Glacial internet connection - possible virus?

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

bvharris

Thread Starter
Joined
Nov 23, 2011
Messages
9
Greetings! I'd like to say in advance how grateful I am for any help you fine folks can provide. I usually like to think of myself as reasonably self-sufficient computer-wise, but I've realized there's a time to admit when you're stumped and seek out people who know more than you do. :)

Anyway, here's my issue:

This last weekend the internet connection on my desktop (which I built last year with help from a friend) became glacially slow to the point where it was basically unusable. Now, we have a somewhat convoluted network set-up in my apartment because we share our internet connection with the people upstairs, where the wireless router is located. We've definitely had connection issues before, but I've usually been able to solve them, and I'm less certain what's happening to me now is a network issue because my girlfriend can connect fine using her Mac. I'd like to eliminate the virus possibility first (which is a good idea anyway) before I look more at the possibility of a network setup issue. If more details on my network situation are needed, let me know.

About a month ago, well before the current issue popped up, I was infected with a virus. I'm not sure the exact type or nature, but it was one of the ones which manifested itself as fake anti-spyware software. I was running only Microsoft Security Essentials at the time, which couldn't seem to handle it, so I went out and bought Norton (perhaps a panic move, but there you go). I installed Norton about 2 weeks ago, and all seemed fine. It found some stuff on its initial run, but nothing since. Then all of a sudden this weekend I can barely connect to the internet. I've tried running scans in both normal and safe mode, and also downloaded MalwareBytes and tried that (it found some problems Norton hadn't when run in safe mode, but still didn't fix the problem).

When I look at my wireless connection's properties, it seems like it should be working fine, and Windows doesn't see any problem with it, which is what leads me to believe something might be secretly sucking up my bandwidth.

Anyway, I could ramble on all day with more details, but for now I'll just get out of the way and post the requested logs. I'd be more than happy to provide any additional details!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:50:10 AM, on 11/23/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16869)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
E:\Program Files (x86)\Steam\Steam.exe
E:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe
C:\Program Files (x86)\Ralink\Common\RaUI.exe
C:\Users\Brett Harris\AppData\Roaming\Dropbox\bin\Dropbox.exe
E:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
E:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Maxtor\OneTouch Status\MaxMenuMgr.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
E:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
E:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
E:\Program Files (x86)\Stardock\Impulse\Impulse.exe
C:\Users\Brett Harris\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://ts.air.org/Default.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll
O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files (x86)\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AmazonGSDownloaderTray] E:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [EPSON NX410 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFCA.EXE /FU "C:\Windows\TEMP\E_S9114.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Steam] "E:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [HLBackupScheduler] e:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = Brett Harris\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Impulse Now.lnk = E:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe
O4 - Startup: OpenOffice.org 3.2.lnk = E:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: forteManager.lnk = ?
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files (x86)\Ralink\Common\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Amazon Download Agent - Amazon.com - E:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: Dragon Age: Origins Updater (DAUpdaterSvc) - BioWare - E:\Program Files (x86)\Electronic Arts\Dragon Age Ultimate\bin_ship\daupdatersvc.service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter.exe
O23 - Service: Ralink Registry Writer 64 (RalinkRegistryWriter64) - Ralink Technology, Corp. - C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12204 bytes



