bytes -> C:\Users\Owner\Desktop\PAP_test.eml:OECustomProperty

< End of report >

Title: Virus - can't turn on firewall, bogus alerts while running microso
Post by: guestolo on August 03, 2012, 01:49:50 AM

Double  click on OTL.exe and Run it

• Under the [color="#0000FF"]Custom Scans/Fixes[/color] box at the bottom, copy/paste in the following in the quote box below. don't include the word Quote please
  
  Quote

  :OTL
  IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:55414
  :Reg
  :Files
  :Commands
  [EmptyTemp]
  

  
  
• Then click the [color="#FF0000"]Run Fix[/color] button at the top
  
• Let the program run unhindered, reboot the PC when it is done

On startup, Allow OTL to run if prompted
A log should open, can you post it please
A copy of this log can also be found in
C:\_OTL\Moved Files folder
in addition:
Back in Windows:
download Malwarebytes' Anti-Malware from Here (http://"http://www.besttechie.net/tools/mbam-setup.exe") or Here (http://"http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html")
Save the installer to desktop

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to [color="#0000FF"]Update Malwarebytes' Anti-Malware[/color] and [color="#0000FF"]Launch Malwarebytes' Anti-Malware[/color], then click Finish.    
  
• If an update is found, it will download and install the latest version.    
• Once the program has loaded, you will be prompted to Decline or use Trial version>>>Select DECLINE
• Select "Perform Quick Scan", then click Scan.    
  
• The scan may take some time to finish,so please be patient.    
• When the scan is complete, click OK, then Show Results to view the results.    
  
• If anything is found, make sure that everything is checked, and click Remove Selected.
      * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)    
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.    
• Copy&Paste the entire report in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Title: Virus - can't turn on firewall, bogus alerts while running microso
Post by: Dale on August 03, 2012, 06:10:24 AM

Glad you're back.

Here's the logs:

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
File ptyTemp] not found.
 
OTL by OldTimer - Version 3.2.54.0 log created on 08032012_052524

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.03.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]

Protection: Enabled

8/3/2012 5:32:46 AM
mbam-log-2012-08-03 (05-32-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197076
Time elapsed: 3 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegedit (Hijack.Regedit) -> Data: 0 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Title: Virus - can't turn on firewall, bogus alerts while running microso
Post by: guestolo on August 03, 2012, 04:48:06 PM

How's everything running on your end now?

Title: Virus - can't turn on firewall, bogus alerts while running microso
Post by: Dale on August 03, 2012, 06:35:34 PM

Seems okay.  I haven't done much with it, to be honest, but I've been posting here without issues.  I did look at the security status, just now.  It now shows the firewall is turned on.  I couldn't get it on before.  It says the antivirus is not.  Webroot Antivirus and Spysweeper, report that they're off it says.  For now I've left them/it off.  I kind of think their license has expired, but I'm not sure.  I have seen a popup from Webroot a couple of times that said it did a scan.  I think it said things were fine.  So I'm not sure I should try to turn it on.

Any suggestions as to what to do for malware protection for this PC?

In the meantime, I'll do some surfing on it and see if I notice anything.

Thanks!
Dale

Title: Virus - can't turn on firewall, bogus alerts while running microso
Post by: guestolo on August 03, 2012, 07:03:08 PM

Let's do the following: download TFC by Old Timer and save it to your desktop.
http://www.itxassociates.com/OT-Tools/TFC.exe
Save any unsaved work. TFC will close ALL open programs including your browser!
Right-click on TFC.exe and choose to "Run as Administrator"

Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately.

Ensure you still have ComboFix on desktop

• Press the Windows Key and R on your keyboard. This will bring up the Run... command.
     
• Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
     
• Please follow the prompts to uninstall Combofix.
• You will then receive a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

If she didn't purposely install the AskToolbar, which I doubt she did, it usually gets installed with other software
Close down all browser windows and uninstall the Toolbar from
'Programs and Features' in Windows Control Panel

Right click on OTL.exe and choose to "Run as Admin"
When it opens, click on the CLEANUP button, follow prompts and reboot when announced
This will properly remove OTL.exe and other tools

Back in Windows, if TFC.exe still exists, you can simply delete it

Ensure your antivirus is enabled afterwards and updated. Is it able to update still??
Has subscription expired?

Title: Virus - can't turn on firewall, bogus alerts while running microso
Post by: Dale on August 03, 2012, 07:14:10 PM

What are we doing, working on this stuff on a Friday night???   /wink.gif\' class=\'bbc_emoticon\' alt=\';)\' />

I just ran TFC and the pc's rebooting right now.

I'll do the rest of the things you mentioned and get back to you on the ability to update the antivirus.

Thank you,
Dale

Title: Virus - can't turn on firewall, bogus alerts while running microso
Post by: Dale on August 03, 2012, 07:27:56 PM

As you may have suspected, her subscription to webroot antivirus with spy sweeper has expired, and they want $ to renew it.

Title: Virus - can't turn on firewall, bogus alerts while running microso
Post by: guestolo on August 03, 2012, 11:12:03 PM

why not do the following....We don't want to leave you without AV protection
I suggest either Microsoft Security Essentials or Avast free>> Both are free
Here are the links to both..ONLY choose one, as more than one will/may cause instability and conflicts
Microsoft Security Essentials (http://"http://windows.microsoft.com/en-US/windows/products/security-essentials")
And Avast free edition (http://"http://download.cnet.com/Avast-Free-Antivirus/3000-2239_4-10019223.html?part=dl-85737&subj=dl&tag=button")
 Ensure that Webroot AV and Spysweepers protections are disabled
Then uninstall the Program(s)
Reboot the computer afterwards
Back in Windows, install the AV your happiest with
If you go with Avast: Ensure to deselect the option to install Google Chrome web browser, unless it's an option you like, but it's not needed
And register it.. Required once a year
With either, take a look at it's options.. I suggest scheduling a Full scan once a week

Let me know how you make out

Title: Virus - can't turn on firewall, bogus alerts while running microso
Post by: Dale on August 04, 2012, 06:27:23 AM

Hi,

I installed the Microsoft Security Essentials and configured it.  I also let IE 9 be installed.

Everything seems great as far as I can tell.

Thank you very very much for your help on this!

Dale

Title: Virus - can't turn on firewall, bogus alerts while running microso
Post by: guestolo on August 04, 2012, 09:52:45 AM

Good work, again, sorry it took so long to respond at times... My time was limited on the computer however.
A little isolated.
If you have time, why not run a Full scan with MSE now, let me know how it goes
Then I'll lock this topic

Title: Virus - can't turn on firewall, bogus alerts while running microso
Post by: Dale on August 05, 2012, 07:36:07 AM

Hi,

I'd run a quick scan when I first installed MSE and it found nothing.  I ran a full scan though after seeing your last post, and it did find something - Rogue: Win32/FakePAV, but it apparently "fixed" it.  I ran another full scan, just because, and that one found nothing.

Everything seems good to go, and I really appreciate your help, as always!

Thank you very much,
Dale

Title: Virus - can't turn on firewall, bogus alerts while running microso
Post by: guestolo on August 05, 2012, 12:35:10 PM

great, I'll lock this topic as your problems appear resolved... Take care Dale  /smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />