1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Conduit Malware - Taking Over Google Chrome

Discussion in 'Virus & Other Malware Removal' started by dst17601, Feb 18, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. dst17601

    dst17601 Thread Starter

    Joined:
    Feb 16, 2013
    Messages:
    22
    While I was downloading a driver from what I thought was a trusted source, I appear to have downloaded a hard to remove piece of malware called Conduit or MIXIDJ. It's a search program that has basically taken over Google Chrome. I removed all applicable extensions in Google Chrome but the program remains. I am running Windows Vista on an older HP Pavillion PC.

    I am having trouble posting all of the required logs in one message so I will post one here and then the remainder as replies to the original message. Hope this works.

    HIJACK THIS
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 7:50:45 PM, on 2/16/2013
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16464)
    Boot mode: Normal
    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\WINDOWS\System32\wpcumi.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Users\Owner\AppData\Local\Strongvault Online Backup\SMessaging.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Users\Owner\AppData\Local\Strongvault\StrongVaultApp.exe
    C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Users\Owner\Documents\RCA Detective\RCADetective.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe
    C:\Program Files\Windows Mail\WinMail.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\Owner\Downloads\HijackThis (2).exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: InfoAtoms - {103089DA-0F31-4A8B-843F-7D24A7FE8345} - C:\Program Files\InfoAtoms\IE32\InfoAtomsClientIE.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\20.1.0.24\coIEPlg.dll
    O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\20.1.0.24\IPS\IPSBHO.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\20.1.0.24\coIEPlg.dll
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SMessaging] C:\Users\Owner\AppData\Local\Strongvault Online Backup\SMessaging.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [Messenger] "C:\Program Files\Strongvault Online Backup\ClientMessenger.exe"
    O4 - Startup: hpqtra08.exe
    O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O4 - Startup: RCA Detective.lnk = C:\Users\Owner\Documents\RCA Detective\RCADetective.exe
    O4 - Startup: Registration Chessmaster® Grandmaster Edition .LNK = C:\Program Files\Ubisoft\Chessmaster Grandmaster Edition\Register\RegistrationReminder.exe
    O4 - Global Startup: Event Reminder.lnk = C:\Program Files\The Print Shop 23.1\Remind.exe
    O4 - Global Startup: StrongVaultApp.exe.lnk = C:\Users\Owner\AppData\Local\Strongvault\StrongVaultApp.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: *.intuit.com
    O15 - Trusted Zone: http://*.mcafee.com
    O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/betapit/PCPitStop.CAB
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
    O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} (diskhealth Class) - http://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
    O16 - DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
    O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - First 4 Internet Ltd - C:\Windows\system32\$sys$filesystem\$sys$DRMServer.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Amazon Download Agent - Amazon.com - C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Citrix Diagnostic Facility COM Server (CdfSvc) - Citrix Systems, Inc. - C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe
    O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\Windows\CDProxyServ.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\20.1.0.24\ccSvcHst.exe
    O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    O23 - Service: Citrix Streaming Helper Service (RadeHlprSvc) - Citrix Systems, Inc. - C:\Program Files\Citrix\Streaming Client\RadeHlprSvc.exe
    O23 - Service: Citrix Streaming Service (RadeSvc) - Citrix Systems, Inc. - C:\Program Files\Citrix\Streaming Client\RadeSvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    --
    End of file - 13941 bytes
     
  2. dst17601

    dst17601 Thread Starter

    Joined:
    Feb 16, 2013
    Messages:
    22
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 1.6.0_31
    Run by Owner at 19:54:14 on 2013-02-16
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3006.1288 [GMT -5:00]
    .
    AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\$sys$filesystem\$sys$DRMServer.exe
    C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe
    C:\Windows\CDProxyServ.exe
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Nero\Update\NASvc.exe
    C:\Program Files\Citrix\Streaming Client\RadeHlprSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Citrix\Streaming Client\RadeSvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Norton Security Suite\Engine\20.1.0.24\ccSvcHst.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    C:\Program Files\Norton Security Suite\Engine\20.1.0.24\ccSvcHst.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\WINDOWS\System32\wpcumi.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Users\Owner\AppData\Local\Strongvault Online Backup\SMessaging.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Users\Owner\AppData\Local\Strongvault\StrongVaultApp.exe
    C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Users\Owner\Documents\RCA Detective\RCADetective.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\Program Files\Windows Mail\WinMail.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
    uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: InfoAtoms: {103089DA-0F31-4A8B-843F-7D24A7FE8345} - c:\program files\infoatoms\ie32\InfoAtomsClientIE.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton security suite\engine\20.1.0.24\CoIEPlg.dll
    BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton security suite\engine\20.1.0.24\ips\IPSBHO.dll
    BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Nero Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Nero Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\20.1.0.24\CoIEPlg.dll
    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: Nero Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\20.1.0.24\CoIEPlg.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [Google Update] "c:\users\owner\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
    uRun: [Messenger] "c:\program files\strongvault online backup\ClientMessenger.exe"
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
    mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [Easy Dock] <no file>
    StartupFolder: c:\users\owner\appdata\roaming\microsoft\windows\start menu\programs\startup\hpqtra08.exe
    StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
    StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\rcadet~1.lnk - c:\users\owner\documents\rca detective\RCADetective.exe
    StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\regist~1.lnk - c:\program files\ubisoft\chessmaster grandmaster edition\register\RegistrationReminder.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\eventr~1.lnk - c:\program files\the print shop 23.1\Remind.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\strong~1.lnk - c:\users\owner\appdata\local\strongvault\StrongVaultApp.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    LSP: c:\windows\system32\wpclsp.dll
    Trusted Zone: internet
    Trusted Zone: intuit.com
    Trusted Zone: mcafee.com
    Trusted Zone: mcafee.com
    Trusted Zone: turbotax.com
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
    DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/betapit/PCPitStop.CAB
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
    DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
    DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{4129B5DC-99F9-495A-8760-E0646DEAD679} : DHCPNameServer = 192.168.0.1
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 $sys$cor;$sys$cor;c:\windows\system32\drivers\$sys$cor.sys [2004-10-6 18432]
    R0 CFsDep;Citrix File System Minifilter XC;c:\windows\system32\drivers\CFsDep.sys [2011-5-5 17024]
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1401000.018\SymDS.sys [2013-2-16 368288]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1401000.018\SymEFA.sys [2013-2-16 926880]
    R1 $sys$crater;$sys$crater;c:\windows\system32\$sys$filesystem\crater.sys [2004-10-7 11904]
    R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.0.24\definitions\bashdefs\20120815.002\BHDrvx86.sys [2013-2-16 995488]
    R1 ccSet_N360;Norton Security Suite Settings Manager;c:\windows\system32\drivers\n360\1401000.018\ccSetx86.sys [2013-2-16 134304]
    R1 cdfdrv;cdfdrv;c:\windows\system32\drivers\cdfdrv.sys [2011-3-1 31280]
    R1 ctxpidmn;ctxpidmn;c:\windows\system32\drivers\ctxpidmn.sys [2011-6-30 60248]
    R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.0.24\definitions\ipsdefs\20120811.001\IDSVix86.sys [2013-2-16 386208]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1401000.018\Ironx86.sys [2013-2-16 175264]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\1401000.018\symtdiv.sys [2013-2-16 350368]
    R2 $sys$DRMServer;Plug and Play Device Manager;c:\windows\system32\$sys$filesystem\$sys$DRMServer.exe [2004-6-22 307200]
    R2 Amazon Download Agent;Amazon Download Agent;c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderService.exe [2010-1-29 401920]
    R2 CD_Proxy;XCP CD Proxy;c:\windows\CDProxyServ.exe [2004-6-22 167936]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    R2 CtxSbx;CtxSbx;c:\windows\system32\drivers\CtxSbx.sys [2011-6-30 205144]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-2 21504]
    R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2012-8-23 13672]
    R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\20.1.0.24\ccSvcHst.exe [2013-2-16 143928]
    R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]
    R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2011-3-31 80896]
    R2 RadeHlprSvc;Citrix Streaming Helper Service;c:\program files\citrix\streaming client\RadeHlprSvc.exe [2011-7-19 210864]
    R2 RadeSvc;Citrix Streaming Service;c:\program files\citrix\streaming client\RadeSvc.exe [2011-7-19 1034152]
    R3 $sys$oct;$sys$oct;c:\windows\system32\$sys$filesystem\oct.sys [2005-3-31 12032]
    R3 cvhdbus;Citrix Virtual Hard Disk Enumerator XC;c:\windows\system32\drivers\cvhdbus.sys [2011-5-5 56960]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-4-21 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
    S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-6-10 24576]
    S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-23 23040]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2009-10-14 90352]
    S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
    .
    =============== Created Last 30 ================
    .
    2013-02-16 22:44:17 -------- d-----w- c:\program files\Spirent Communications
    2013-02-16 22:43:54 -------- d-----w- c:\program files\HTC
    2013-02-16 22:41:47 -------- d-----w- c:\programdata\W3i
    2013-02-16 22:41:47 -------- d-----w- c:\program files\W3i
    2013-02-16 22:40:28 -------- d-----w- c:\programdata\APN
    2013-02-16 21:49:55 -------- d-----w- c:\program files\common files\MSSoap
    2013-02-16 21:49:51 -------- d-----w- c:\users\owner\appdata\local\Strongvault Online Backup
    2013-02-16 21:49:02 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
    2013-02-16 21:48:57 -------- d-----w- c:\programdata\Strongvault Online Backup
    2013-02-16 21:48:56 -------- d-----w- c:\users\owner\appdata\local\Strongvault
    2013-02-16 21:48:51 -------- d-----w- c:\program files\Strongvault Online Backup
    2013-02-16 21:48:27 -------- d-sh--w- C:\AI_RecycleBin
    2013-02-16 21:40:06 -------- d-----w- c:\program files\Conduit
    2013-02-16 21:40:04 -------- d-----w- c:\users\owner\appdata\local\Conduit
    2013-02-16 21:39:52 -------- d-----w- c:\users\owner\appdata\local\Coupon Companion Plugin
    2013-02-16 21:39:25 -------- d-----w- c:\program files\InfoAtoms
    2013-02-16 13:50:43 926880 ----a-r- c:\windows\system32\drivers\n360\1401000.018\SymEFA.sys
    2013-02-16 13:50:43 585888 ----a-r- c:\windows\system32\drivers\n360\1401000.018\srtsp.sys
    2013-02-16 13:50:43 368288 ----a-r- c:\windows\system32\drivers\n360\1401000.018\SymDS.sys
    2013-02-16 13:50:43 350368 ----a-r- c:\windows\system32\drivers\n360\1401000.018\symtdiv.sys
    2013-02-16 13:50:43 338592 ----a-r- c:\windows\system32\drivers\n360\1401000.018\symnets.sys
    2013-02-16 13:50:43 32888 ----a-r- c:\windows\system32\drivers\n360\1401000.018\srtspx.sys
    2013-02-16 13:50:43 21400 ----a-r- c:\windows\system32\drivers\n360\1401000.018\SymELAM.sys
    2013-02-16 13:50:43 175264 ----a-r- c:\windows\system32\drivers\n360\1401000.018\Ironx86.sys
    2013-02-16 13:50:43 134304 ----a-r- c:\windows\system32\drivers\n360\1401000.018\ccSetx86.sys
    2013-02-16 13:50:35 8942 ----a-r- c:\windows\system32\drivers\n360\1401000.018\SymVTcer.dat
    2013-02-16 13:50:35 -------- d-----w- c:\windows\system32\drivers\n360\1401000.018
    2013-02-14 08:20:05 768000 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
    2013-02-13 11:02:25 2048512 ----a-w- c:\windows\system32\win32k.sys
    2013-02-13 11:02:25 1314816 ----a-w- c:\windows\system32\quartz.dll
    2013-02-13 11:02:23 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-02-13 11:02:22 3602808 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-02-13 11:02:22 3550072 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-02-02 00:24:37 -------- d-----w- c:\program files\iPod
    2013-02-02 00:24:35 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2013-02-02 00:24:35 -------- d-----w- c:\program files\iTunes
    .
    ==================== Find3M ====================
    .
    2013-02-16 13:52:37 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2013-02-09 18:43:13 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-02-09 18:43:13 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-01-08 22:11:21 1800704 ----a-w- c:\windows\system32\jscript9.dll
    2013-01-08 22:03:20 1129472 ----a-w- c:\windows\system32\wininet.dll
    2013-01-08 22:03:12 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2013-01-08 21:59:02 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2013-01-08 21:58:29 420864 ----a-w- c:\windows\system32\vbscript.dll
    2013-01-08 21:56:23 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-12-16 13:12:54 34304 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-16 10:50:29 293376 ----a-w- c:\windows\system32\atmfd.dll
    2012-11-20 04:22:50 204288 ----a-w- c:\windows\system32\ncrypt.dll
    .
    ============= FINISH: 19:54:57.22 ===============
     