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Run by Brett Harris at 1:52:49 on 2011-11-23
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6135.4141 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
E:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
E:\Program Files (x86)\Electronic Arts\Dragon Age Ultimate\bin_ship\daupdatersvc.service.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe
C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter.exe
C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATIFCA.EXE
E:\Program Files (x86)\Steam\Steam.exe
E:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe
C:\Program Files (x86)\Ralink\Common\RaUI.exe
C:\Users\Brett Harris\AppData\Roaming\Dropbox\bin\Dropbox.exe
E:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
E:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Maxtor\OneTouch Status\MaxMenuMgr.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
E:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
E:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://ts.air.org/Default.htm
uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\IPS\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
uRun: [EPSON NX410 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFCA.EXE /FU "C:\Windows\TEMP\E_S9114.tmp" /EF "HKCU"
uRun: [Steam] "E:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [HLBackupScheduler] e:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [mxomssmenu] "C:\Program Files (x86)\Maxtor\OneTouch Status\maxmenumgr.exe"
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AmazonGSDownloaderTray] E:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "E:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\Users\BRETTH~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Brett Harris\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\BRETTH~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\IMPULS~1.LNK - E:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe
StartupFolder: C:\Users\BRETTH~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - E:\Program Files\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FORTEM~1.LNK - C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RALINK~1.LNK - C:\Program Files (x86)\Ralink\Common\RaUI.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 10.0.1.15
TCP: Interfaces\{206C268F-E473-4A87-AEDC-8D43A43B0C7D} : DhcpNameServer = 10.0.1.1
TCP: Interfaces\{CBB3C2FC-1F52-44A8-B8DF-E5C137765213} : DhcpNameServer = 10.0.1.15
TCP: Interfaces\{CBB3C2FC-1F52-44A8-B8DF-E5C137765213}\23631313B4C696E676C656 : DhcpNameServer = 10.0.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll
mRun-x64: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [mxomssmenu] "C:\Program Files (x86)\Maxtor\OneTouch Status\maxmenumgr.exe"
mRun-x64: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [AmazonGSDownloaderTray] E:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "E:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Brett Harris\AppData\Roaming\Mozilla\Firefox\Profiles\8rftvxlg.default\
FF - prefs.js: browser.search.selectedEngine - Search the web
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: C:\Users\Brett Harris\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: E:\Program Files (x86)\QuickTime\Plugins\npqtplugin.dll
FF - plugin: E:\Program Files (x86)\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: E:\Program Files (x86)\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: E:\Program Files (x86)\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: E:\Program Files (x86)\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: E:\Program Files (x86)\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: E:\Program Files (x86)\QuickTime\Plugins\npqtplugin7.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1302000.00A\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1302000.00A\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1302000.00A\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1302000.00A\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20111114.002\BHDrvx64.sys [2011-11-14 1156216]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1302000.00A\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1302000.00A\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20111122.030\IDSviA64.sys [2011-11-22 488568]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1302000.00A\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1302000.00A\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1302000.00A\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1302000.00A\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 Amazon Download Agent;Amazon Download Agent;E:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2010-11-19 401920]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
R2 DAUpdaterSvc;Dragon Age: Origins Updater;E:\Program Files (x86)\Electronic Arts\Dragon Age Ultimate\bin_ship\daupdatersvc.service.exe [2010-11-24 25832]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccsvchst.exe [2011-11-13 138760]
R2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter.exe [2010-11-17 75040]
R2 RalinkRegistryWriter64;Ralink Registry Writer 64;C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter64.exe [2010-11-17 210720]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-17 138360]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y62x64.sys --> C:\Windows\system32\DRIVERS\e1y62x64.sys [?]
S3 HtcUsbMdmV64;HTC Proprietary USB Driver;C:\Windows\system32\DRIVERS\HtcUsbMdmV64.sys --> C:\Windows\system32\DRIVERS\HtcUsbMdmV64.sys [?]
S3 HtcVCom32;HTC Diagnostic Port;C:\Windows\system32\DRIVERS\HtcVComV64.sys --> C:\Windows\system32\DRIVERS\HtcVComV64.sys [?]
S3 LGDDCDevice;LGDDCDevice;C:\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys [2010-11-18 14336]
S3 LGII2CDevice;LGII2CDevice;C:\Program Files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys [2010-11-18 18432]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-5-25 43032]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-11-23 06:49:53 -------- d-----w- C:\Users\Brett Harris\AppData\Local\AOL
2011-11-23 06:48:21 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{10116C99-33EC-47AD-B800-DF4954A5C8B5}\offreg.dll
2011-11-22 22:58:51 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{10116C99-33EC-47AD-B800-DF4954A5C8B5}\mpengine.dll
2011-11-22 01:25:06 -------- d-----w- C:\Users\Brett Harris\AppData\Roaming\Malwarebytes
2011-11-22 01:24:42 -------- d-----w- C:\ProgramData\Malwarebytes
2011-11-22 01:24:40 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-11-22 01:24:40 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-18 17:44:22 -------- d-----w- C:\Users\Brett Harris\AppData\Roaming\Systweak
2011-11-18 17:44:20 18816 ----a-w- C:\Windows\System32\roboot64.exe
2011-11-13 18:24:36 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2011-11-13 18:20:00 729720 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\srtsp64.sys
2011-11-13 18:20:00 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1302000.00A\symds64.sys
2011-11-13 18:20:00 401016 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\symnets.sys
2011-11-13 18:20:00 37496 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\srtspx64.sys
2011-11-13 18:20:00 189560 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\ironx64.sys
2011-11-13 18:20:00 167048 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\ccsetx64.sys
2011-11-13 18:20:00 1084024 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\symefa64.sys
2011-11-13 18:19:56 -------- d-----w- C:\Windows\System32\drivers\NISx64\1302000.00A
2011-11-13 18:18:22 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-11-13 18:18:22 -------- d-----w- C:\Program Files\Symantec
2011-11-13 18:18:22 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2011-11-13 18:18:03 -------- d-----w- C:\Windows\System32\drivers\NISx64
2011-11-13 18:18:02 -------- d-----w- C:\Program Files (x86)\Norton Internet Security
2011-11-13 18:18:01 -------- d-----w- C:\ProgramData\Norton
2011-11-13 18:17:16 -------- d-----w- C:\ProgramData\NortonInstaller
2011-11-13 18:17:16 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2011-11-13 03:33:23 -------- d-----w- C:\Program Files (x86)\Common Files\AOL
2011-11-09 14:57:42 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 14:57:42 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 14:57:41 3141120 ----a-w- C:\Windows\System32\win32k.sys
2011-11-09 14:57:41 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-08 02:54:07 -------- d-----w- C:\Users\Brett Harris\AppData\Roaming\b66ddWK77fL9gXq
2011-11-08 02:54:06 -------- d-----w- C:\Users\Brett Harris\AppData\Roaming\pvvSS2iibF3nGaQ
2011-11-08 02:54:03 -------- d-----w- C:\Users\Brett Harris\AppData\Roaming\XCCCwkkIVr
2011-11-08 02:54:03 -------- d-----w- C:\Users\Brett Harris\AppData\Roaming\qfEELL8gTZqhCwU
2011-11-08 02:54:02 -------- d-----w- C:\Users\Brett Harris\AppData\Roaming\m22iibF3pnG5a
2011-11-08 02:54:02 -------- d-----w- C:\Users\Brett Harris\AppData\Roaming\c00uucSS2ib3pG4
2011-11-07 22:35:24 -------- d-----w- C:\Users\Brett Harris\AppData\Local\{796209AC-C401-42D3-9417-B63E8281A653}
2011-11-07 22:35:03 -------- d-----w- C:\Users\Brett Harris\AppData\Local\{9EA32EA1-4E37-4FDA-9A14-A95090B56E5A}
2011-10-28 05:38:55 -------- d-----w- C:\Users\Brett Harris\AppData\Local\{D2CED57B-8CD8-44BD-B9E2-C3E6E29A63AD}
2011-10-28 05:38:32 -------- d-----w- C:\Users\Brett Harris\AppData\Local\{6CBC4671-0367-49F1-8F55-83510D063BAF}
2011-10-28 05:21:21 -------- d-----w- C:\Users\Brett Harris\AppData\Local\{1A323A03-ED8A-4E86-AE22-6482C3EF3C58}
2011-10-28 05:20:57 -------- d-----w- C:\Users\Brett Harris\AppData\Local\{E53F5482-8849-47AD-8238-095E5693FC8D}
2011-10-26 07:15:03 6144 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2011-10-26 07:15:02 6144 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
.
==================== Find3M ====================
.
2011-11-13 02:50:13 58696 ----a-w- C:\Windows\SysWow64\AOLParconLink.exe
2011-10-28 05:23:16 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-27 05:40:28 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-27 05:40:28 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-27 04:43:07 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-27 04:43:06 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
.
============= FINISH: 1:53:13.22 ===============
 