  3. dst17601

    dst17601 Thread Starter

    Joined:
    Feb 16, 2013
    Messages:
    22
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/1/2008 4:27:56 PM
    System Uptime: 2/16/2013 5:22:40 PM (2 hours ago)
    .
    Motherboard: ECS | | Nettle2
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ | Socket M2 | 2600/201mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 364 GiB total, 219.31 GiB free.
    D: is FIXED (NTFS) - 9 GiB total, 1.053 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    Acrobat.com
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.5.2
    Adobe Shockwave Player 11.6
    Amazon Games & Software Downloader
    Amazon MP3 Downloader 1.0.9
    AnswerWorks 4.0 Runtime - English
    AnswerWorks 5.0 English Runtime
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Ask Toolbar
    Backyard Soccer MLS Edition
    Bonjour
    BufferChm
    Chessmaster Grandmaster Edition
    Citrix Offline Plug-in
    Citrix online plug-in - web
    Citrix online plug-in (Web)
    Compatibility Pack for the 2007 Office system
    Copy
    CustomerResearchQFolder
    D3DX10
    Destination Component
    DeviceDiscovery
    DeviceManagementQFolder
    DJ_AIO_03_F4200_ProductContext
    DJ_AIO_03_F4200_Software
    DJ_AIO_03_F4200_Software_Min
    Enhanced Multimedia Keyboard Solution
    eSupportQFolder
    F4200
    F4200_Help
    Garmin City Navigator North America NT 2010.30
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    GPBaseService
    GPBaseService2
    Hardware Diagnostic Tools
    Hot Wheels® Stunt Track Driver 2 - GET'N DIRTY(TM)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Advisor
    HP Customer Experience Enhancements
    HP Customer Feedback
    HP Customer Participation Program 10.0
    HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
    HP Easy Setup - Frontend
    HP Imaging Device Functions 10.0
    HP On-Screen Cap/Num/Scroll Lock Indicator
    HP Photosmart Essential 2.5
    HP Picasso Media Center Add-In
    HP Smart Web Printing
    HP Solution Center 13.0
    HP Update
    HPProductAssistant
    HPSSupply
    HTC Driver Installer
    iCloud
    ImageMixer3
    InfoAtoms [Uninstall]
    iSEEK AnswerWorks English Runtime
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 31
    Juice 2.2
    Junk Mail filter update
    LightPDF
    LightScribe 1.4.142.1
    MarketResearch
    McAfee Virtual Technician
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2698023)
    Microsoft .NET Framework 1.1 Security Update (KB2742597)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft IntelliPoint 6.2
    Microsoft Office XP Professional with FrontPage
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Web Publishing Wizard 1.52
    Microsoft Works
    MobileMe Control Panel
    Moto Racer
    MSVCRT
    MSVCSetup
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee autoProducer 6.0
    Nero BurnLite 10
    Nero Control Center 10
    Nero ControlCenter 10 Help (CHM)
    Nero Core Components 10
    Nero Update
    Norton Security Suite
    NVIDIA Drivers
    OGA Notifier 2.0.0048.0
    OpenOffice.org 3.1
    Pdf to Word Converter 3000 7.4
    Pokémon Trading Card Game Online
    PrimoPDF -- brought to you by Nitro PDF Software
    PSSWCORE
    Python 2.4.3
    Quicken 2011
    QuickTime
    RCA Detective™ 2.0.0.98
    RCA easyRip™ 1.4.6.0
    Realtek High Definition Audio Driver
    Rhapsody Player Engine
    ROBLOX Player for Owner
    RollerCoaster Tycoon 2 Triple Thrill Pack
    Roxio Activation Module
    Roxio Creator Audio
    Roxio Creator Basic v9
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator EasyArchive
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio MyDVD Basic v9
    Safari
    Scan
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Segoe UI
    Shop for HP Supplies
    SmartWebPrintingOC
    Snapfish Media Detector
    Soccer Mania
    Soft Data Fax Modem with SmartCP
    SolutionCenter
    Status
    Steam
    Strongvault Online Backup
    Stunt Track Driver
    swMSM
    The Print Shop 23.1
    Toolbox
    TrayApp
    TurboTax 2008
    TurboTax 2008 WinPerFedFormset
    TurboTax 2008 WinPerProgramHelp
    TurboTax 2008 WinPerReleaseEngine
    TurboTax 2008 WinPerTaxSupport
    TurboTax 2008 WinPerUserEducation
    TurboTax 2008 wpaiper
    TurboTax 2008 wrapper
    TurboTax 2009
    TurboTax 2009 WinPerFedFormset
    TurboTax 2009 WinPerReleaseEngine
    TurboTax 2009 WinPerTaxSupport
    TurboTax 2009 wpaiper
    TurboTax 2009 wrapper
    TurboTax 2010
    TurboTax 2010 WinPerFedFormset
    TurboTax 2010 WinPerReleaseEngine
    TurboTax 2010 WinPerTaxSupport
    TurboTax 2010 wpaiper
    TurboTax 2010 wrapper
    TurboTax 2011
    TurboTax 2011 WinPerFedFormset
    TurboTax 2011 WinPerReleaseEngine
    TurboTax 2011 WinPerTaxSupport
    TurboTax 2011 wpaiper
    TurboTax 2011 wrapper
    TurboTax 2012
    TurboTax 2012 WinPerFedFormset
    TurboTax 2012 WinPerReleaseEngine
    TurboTax 2012 WinPerTaxSupport
    TurboTax 2012 wpaiper
    TurboTax 2012 wrapper
    TurboTax Deluxe 2007
    Uninstall Helper
    Unity Web Player
    UnloadSupport
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    VideoToolkit01
    WebReg
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    Windows Mobile Device Updater Component
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/16/2013 7:00:16 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
    2/16/2013 5:32:29 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}. The error: "2" Happened while starting this command: C:\Program Files\Citrix\ICA Client\wfcrun32.exe -Embedding
    2/16/2013 5:27:47 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
    2/16/2013 5:25:11 PM, Error: EventLog [6008] - The previous system shutdown at 5:12:29 PM on 2/16/2013 was unexpected.
    2/16/2013 4:46:43 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
    2/16/2013 4:43:37 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
    .
    ==== End Of File ===========================
     