Attachments

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
83,330
I'm not trained and authorized to assist you with the DDS log, but I did notice one obvious issue. You have 2 antivirus programs installed and running at the same time. They will fight each other and bog down a computer and cause various problems. One of them needs to go.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

You'll need to wait for a gold/blue shield expert to assist you.

---------------------------------------------------------
 

bvharris

Thread Starter
Joined
Nov 23, 2011
Messages
9
Thanks! I actually haven't been running both regularly, I think they are set to both run on start-up though, which is when I ran the scan. I've tried running each alone (and neither, in safe mode), and that didn't seem to make a difference. I'll give it another try though (and make sure I get rid of one in the long run).
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
Hiya bvharris,

I second what you`ve already been advised by flavallee, two AV programs is a definite NO. I`d remove MSE as Norton IS is paid for.

Go Here scroll to Microsoft Security Essentials read the info, use the tool.

Next,

There are remnants from a previous infection, do the following:

Please download OTM by OldTimer.
Alternative Mirror 1
Alternative Mirror 2
Save it to your desktop.
Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator
  • Copy the text between the dotted lines below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    -------------------------------------------------------------------

    :Files
    ipconfig /flushdns /c
    C:\Users\Brett Harris\AppData\Roaming\b66ddWK77fL9gXq
    C:\Users\Brett Harris\AppData\Roaming\pvvSS2iibF3nGaQ
    C:\Users\Brett Harris\AppData\Roaming\XCCCwkkIVr
    C:\Users\Brett Harris\AppData\Roaming\qfEELL8gTZqhCwU
    C:\Users\Brett Harris\AppData\Roaming\m22iibF3pnG5a
    C:\Users\Brett Harris\AppData\Roaming\c00uucSS2ib3pG4

    :Commands
    [EmptyTemp]

    ---------------------------------------------------------------------
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red
    button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

Let me see the log from OTM, also post fresh set DDS logs and give update on issues/concerns....

Kevin
 

bvharris

Thread Starter
Joined
Nov 23, 2011
Messages
9
Thanks Kevin, I'll do all that when I get home from work and post the updated logs. I really appreciate the quick response!
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
OK, anytime you`re ready. I`m in the UK so will only be online maybe 2 more hours, been a long day for me.....
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
83,330
It's all yours, Kevin. :)

It should be after 9:00 P.M. there now. ;)

---------------------------------------------------------
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
Yep 9:15 PM, promised myself an early night, no later than 11 PM. Had too many late ones recently, starting to catch up...
 

bvharris

Thread Starter
Joined
Nov 23, 2011
Messages
9
Thanks again! I really appreciate the help, please don't stay up any later than you normally would on my account.

I uninstalled MSE for now, just to have only one AV program running, though I may re-evaluate that later.

I ran the OTM program as you advised, the results are below along with a fresh DDS log.

Nothing new to report in terms of functionality on the PC, it's just as bad as it's been. In fact, after running that tool the PC itself actually seems a bit more sluggish (poor mouse responsiveness, for example), though that may just be perception after a day on my working-just-fine work PC.

One other thing I forgot to mention earlier, and may well be nothing. When I open up the taskmanager I see 3 processes running which have no user or description: csrss.exe, atieclxx.exe, and winlogon.exe. I know that these are all normal windows processes, but my haphazard googling also informed me that sometimes viruses masquerade as these files. When I right click them and select "Open File Location" there is no response, which does raise an eyebrow. Not sure if I'm just looking for problems wherever I can find them, but I wanted to mention it.