  4. dst17601

    dst17601 Thread Starter

    Joined:
    Feb 16, 2013
    Messages:
    22
    I tried to upload this as an attachment because I could not get the copy-and-paste- version to post.

    Thanks for any help you can give.
     

    Attached Files:

    • ark.txt
      File size:
      148.5 KB
      Views:
      0
  5. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Hello dst17601,

    Welcome to TSG.

    Please download AdwCleaner from here to your desktop
    • Click on the green downward facing arrow on the right to commence download.
    • Run AdwCleaner and select Delete

    [​IMG]

    Once done it will ask to reboot, allow this.

    On reboot a log will be produced please post that back here.

    After that

    Please download Malwarebytes' Anti-Malware from Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy & Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

    So when you return please post
    • AdwCleaner log
    • MBAM log
     
  6. dst17601

    dst17601 Thread Starter

    Joined:
    Feb 16, 2013
    Messages:
    22
    Thanks for your patience... just returned from a business trip.

    Here is the ADW log. I am working on downloading the Malware Bytes but I am currently unable to access their site. I'll keep trying and post the log when I'm successful.

    Meanwhile... here's the ADW Log:
    # AdwCleaner v2.112 - Logfile created 02/20/2013 at 21:51:59
    # Updated 10/02/2013 by Xplode
    # Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
    # User : Owner - OWNER-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Owner\Downloads\adwcleaner0 (1).exe
    # Option [Delete]

    ***** [Services] *****

    ***** [Files / Folders] *****
    File Deleted : C:\END
    File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
    File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage
    File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal
    File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
    File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
    File Deleted : C:\Users\Owner\Desktop\Uninstall.exe
    Folder Deleted : C:\Program Files\Ask.com
    Folder Deleted : C:\Program Files\Conduit
    Folder Deleted : C:\Program Files\Free Offers from Freeze.com
    Folder Deleted : C:\ProgramData\APN
    Folder Deleted : C:\ProgramData\Viewpoint
    Folder Deleted : C:\Users\Isaac and Isaiah\AppData\Local\AskToolbar
    Folder Deleted : C:\Users\Isaac and Isaiah\AppData\LocalLow\AskToolbar
    Folder Deleted : C:\Users\Owner\AppData\Local\AskToolbar
    Folder Deleted : C:\Users\Owner\AppData\Local\Conduit
    Folder Deleted : C:\Users\Owner\AppData\Local\Coupon Companion Plugin
    Folder Deleted : C:\Users\Owner\AppData\LocalLow\AskToolbar
    Folder Deleted : C:\Users\Owner\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Owner\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Folder Deleted : C:\Windows\system32\TempDir
    ***** [Registry] *****
    Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
    Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
    Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKCU\Software\Ask.com
    Key Deleted : HKCU\Software\AskToolbar
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Cr_Installer
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
    Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
    Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Deleted : HKLM\SOFTWARE\Classes\S
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3272718
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\Freeze.com
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager
    Key Deleted : HKLM\Software\Viewpoint
    Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
    Key Deleted : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
    Key Deleted : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v9.0.8112.16464
    [OK] Registry is clean.
    -\\ Google Chrome v24.0.1312.57
    File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences
    Deleted [l.16] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?CUI=UN19954462432922622&ctid=CT[...]
    Deleted [l.62] : icon_url = "hxxp://www.ask.com/favicon.ico",
    Deleted [l.68] : search_url = "hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&amp;o=15527&amp;prt=360&am[...]
    Deleted [l.2425] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?CUI=UN19954462432922622&ctid=CT327[...]
    *************************
    AdwCleaner[S1].txt - [8077 octets] - [20/02/2013 21:51:59]
    ########## EOF - C:\AdwCleaner[S1].txt - [8137 octets] ##########
     
  7. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    That link is working okay for me.

    Tell me if you have a continuing problem downloading. Could be malware blocking your browser.
     
  8. dst17601

    dst17601 Thread Starter

    Joined:
    Feb 16, 2013
    Messages:
    22
    Thanks. Ok, here is the MBAM Log

    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org
    Database version: v2013.02.21.01
    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Owner :: OWNER-PC [administrator]
    2/20/2013 10:19:33 PM
    mbam-log-2013-02-20 (22-19-33).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 295093
    Time elapsed: 13 minute(s), 1 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 1
    C:\Program Files\InfoAtoms\IE32\InfoAtomsClientIE.dll (PUP.InfoAtoms) -> Delete on reboot.
    Registry Keys Detected: 6
    HKCR\CLSID\{103089DA-0F31-4A8B-843F-7D24A7FE8345} (PUP.InfoAtoms) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{EF96EDE0-E1F8-4EB2-956B-D54DF35335E4} (PUP.InfoAtoms) -> Quarantined and deleted successfully.
    HKCR\Interface\{44C0ECF5-4AC6-4E39-8091-E57070F8945A} (PUP.InfoAtoms) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{103089DA-0F31-4A8B-843F-7D24A7FE8345} (PUP.InfoAtoms) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{103089DA-0F31-4A8B-843F-7D24A7FE8345} (PUP.InfoAtoms) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{103089DA-0F31-4A8B-843F-7D24A7FE8345} (PUP.InfoAtoms) -> Quarantined and deleted successfully.
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 3
    C:\Program Files\InfoAtoms\IE32\InfoAtomsClientIE.dll (PUP.InfoAtoms) -> Delete on reboot.
    C:\Users\Owner\Downloads\PDF Download.exe (Trojan.Hoaxsms) -> Quarantined and deleted successfully.
    C:\Users\Owner\Downloads\Setup.exe (Adware.IBryte) -> Quarantined and deleted successfully.
    (end)
     
  9. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Hello dst17601,

    • Please download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Under the Standard Registry box change it to All.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
     
  10. dst17601

    dst17601 Thread Starter

    Joined:
    Feb 16, 2013
    Messages:
    22
    The Scans actually took quite a long time, but here they are:

    OTL.TXT
    OTL logfile created on: 2/20/2013 11:04:46 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.94 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 50.42% Memory free
    6.08 Gb Paging File | 4.61 Gb Available in Paging File | 75.72% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 363.82 Gb Total Space | 219.05 Gb Free Space | 60.21% Space Free | Partition Type: NTFS
    Drive D: | 8.79 Gb Total Space | 1.05 Gb Free Space | 11.98% Space Free | Partition Type: NTFS

    Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Steam\steam.exe (Valve Corporation)
    PRC - C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
    PRC - C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe (Adobe Systems Incorporated)
    PRC - C:\Users\Owner\AppData\Local\Strongvault\StrongVaultApp.exe ()
    PRC - C:\Program Files\Strongvault Online Backup\ClientMessenger.exe (Stronghold LLC)
    PRC - C:\Program Files\Norton Security Suite\Engine\20.2.0.19\ccsvchst.exe (Symantec Corporation)
    PRC - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
    PRC - C:\Users\Owner\AppData\Local\Strongvault Online Backup\SMessaging.exe (Stronghold Online Backup)
    PRC - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
    PRC - C:\Program Files\Citrix\Streaming Client\RadeSvc.exe (Citrix Systems, Inc.)
    PRC - C:\Program Files\Citrix\Streaming Client\RadeHlprSvc.exe (Citrix Systems, Inc.)
    PRC - C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe (Citrix Systems, Inc.)
    PRC - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe ()
    PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
    PRC - C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
    PRC - C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe (Amazon.com)
    PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
    PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Users\Owner\Documents\RCA Detective\RCADetective.exe (Audiovox Electronics Corp.)
    PRC - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe (Hewlett-Packard Co.)
    PRC - C:\WINDOWS\System32\wpcumi.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe (First 4 Internet Ltd)
    PRC - C:\WINDOWS\CDProxyServ.exe ()


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files\Steam\bin\chromehtml.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\1acfb2e00e9900f0bc4c78117d44e92e\System.Web.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c96c87b44cb3a1fcac5588405ca6dde\System.Windows.Forms.ni.dll ()
    MOD - C:\Program Files\Steam\bin\libcef.dll ()
    MOD - C:\Users\Owner\AppData\Local\Strongvault\StrongVaultApp.exe ()
    MOD - C:\Program Files\Strongvault Online Backup\Infrastructure.Metadata.dll ()
    MOD - C:\Program Files\Strongvault Online Backup\Infrastructure.Helpers.dll ()
    MOD - C:\Program Files\Strongvault Online Backup\Environment.Identification.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\0afbfe813c69c6e59adeff8d392893c7\System.Management.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\a875b1f3cb8066d69b23f3692522d6b4\System.ServiceModel.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\9b2eef59d0cfc5aff182d0951de5f040\Accessibility.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\482ed6a5ddd587481b969d477e26ea89\System.EnterpriseServices.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\482ed6a5ddd587481b969d477e26ea89\System.EnterpriseServices.Wrapper.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\a639235d6ce0d3cd05ca1ba26d0ceb68\System.Transactions.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\81554858ed6792239c0194b5350dfa1d\System.Runtime.Serialization.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\2a05fe611de0aa255fbd410fc01d629d\System.IdentityModel.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\592d5682eedb48ff0480da9feb859f95\System.Configuration.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\14af1f11274891328b9fc5b093c1e2f2\SMDiagnostics.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\025fc2d92484ad7c0fe120a8fd44d47b\System.Xml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\44025a748649f45d638ca47bc9a0ead3\System.Drawing.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\5ba06b927f084937f15503f04ae0e4a3\System.Data.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\36c33ac424a0a8107c0ea553f0bdadc7\System.Core.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d70cd42bae1e041b6c3d937303b8f03c\System.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll ()
    MOD - C:\Program Files\Steam\sdl.dll ()
    MOD - C:\Program Files\Steam\bin\avcodec-53.dll ()
    MOD - C:\Program Files\Steam\bin\avformat-53.dll ()
    MOD - C:\Program Files\Steam\bin\avutil-51.dll ()
    MOD - C:\Program Files\Norton Security Suite\Engine\20.2.0.19\wincfi39.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
    MOD - C:\WINDOWS\System32\msjetoledb40.dll ()
    MOD - C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll ()
    MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
    MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()


    ========== Services (SafeList) ==========

    SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (N360) -- C:\Program Files\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe (Symantec Corporation)
    SRV - (IntuitUpdateServiceV4) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
    SRV - (RadeSvc) -- C:\Program Files\Citrix\Streaming Client\RadeSvc.exe (Citrix Systems, Inc.)
    SRV - (RadeHlprSvc) -- C:\Program Files\Citrix\Streaming Client\RadeHlprSvc.exe (Citrix Systems, Inc.)
    SRV - (CdfSvc) -- C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe (Citrix Systems, Inc.)
    SRV - (PassThru Service) -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe ()
    SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
    SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
    SRV - (Amazon Download Agent) -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe (Amazon.com)
    SRV - (PCPitstop Scheduling) -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe (PC Pitstop LLC)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - ($sys$DRMServer) -- C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe (First 4 Internet Ltd)
    SRV - (CD_Proxy) -- C:\WINDOWS\CDProxyServ.exe ()


    ========== Driver Services (SafeList) ==========

    DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS File not found
    DRV - (SYMFW) -- C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS File not found
    DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
    DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
    DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
    DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
    DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130220.016\NAVEX15.SYS (Symantec Corporation)
    DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
    DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130220.016\NAVENG.SYS (Symantec Corporation)
    DRV - (SymEvent) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
    DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130216.001\IDSvix86.sys (Symantec Corporation)
    DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130208.001\BHDrvx86.sys (Symantec Corporation)
    DRV - (SRTSP) -- C:\WINDOWS\System32\drivers\N360\1402000.013\srtsp.sys (Symantec Corporation)
    DRV - (SymEFA) -- C:\WINDOWS\System32\drivers\N360\1402000.013\symefa.sys (Symantec Corporation)
    DRV - (SymDS) -- C:\WINDOWS\System32\drivers\N360\1402000.013\symds.sys (Symantec Corporation)
    DRV - (ccSet_N360) -- C:\WINDOWS\System32\drivers\N360\1402000.013\ccsetx86.sys (Symantec Corporation)
    DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
    DRV - (SymIRON) -- C:\WINDOWS\System32\drivers\N360\1402000.013\ironx86.sys (Symantec Corporation)
    DRV - (SYMTDIv) -- C:\WINDOWS\System32\drivers\N360\1402000.013\symtdiv.sys (Symantec Corporation)
    DRV - (SRTSPX) -- C:\WINDOWS\System32\drivers\N360\1402000.013\srtspx.sys (Symantec Corporation)
    DRV - (CtxSbx) -- C:\WINDOWS\System32\drivers\CtxSbx.sys (Citrix Systems, Inc.)
    DRV - (ctxpidmn) -- C:\WINDOWS\System32\drivers\ctxpidmn.sys (Citrix Systems, Inc.)
    DRV - (cvhdbus) -- C:\WINDOWS\System32\drivers\cvhdbus.sys (Citrix Systems, Inc.)
    DRV - (CFsDep) -- C:\WINDOWS\System32\drivers\CFsDep.sys (Citrix Systems, Inc.)
    DRV - (cdfdrv) -- C:\WINDOWS\System32\drivers\cdfdrv.sys (Citrix Systems, Inc.)
    DRV - (htcnprot) -- C:\WINDOWS\System32\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
    DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
    DRV - (WinUSB) -- C:\WINDOWS\System32\drivers\winusb.sys (Microsoft Corporation)
    DRV - (HTCAND32) -- C:\WINDOWS\System32\drivers\ANDROIDUSB.sys (HTC, Corporation)
    DRV - (NVENETFD) -- C:\WINDOWS\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
    DRV - (HSXHWBS2) -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
    DRV - (HSF_DP) -- C:\WINDOWS\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
    DRV - (nvstor32) -- C:\WINDOWS\System32\drivers\nvstor32.sys (NVIDIA Corporation)
    DRV - (XAudio) -- C:\WINDOWS\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
    DRV - (Point32) -- C:\WINDOWS\System32\drivers\point32k.sys (Microsoft Corporation)
    DRV - (Ps2) -- C:\WINDOWS\System32\drivers\PS2.sys (Hewlett-Packard Company)
    DRV - ($sys$cor) -- C:\WINDOWS\System32\drivers\$sys$cor.sys (First 4 Internet)
    DRV - ($sys$crater) -- C:\WINDOWS\System32\$sys$filesystem\crater.sys (First 4 Internet)