All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Brett Harris\Desktop\cmd.bat deleted successfully.
C:\Users\Brett Harris\Desktop\cmd.txt deleted successfully.
C:\Users\Brett Harris\AppData\Roaming\b66ddWK77fL9gXq folder moved successfully.
C:\Users\Brett Harris\AppData\Roaming\pvvSS2iibF3nGaQ folder moved successfully.
C:\Users\Brett Harris\AppData\Roaming\XCCCwkkIVr folder moved successfully.
C:\Users\Brett Harris\AppData\Roaming\qfEELL8gTZqhCwU folder moved successfully.
C:\Users\Brett Harris\AppData\Roaming\m22iibF3pnG5a folder moved successfully.
C:\Users\Brett Harris\AppData\Roaming\c00uucSS2ib3pG4 folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Brett Harris
->Temp folder emptied: 219375535 bytes
->Temporary Internet Files folder emptied: 109898789 bytes
->Java cache emptied: 185154 bytes
->FireFox cache emptied: 67621728 bytes
->Flash cache emptied: 270491 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 162504184 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 11784214 bytes

Total Files Cleaned = 545.00 mb


OTM by OldTimer - Version 3.1.19.0 log created on 11232011_163841

Files moved on Reboot...
C:\Users\Brett Harris\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Run by Brett Harris at 16:45:52 on 2011-11-23
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6135.4293 [GMT -5:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atieclxx.exe
E:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
E:\Program Files (x86)\Electronic Arts\Dragon Age Ultimate\bin_ship\daupdatersvc.service.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe
C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter.exe
C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
E:\Program Files (x86)\Steam\Steam.exe
E:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe
C:\Program Files (x86)\Ralink\Common\RaUI.exe
C:\Users\Brett Harris\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Maxtor\OneTouch Status\MaxMenuMgr.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
E:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
E:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
E:\Program Files\OpenOffice.org 3\program\soffice.exe
E:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskeng.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://ts.air.org/Default.htm
uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\IPS\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
uRun: [EPSON NX410 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFCA.EXE /FU "C:\Windows\TEMP\E_S9114.tmp" /EF "HKCU"
uRun: [Steam] "E:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [HLBackupScheduler] e:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [mxomssmenu] "C:\Program Files (x86)\Maxtor\OneTouch Status\maxmenumgr.exe"
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AmazonGSDownloaderTray] E:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "E:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\Users\BRETTH~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Brett Harris\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\BRETTH~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\IMPULS~1.LNK - E:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe
StartupFolder: C:\Users\BRETTH~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - E:\Program Files\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FORTEM~1.LNK - C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RALINK~1.LNK - C:\Program Files (x86)\Ralink\Common\RaUI.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 10.0.1.1
TCP: Interfaces\{206C268F-E473-4A87-AEDC-8D43A43B0C7D} : DhcpNameServer = 10.0.1.1
TCP: Interfaces\{CBB3C2FC-1F52-44A8-B8DF-E5C137765213} : DhcpNameServer = 10.0.1.1
TCP: Interfaces\{CBB3C2FC-1F52-44A8-B8DF-E5C137765213}\841627279637F545F6C626562747 : DhcpNameServer = 10.0.1.15
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll
mRun-x64: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [mxomssmenu] "C:\Program Files (x86)\Maxtor\OneTouch Status\maxmenumgr.exe"
mRun-x64: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [AmazonGSDownloaderTray] E:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "E:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Brett Harris\AppData\Roaming\Mozilla\Firefox\Profiles\8rftvxlg.default\
FF - prefs.js: browser.search.selectedEngine - Search the web
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: C:\Users\Brett Harris\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: E:\Program Files (x86)\QuickTime\Plugins\npqtplugin.dll