    ========== Standard Registry (All) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{09DFB3C9-D563-4D42-AABF-D6796B3B92DC}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKLM\..\SearchScopes\{3FAF579A-33CB-4FAB-9A78-037CB0FF797E}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{FC41E59C-37C4-4AEE-A1D4-55148888F8F5}: "URL" = http://search.live.com/results.aspx...entrypoint={referrer:source?}&amp;FORM=HVDUS7

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    IE - HKCU\..\SearchScopes,DefaultScope = {3FAF579A-33CB-4FAB-9A78-037CB0FF797E}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{09DFB3C9-D563-4D42-AABF-D6796B3B92DC}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKCU\..\SearchScopes\{3FAF579A-33CB-4FAB-9A78-037CB0FF797E}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
    IE - HKCU\..\SearchScopes\{5E431257-AEEF-430C-8453-FAC8297415F1}: "URL" = http://search.conduit.com/ResultsEx...urce=4&ctid=CT3272718&CUI=UN35428229741805663
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{FC41E59C-37C4-4AEE-A1D4-55148888F8F5}: "URL" = http://search.live.com/results.aspx...entrypoint={referrer:source?}&amp;FORM=HVDUS7
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@citrix.com/Citrix Offline Plug-in: C:\Program Files\Citrix\Streaming Client\nprade.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Owner\AppData\Local\Roblox\Versions\version-9ae7cc04e47a4b12\\NPRobloxProxy.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/25 02:00:49 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013/02/20 22:38:26 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Mozilla FireFox\extensions\[email protected] [2013/02/16 16:39:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2013/02/16 17:29:35 | 000,000,000 | ---D | M]

    [2013/02/16 16:39:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2013/02/16 16:39:37 | 000,000,000 | ---D | M] (InfoAtoms) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
    [2007/04/10 16:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
    [2012/03/29 15:06:30 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2012/03/26 10:41:34 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
    [2011/11/11 13:07:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
    [2011/11/11 13:07:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
    [2011/11/11 13:07:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
    [2011/11/11 13:07:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
    [2011/11/11 13:07:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
    [2011/11/11 13:07:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
    [2011/11/11 13:07:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll

    ========== Chrome ==========

    CHR - default_search_provider: Norton Safe Search (Enabled)
    CHR - default_search_provider: search_url = http://nortonsafe.search.ask.com/we...eo=US&amp;ver=20&amp;locale=en_US&amp;tpr=111
    CHR - default_search_provider: suggest_url =
    CHR - Extension: TrustLoke = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbahemanonpcppbjdkdjemkhkpbllnfe\2.3.15.10_0\
    CHR - Extension: InfoAtoms = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk\1.5.0.0_0\
    CHR - Extension: Norton Identity Protection = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0\
    CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.14.40.128_0\

    O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\20.2.0.19\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\20.2.0.19\ips\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\20.2.0.19\coieplg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\20.2.0.19\coieplg.dll (Symantec Corporation)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
    O4 - HKLM..\Run: [Easy Dock] File not found
    O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
    O4 - HKLM..\Run: [SMessaging] C:\Users\Owner\AppData\Local\Strongvault Online Backup\SMessaging.exe (Stronghold Online Backup)
    O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
    O4 - HKLM..\Run: [WPCUMI] C:\WINDOWS\System32\wpcumi.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [ehTray.exe] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [Google Update] C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
    O4 - HKCU..\Run: [Messenger] C:\Program Files\Strongvault Online Backup\ClientMessenger.exe (Stronghold LLC)
    O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
    O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
    O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
    O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe (Hewlett-Packard Co.)
    O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RCA Detective.lnk = C:\Users\Owner\Documents\RCA Detective\RCADetective.exe (Audiovox Electronics Corp.)
    O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Chessmaster® Grandmaster Edition .LNK = C:\Program Files\Ubisoft\Chessmaster Grandmaster Edition\Register\RegistrationReminder.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\nlaapi.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\NapiNSP.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\pnrpnsp.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\pnrpnsp.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: fult.com ([access] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
    O15 - HKCU\..Trusted Domains: intuit.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: intuit.com ([accounts] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
    O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} http://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll (diskhealth Class)
    O16 - DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} http://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll (PCPitstop AntiVirus)
    O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab (EPUImageControl Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4129B5DC-99F9-495A-8760-E0646DEAD679}: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\MSVidCtl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\MSVidCtl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
    O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Owner\Pictures\wheatland.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Owner\Pictures\wheatland.jpg
    O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
    O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
    O31 - SafeBoot: AlternateShell - cmd.exe
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/04/25 14:12:32 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{6223c080-7887-11e2-97d0-001bb9539163}\Shell - "" = AutoRun
    O33 - MountPoints2\{6223c080-7887-11e2-97d0-001bb9539163}\Shell\AutoRun\command - "" = K:\HTC_Sync_Manager_PC.exe
    O33 - MountPoints2\{caeb013c-5c30-11e2-9fe3-001bb9539163}\Shell - "" = AutoRun
    O33 - MountPoints2\{caeb013c-5c30-11e2-9fe3-001bb9539163}\Shell\AutoRun\command - "" = J:\HTC_Sync_Manager_PC.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/02/20 23:03:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2013/02/20 22:13:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
    [2013/02/20 22:13:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/02/20 22:13:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2013/02/20 22:13:29 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2013/02/20 22:13:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2013/02/16 17:44:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
    [2013/02/16 17:44:17 | 000,000,000 | ---D | C] -- C:\Program Files\Spirent Communications
    [2013/02/16 17:43:54 | 000,000,000 | ---D | C] -- C:\Program Files\HTC
    [2013/02/16 17:41:47 | 000,000,000 | ---D | C] -- C:\ProgramData\W3i
    [2013/02/16 17:41:47 | 000,000,000 | ---D | C] -- C:\Program Files\W3i
    [2013/02/16 17:41:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uninstall Helper
    [2013/02/16 16:49:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
    [2013/02/16 16:49:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Strongvault Online Backup
    [2013/02/16 16:49:02 | 000,000,000 | -HSD | C] -- C:\Windows\System32\AI_RecycleBin
    [2013/02/16 16:48:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Strongvault Online Backup
    [2013/02/16 16:48:56 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Strongvault
    [2013/02/16 16:48:51 | 000,000,000 | ---D | C] -- C:\Program Files\Strongvault Online Backup
    [2013/02/16 16:48:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strongvault Online Backup
    [2013/02/16 16:48:27 | 000,000,000 | -HSD | C] -- C:\AI_RecycleBin
    [2013/02/16 16:39:25 | 000,000,000 | ---D | C] -- C:\Program Files\InfoAtoms
    [2013/02/14 03:21:18 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2013/02/14 03:21:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2013/02/14 03:21:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
    [2013/02/14 03:21:16 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2013/02/14 03:21:15 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
    [2013/02/14 03:21:14 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
    [2013/02/14 03:21:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
    [2013/02/14 03:21:13 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2013/02/13 06:02:25 | 002,048,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2013/02/13 06:02:25 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
    [2013/02/13 06:02:22 | 003,602,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
    [2013/02/13 06:02:22 | 003,550,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
    [2013/02/01 20:19:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2012
    [2013/02/01 19:25:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2013/02/01 19:24:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2013/02/01 19:24:35 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2013/02/01 19:24:35 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
    [8 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/02/20 23:11:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0FAE9C89-EDAA-4993-857A-8CB694AA6A66}.job
    [2013/02/20 23:03:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2013/02/20 22:43:21 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/02/20 22:40:13 | 000,081,967 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2013/02/20 22:39:49 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/02/20 22:36:30 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/02/20 22:36:30 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/02/20 22:36:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/02/20 22:31:18 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/02/20 22:17:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-826819527-1352970958-3314546038-1000UA.job
    [2013/02/20 22:13:31 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/02/20 21:38:02 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2013/02/18 13:30:47 | 002,490,219 | ---- | M] () -- C:\Windows\System32\drivers\N360\1402000.013\Cat.DB
    [2013/02/17 22:07:53 | 000,001,356 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
    [2013/02/17 14:38:39 | 000,066,004 | ---- | M] () -- C:\ProgramData\nvModes.dat
    [2013/02/17 08:44:32 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\DriverCure.job
    [2013/02/16 23:32:46 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-826819527-1352970958-3314546038-1000Core.job
    [2013/02/16 20:53:12 | 000,014,818 | ---- | M] () -- C:\Windows\System32\drivers\N360\1402000.013\VT20130115.021
    [2013/02/16 19:56:29 | 000,000,542 | ---- | M] () -- C:\Users\Owner\Desktop\z7xeuj8r - Shortcut.lnk
    [2013/02/16 19:52:48 | 000,000,511 | ---- | M] () -- C:\Users\Owner\Desktop\dds - Shortcut.lnk
    [2013/02/16 19:49:16 | 000,000,572 | ---- | M] () -- C:\Users\Owner\Desktop\HijackThis (2) - Shortcut.lnk
    [2013/02/16 18:03:08 | 000,642,906 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2013/02/16 18:03:08 | 000,120,096 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2013/02/16 18:00:08 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf
    [2013/02/16 16:48:59 | 000,001,123 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.exe.lnk
    [2013/02/16 16:48:59 | 000,000,957 | ---- | M] () -- C:\Users\Public\Desktop\Shortcut to Strongvault.lnk
    [2013/02/16 08:52:37 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
    [2013/02/16 08:52:37 | 000,007,446 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
    [2013/02/16 08:52:37 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
    [2013/02/15 01:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
    [2013/02/14 03:47:07 | 001,260,416 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2013/02/09 14:53:06 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOwner.job
    [2013/02/09 13:43:13 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2013/02/09 13:43:13 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2013/02/01 20:22:58 | 000,000,605 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    [2013/02/01 20:19:21 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\TurboTax 2012.lnk
    [2013/02/01 19:25:54 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2013/02/01 18:53:51 | 000,002,046 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/02/01 18:53:51 | 000,002,044 | ---- | M] () -- C:\Users\Owner\Desktop\Google Chrome.lnk
    [8 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/02/20 22:13:31 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/02/16 19:56:29 | 000,000,542 | ---- | C] () -- C:\Users\Owner\Desktop\z7xeuj8r - Shortcut.lnk
    [2013/02/16 19:52:48 | 000,000,511 | ---- | C] () -- C:\Users\Owner\Desktop\dds - Shortcut.lnk
    [2013/02/16 19:49:16 | 000,000,572 | ---- | C] () -- C:\Users\Owner\Desktop\HijackThis (2) - Shortcut.lnk
    [2013/02/16 18:00:08 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf
    [2013/02/16 16:48:59 | 000,001,123 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.exe.lnk
    [2013/02/16 16:48:59 | 000,000,957 | ---- | C] () -- C:\Users\Public\Desktop\Shortcut to Strongvault.lnk
    [2013/02/01 20:19:21 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\TurboTax 2012.lnk
    [2013/02/01 19:25:54 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/01/31 21:52:34 | 000,000,605 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    [2011/05/12 13:43:51 | 000,001,940 | ---- | C] () -- C:\Users\Owner\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2011/05/06 20:03:44 | 000,000,120 | ---- | C] () -- C:\Windows\QUICKEN.INI
    [2010/02/18 16:40:51 | 000,001,356 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
    [2009/11/05 20:32:54 | 000,006,544 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\PrimoPDFSet.xml
    [2009/10/14 21:06:09 | 000,081,967 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2009/10/14 21:05:30 | 000,066,004 | ---- | C] () -- C:\ProgramData\nvModes.dat
    [2009/01/29 20:53:51 | 000,061,224 | ---- | C] () -- C:\Users\Owner\GoToAssistDownloadHelper.exe
    [2008/08/06 05:43:30 | 000,000,488 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
    [2008/08/02 18:38:52 | 000,019,456 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/01/01 16:58:57 | 000,000,632 | RHS- | C] () -- C:\Users\Owner\ntuser.pol

    ========== ZeroAccess Check ==========

    [2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2012/05/22 16:42:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\.mono
    [2008/12/27 19:11:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Amazon
    [2010/06/11 20:08:12 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2009/10/12 20:22:11 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DriverCure
    [2009/12/20 22:59:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GARMIN
    [2012/06/02 17:02:29 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GetRightToGo
    [2009/10/12 20:37:13 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ICAClient
    [2012/09/18 05:30:17 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\iPodder
    [2008/01/01 18:00:30 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech
    [2009/05/22 15:28:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LEGO Media
    [2012/06/23 06:07:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenOffice.org
    [2012/05/22 16:39:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Pokémon Trading Card Game Online
    [2008/01/01 14:39:23 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Snapfish
    [2010/06/11 20:17:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SumatraPDF
    [2008/08/06 05:43:32 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template
    [2012/09/11 17:45:21 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Unity
    [2008/02/15 18:07:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinBatch

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 813 bytes -> C:\Users\Owner\Documents\Re_ Hi Doris -part 2 _).eml:OECustomProperty
    < End of report >

    EXTRAS.TXT

    OTL Extras logfile created on: 2/20/2013 11:04:46 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.94 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 50.42% Memory free
    6.08 Gb Paging File | 4.61 Gb Available in Paging File | 75.72% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 363.82 Gb Total Space | 219.05 Gb Free Space | 60.21% Space Free | Partition Type: NTFS
    Drive D: | 8.79 Gb Total Space | 1.05 Gb Free Space | 11.98% Space Free | Partition Type: NTFS

    Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "UacDisableNotify" = 1
    "InternetSettingsDisableNotify" = 1
    "AutoUpdateDisableNotify" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0013E173-1B95-4E1C-B0FA-FA8D6A5707F8}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service v4\intuitupdater.exe |
    "{0C841533-3835-4F47-A03B-14FDA8BB3920}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{0E44B815-C5A6-4E9D-90AD-B8C4C168DA1A}" = lport=138 | protocol=17 | dir=in | app=system |
    "{0E808972-92A4-4825-B4AE-8D30201FD217}" = lport=137 | protocol=17 | dir=in | app=system |
    "{1D64B367-56AE-4880-98B8-7956C16D8CF0}" = rport=138 | protocol=17 | dir=out | app=system |
    "{3119793F-E0FC-4A7A-AC2B-96A63CA09038}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service v4\intuitupdateservice.exe |
    "{4D96E161-4964-4BB1-AADA-D2125856762C}" = lport=139 | protocol=6 | dir=in | app=system |
    "{536A395A-E3ED-4055-87DC-AC4FCC1D51B0}" = rport=445 | protocol=6 | dir=out | app=system |
    "{67E91FCE-4548-4659-8CBC-FA8848257F03}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{7BB66914-129C-4C7F-A135-B918567794F2}" = lport=445 | protocol=6 | dir=in | app=system |
    "{7FBFBB4F-9A05-4712-A27D-F23250964F17}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
    "{862D2BD8-41F3-443F-9E13-E61C99FC9483}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
    "{AEF14250-061A-46D5-9D4C-B25F5EA5DEB5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{CC5E1009-5A3D-4DCA-815C-3D944AC5850E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{CEA6D261-DF41-4E18-8E52-89C61E008BC1}" = rport=139 | protocol=6 | dir=out | app=system |
    "{FB1F2CCB-B787-482A-AA39-C3554E21EDD1}" = rport=137 | protocol=17 | dir=out | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01DE4B25-B122-49C7-932A-AA436512E713}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{04A12ADA-DA61-48A1-B68A-9CE4B4B1EACF}" = protocol=6 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\updatemgr.exe |
    "{0576F23A-91A9-4FB4-8FF0-BE7A242334C4}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
    "{086B3131-75B9-4A8B-B5FD-82A4862726AC}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
    "{0B02C3C8-21F9-41E0-90CC-8328B951B3AB}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{12B91513-54A6-426D-8567-41F396374939}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
    "{15C24D3E-9E50-4FEA-BA37-7B474C29ECC6}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{16CD8728-32BB-4B32-B338-B70EF15B4D9D}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
    "{35C5308C-DB4A-408D-9431-8A41CA109EC7}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{3CB11067-AE8D-43DA-9AF5-BBBB53D21B3D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{47D85D8D-CBFF-40F7-B9F9-D3FE6A8AFC03}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{49A09032-2F15-46DF-AEA7-8D254DDFC375}" = protocol=17 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\ttax.exe |
    "{51A91FBA-D5C2-4D83-9A01-869F2C416B31}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{5D567055-E735-4340-B95F-943ABF7E5CF9}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
    "{6EEE2420-35C6-49C8-B5C7-9DFE17FE7C39}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{762F9EE8-AB81-4CEB-A225-0143872DD18B}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
    "{8230E178-C84B-494B-AC84-B6837AA1CE5E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{89A661D8-E380-442F-A38E-20A5260FD9D4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty world at war - verruckt\smp.exe |
    "{A08F70E2-27CD-47D2-A17B-1125E75AC8D3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{AA14F72A-A973-426E-80EE-342BA6FD4F5B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty world at war - verruckt\smp.exe |
    "{B351C3CE-FCF7-4046-9D3D-10947E8817D2}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{B7F7423A-1E1D-4C00-8C37-3EA8635260E1}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{BF1A2201-5736-4DDB-973C-F39C8A3970B8}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{C0ACC91B-7353-4E99-B1FC-E5D5AF0BFDD5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{C720F97E-6D35-44A3-810F-C9AEE5B426AF}" = protocol=17 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\updatemgr.exe |
    "{C9A9F816-3202-4F6D-813C-C10C138948DB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{CA20AA4D-C568-450F-8BF6-B8CA532082BB}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{D9B904E1-CAD0-478E-85B6-D3D1B5B8C1C7}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
    "{EAE14DA8-59BA-471B-8A57-64EBE75AE2FE}" = protocol=6 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\ttax.exe |
    "{F8D0555F-E934-4383-8CDD-4945D5E97DD5}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix online plug-in (Web)
    "{0C8C6F56-41FA-44F6-8107-DCFAA7EFD601}" = The Print Shop 23.1
    "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
    "{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
    "{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
    "{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
    "{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
    "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{27614800-84A9-484E-9CCB-43ED2F1205F5}" = Chessmaster Grandmaster Edition
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
    "{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
    "{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
    "{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
    "{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
    "{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
    "{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
    "{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3C391720-EAA2-012B-AE98-000000000000}" = TurboTax 2009 wpaiper
    "{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
    "{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
    "{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
    "{4647B1E4-9907-4A58-963C-E785DF674C3E}" = TurboTax 2010 wpaiper
    "{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
    "{49FA793C-785E-47E9-93DF-BD442B0B45D1}" = McAfee Virtual Technician
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{4C5D15D2-5351-4F05-A96E-56C20554F977}" = RollerCoaster Tycoon 2 Triple Thrill Pack
    "{4CA54C97-67B1-4507-9BE0-0ED39C24FA32}" = TurboTax 2012 wpaiper
    "{4D9C7DA3-D532-432D-A556-5F6CD186B0A5}" = DJ_AIO_03_F4200_ProductContext
    "{4EF6FDB0-3B11-4820-9860-8E08E9965195}" = Snapfish Media Detector
    "{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
    "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
    "{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
    "{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
    "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
    "{5F5FD023-B0CE-4682-8278-B8B9CDDD63C7}" = LightPDF
    "{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
    "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
    "{62653245-3DC5-4019-AF6B-4E62D6150D9E}" = F4200_Help
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{67DFCE0D-BBA9-43AC-90B3-548390ECE522}" = F4200
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
    "{692EF506-1E15-4473-A829-ED951D6C49DB}" = Strongvault Online Backup
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6AF49698-949A-4C89-9B31-041D2CCB5FBD}" = muvee autoProducer 6.0
    "{6C528316-05A0-4594-A949-94B792EC396C}" = TurboTax 2011 wpaiper
    "{6D172D0A-B9F1-4046-AFAB-8599288545BF}" = Safari
    "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
    "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
    "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{70BB990A-1461-4178-943D-7F771067D95C}" = Citrix Offline Plug-in
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{71DFAA65-77FA-41F3-A748-013B5A8524A3}" = Garmin City Navigator North America NT 2010.30
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
    "{751910E3-ECF1-44D0-BF3F-2936A4424514}" = ImageMixer3
    "{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
    "{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
    "{7E820A0C-8CD6-44A2-9963-A243B224CDB4}" = TurboTax 2008 wpaiper
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{82BF2C5E-79A7-4A13-B508-D5E64A5B141E}" = Uninstall Helper
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
    "{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
    "{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
    "{89EC099E-958D-462E-972C-385591946978}" = TurboTax 2012 WinPerFedFormset
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
    "{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
    "{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
    "{9DBCE8C7-FE94-4D8F-9FF0-38EF3D8BC99E}" = DJ_AIO_03_F4200_Software
    "{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
    "{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}" = TurboTax 2012 WinPerTaxSupport
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
    "{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
    "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.4
    "{AE9A67F9-ADF1-4a44-BAB5-C1DB302B37A2}" = HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
    "{AF833FA4-6845-4668-B5EE-AF4FBDAB119D}" = Soccer Mania
    "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
    "{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
    "{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B29B526D-F027-4122-BC7A-D9E5BC86CC40}" = DJ_AIO_03_F4200_Software_Min
    "{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
    "{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
    "{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
    "{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
    "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D81F39D4-FDA9-4356-92B1-16081D8BF71A}" = Pokémon Trading Card Game Online
    "{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
    "{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
    "{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
    "{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
    "{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
    "{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
    "{E83F5F27-43F3-4163-ABE5-F68C989286ED}" = TurboTax 2012 wrapper
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
    "{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
    "{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
    "{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
    "{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
    "{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Amazon Games & Software Downloader_is1" = Amazon Games & Software Downloader
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
    "Backyard Soccer MLS Edition" = Backyard Soccer MLS Edition
    "CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Hot Wheels 2 - Get'n Dirty" = Hot Wheels® Stunt Track Driver 2 - GET'N DIRTY(TM)
    "HP Imaging Device Functions" = HP Imaging Device Functions 10.0
    "HP Photosmart Essential" = HP Photosmart Essential 2.5
    "HP Smart Web Printing" = HP Smart Web Printing
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 10.0
    "InfoAtoms" = InfoAtoms [Uninstall]
    "InstallShield_{27614800-84A9-484E-9CCB-43ED2F1205F5}" = Chessmaster Grandmaster Edition
    "InstallShield_{AF833FA4-6845-4668-B5EE-AF4FBDAB119D}" = Soccer Mania
    "Juice" = Juice 2.2
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "MotoRacerCurrentVer" = Moto Racer
    "N360" = Norton Security Suite
    "NVIDIA Drivers" = NVIDIA Drivers
    "OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
    "PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
    "Pdf to Word Converter 3000_is1" = Pdf to Word Converter 3000 7.4
    "PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
    "RCA Detective™_is1" = RCA Detective™ 2.0.0.98
    "RCA easyRip™_is1" = RCA easyRip™ 1.4.6.0
    "Shop for HP Supplies" = Shop for HP Supplies
    "Stunt Track Driver" = Stunt Track Driver
    "TurboTax 2008" = TurboTax 2008
    "TurboTax 2009" = TurboTax 2009
    "TurboTax 2010" = TurboTax 2010
    "TurboTax 2011" = TurboTax 2011
    "TurboTax 2012" = TurboTax 2012
    "TurboTax Deluxe 2007" = TurboTax Deluxe 2007
    "Uninstall Helper 2.0.1.0" = Uninstall Helper
    "UnityWebPlayer" = Unity Web Player
    "WebPost" = Microsoft Web Publishing Wizard 1.52
    "WinLiveSuite" = Windows Live Essentials
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Toolbar" = Yahoo! Toolbar

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{373B1718-8CC5-4567-8EE2-9033AD08A680}" = ROBLOX Player for Owner
    "Google Chrome" = Google Chrome

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 2/18/2013 2:18:14 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 2/18/2013 2:18:14 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 59108

    Error - 2/18/2013 2:18:14 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 59108

    Error - 2/18/2013 2:18:15 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 2/18/2013 2:18:15 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 60107

    Error - 2/18/2013 2:18:15 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 60107

    Error - 2/18/2013 2:18:16 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 2/18/2013 2:18:16 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 61152

    Error - 2/18/2013 2:18:16 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 61152

    Error - 2/18/2013 2:37:48 PM | Computer Name = Owner-PC | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 9.0.8112.16464 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Problem Reports and Solutions control panel. Process
    ID: 1444 Start Time: 01ce0e06cbbcbff6 Termination Time: 11

    Error - 2/20/2013 11:02:00 PM | Computer Name = Owner-PC | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 9.0.8112.16464 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Problem Reports and Solutions control panel. Process
    ID: 16f0 Start Time: 01ce0fdfbc807261 Termination Time: 22

    [ Media Center Events ]
    Error - 12/4/2008 4:59:49 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 1/23/2009 4:40:06 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 3/20/2009 4:48:06 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 11/19/2009 6:44:32 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    [ System Events ]
    Error - 2/20/2013 10:37:53 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7009
    Description =

    Error - 2/20/2013 10:37:53 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 2/20/2013 10:56:28 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7022
    Description =

    Error - 2/20/2013 10:57:26 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10000
    Description =

    Error - 2/20/2013 11:00:29 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7009
    Description =

    Error - 2/20/2013 11:00:29 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 2/20/2013 11:02:05 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7009
    Description =

    Error - 2/20/2013 11:02:05 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 2/20/2013 11:38:24 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7022
    Description =

    Error - 2/20/2013 11:41:04 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10000
    Description =


    < End of report >
     
  11. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Hello dst17601,

    You have the Sony-BMG ROOTKIT on your machine. This is an old one and most fixes apply to XP OS's but let's try this on your machine and see if it does the job:

    You may need to right click and run as Administrator.

    Go to the link below and use the Windows disinfector one:

    http://www.sophos.com/support/disinfection/rkprf.html?ClickID=czkxzlzxipliess4zvw7kzzf7kq7qvlalnzi

    Next

    Please run OTL.exe

    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
      IE - HKLM\..\SearchScopes\{09DFB3C9-D563-4D42-AABF-D6796B3B92DC}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
      IE - HKLM\..\SearchScopes\{3FAF579A-33CB-4FAB-9A78-037CB0FF797E}: "URL" = http://search.yahoo.com/search?p={se...ng}&fr=hp-pvdt
      IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear...}&sourceid=ie7
      IE - HKCU\..\SearchScopes\{09DFB3C9-D563-4D42-AABF-D6796B3B92DC}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
      IE - HKCU\..\SearchScopes\{3FAF579A-33CB-4FAB-9A78-037CB0FF797E}: "URL" = http://search.yahoo.com/search?p={se...ng}&fr=hp-pvdt
      IE - HKCU\..\SearchScopes\{5E431257-AEEF-430C-8453-FAC8297415F1}: "URL" = http://search.conduit.com/ResultsExt...28229741805663
      O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
      O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
      O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
      [2013/02/16 19:56:29 | 000,000,542 | ---- | M] () -- C:\Users\Owner\Desktop\z7xeuj8r - Shortcut.lnk
      
      :Files
      ipconfig /flushdns /c
      
      :Commands
      [resethosts]
      [emptytemp]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot when it is done
    • It will produce a log for you on reboot, please post that log in your next reply.The log is saved in the same location as OTL.
    After that

    Download and run Shortcut Cleaner.

    It will then create a log on your desktop called sc-cleaner.txt and automatically display it.

    Please copy and paste back here.

    When you return please post
    • OTL fix txt
    • sc-cleaner.txt
     
  12. dst17601

    dst17601 Thread Starter

    Joined:
    Feb 16, 2013
    Messages:
    22
    OTL Fix
    All processes killed
    ========== OTL ==========
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09DFB3C9-D563-4D42-AABF-D6796B3B92DC}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09DFB3C9-D563-4D42-AABF-D6796B3B92DC}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3FAF579A-33CB-4FAB-9A78-037CB0FF797E}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3FAF579A-33CB-4FAB-9A78-037CB0FF797E}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09DFB3C9-D563-4D42-AABF-D6796B3B92DC}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09DFB3C9-D563-4D42-AABF-D6796B3B92DC}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3FAF579A-33CB-4FAB-9A78-037CB0FF797E}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3FAF579A-33CB-4FAB-9A78-037CB0FF797E}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5E431257-AEEF-430C-8453-FAC8297415F1}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E431257-AEEF-430C-8453-FAC8297415F1}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully.
    C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
    C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll moved successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
    File C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll not found.
    C:\Users\Owner\Desktop\z7xeuj8r - Shortcut.lnk moved successfully.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Owner\Desktop\cmd.bat deleted successfully.
    C:\Users\Owner\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========
    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYTEMP]

    User: All Users

    User: Ctx_StreamingSvc
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 56504 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 56504 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Isaac and Isaiah
    ->Temp folder emptied: 204477 bytes
    ->Temporary Internet Files folder emptied: 33924 bytes
    ->Java cache emptied: 70959025 bytes
    ->FireFox cache emptied: 30308985 bytes
    ->Apple Safari cache emptied: 16384 bytes
    ->Flash cache emptied: 123924 bytes

    User: New
    ->Temp folder emptied: 33300 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Owner
    ->Temp folder emptied: 108153668 bytes
    ->Temporary Internet Files folder emptied: 216199914 bytes
    ->Java cache emptied: 31464349 bytes
    ->Google Chrome cache emptied: 27808741 bytes
    ->Apple Safari cache emptied: 77539328 bytes
    ->Flash cache emptied: 69299 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 104380 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 2467110234 bytes

    Total Files Cleaned = 2,890.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 02212013_062910
    Files\Folders moved on Reboot...
    C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PBG0H85V\1090047-conduit-malware-taking-over-google[1].htm moved successfully.
    C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O5QT1U9V\rkprf[1].htm moved successfully.
    C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C0108L5C\sed[1].htm moved successfully.
    C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
    C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
    File move failed. C:\Windows\temp\redmonNT.log scheduled to be moved on reboot.
    PendingFileRenameOperations files...

    SC Cleaner
    Shortcut Cleaner 1.2.1 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2013 BleepingComputer.com
    More Information about Shortcut Cleaner can be found at this link:
    http://www.bleepingcomputer.com/download/shortcut-cleaner/
    Program started at: 02/21/2013 06:48:27 AM.
    Searching C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\
    Searching C:\ProgramData\Microsoft\Windows\Start Menu\
    Searching C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\
    Searching C:\Users\Public\Desktop\
    Searching C:\Users\Owner\Desktop\

    0 bad shortcuts found.
    Program finished at: 02/21/2013 06:48:33 AM
    Execution time: 0 hours(s), 0 minute(s), and 5 seconds(s)
     
  13. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Please run a free online scan with the ESET Online Scanner

    Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

    Note: This scan works with Internet Explorer or Mozilla FireFox.

    If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

    • Click the green ESET Online Scanner box
    • Tick the box next to YES, I accept the Terms of Use
      then click on: Start
    • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
    • Make sure that the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Click on Start
    • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically. The scan may take several hours.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • When completed select Uninstall application on close, make sure you copy the logfile first!
    • Then click on: Finish
    • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    • Copy and paste that log as a reply to this topic.
    And tell me how your machine is now. Have the Chrome redirects stopped?
     
  14. dst17601

    dst17601 Thread Starter

    Joined:
    Feb 16, 2013
    Messages:
    22
    Hi,
    I ran the online scan overnight and it took about 6 hours. There was no logfile for me to print. The response I got was a message that there were "No Threats Found."

    I just tried to click into Google Chrome. It takes me directy to Yahoo Geneio (not where I want it to go) and I now have two unwanted toolbars as well. The first is something called Trust Loke and the second is Mixidj. I've also noticed that I am getting frequent popups from Yahoo Geneio and also from something called Strong Vault.

    Unfortunately, it sounds like we haven't fixed all of the problems yet! Thanks for your patience and persistence so far. Can we try to go a little further to get this resolved?

    Thanks,
    Doug
     
  15. dst17601

    dst17601 Thread Starter

    Joined:
    Feb 16, 2013
    Messages:
    22
    Just a quick update before heading off to work. I pulled up the Uninstall program in Windows and it seemed to let me uninstall Geneio. I tried to remove Strongvault and I got a warning from my computer not to proceed unless I trusted the publisher. I don't trust them so I stopped the "un-installation." There is also a listing for InfoAtoms and when I highlight that, I only get an option to "change" not to Uninstall.

    Thought you should know this.

    Thanks,
    Doug
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1090047