FF - plugin: E:\Program Files (x86)\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: E:\Program Files (x86)\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: E:\Program Files (x86)\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: E:\Program Files (x86)\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: E:\Program Files (x86)\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: E:\Program Files (x86)\QuickTime\Plugins\npqtplugin7.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1302000.00A\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1302000.00A\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1302000.00A\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1302000.00A\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20111114.002\BHDrvx64.sys [2011-11-14 1156216]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1302000.00A\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1302000.00A\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20111122.030\IDSviA64.sys [2011-11-22 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1302000.00A\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1302000.00A\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1302000.00A\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1302000.00A\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 Amazon Download Agent;Amazon Download Agent;E:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2010-11-19 401920]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
R2 DAUpdaterSvc;Dragon Age: Origins Updater;E:\Program Files (x86)\Electronic Arts\Dragon Age Ultimate\bin_ship\daupdatersvc.service.exe [2010-11-24 25832]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccsvchst.exe [2011-11-13 138760]
R2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter.exe [2010-11-17 75040]
R2 RalinkRegistryWriter64;Ralink Registry Writer 64;C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter64.exe [2010-11-17 210720]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-17 138360]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y62x64.sys --> C:\Windows\system32\DRIVERS\e1y62x64.sys [?]
S3 HtcUsbMdmV64;HTC Proprietary USB Driver;C:\Windows\system32\DRIVERS\HtcUsbMdmV64.sys --> C:\Windows\system32\DRIVERS\HtcUsbMdmV64.sys [?]
S3 HtcVCom32;HTC Diagnostic Port;C:\Windows\system32\DRIVERS\HtcVComV64.sys --> C:\Windows\system32\DRIVERS\HtcVComV64.sys [?]
S3 LGDDCDevice;LGDDCDevice;C:\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys [2010-11-18 14336]
S3 LGII2CDevice;LGII2CDevice;C:\Program Files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys [2010-11-18 18432]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-5-25 43032]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-11-23 21:38:41 -------- d-----w- C:\_OTM
2011-11-23 21:37:25 442 ----a-w- C:\FixitRegBackup.reg
2011-11-23 06:49:53 -------- d-----w- C:\Users\Brett Harris\AppData\Local\AOL
2011-11-22 01:25:06 -------- d-----w- C:\Users\Brett Harris\AppData\Roaming\Malwarebytes
2011-11-22 01:24:42 -------- d-----w- C:\ProgramData\Malwarebytes
2011-11-22 01:24:40 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-11-22 01:24:40 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-18 17:44:22 -------- d-----w- C:\Users\Brett Harris\AppData\Roaming\Systweak
2011-11-18 17:44:20 18816 ----a-w- C:\Windows\System32\roboot64.exe
2011-11-13 18:24:36 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2011-11-13 18:20:00 729720 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\srtsp64.sys
2011-11-13 18:20:00 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1302000.00A\symds64.sys
2011-11-13 18:20:00 401016 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\symnets.sys
2011-11-13 18:20:00 37496 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\srtspx64.sys
2011-11-13 18:20:00 189560 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\ironx64.sys
2011-11-13 18:20:00 167048 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\ccsetx64.sys
2011-11-13 18:20:00 1084024 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\symefa64.sys
2011-11-13 18:19:56 -------- d-----w- C:\Windows\System32\drivers\NISx64\1302000.00A
2011-11-13 18:18:22 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-11-13 18:18:22 -------- d-----w- C:\Program Files\Symantec
2011-11-13 18:18:22 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2011-11-13 18:18:03 -------- d-----w- C:\Windows\System32\drivers\NISx64
2011-11-13 18:18:02 -------- d-----w- C:\Program Files (x86)\Norton Internet Security
2011-11-13 18:18:01 -------- d-----w- C:\ProgramData\Norton
2011-11-13 18:17:16 -------- d-----w- C:\ProgramData\NortonInstaller
2011-11-13 18:17:16 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2011-11-09 14:57:42 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 14:57:42 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 14:57:41 3141120 ----a-w- C:\Windows\System32\win32k.sys
2011-11-09 14:57:41 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-07 22:35:24 -------- d-----w- C:\Users\Brett Harris\AppData\Local\{796209AC-C401-42D3-9417-B63E8281A653}
2011-11-07 22:35:03 -------- d-----w- C:\Users\Brett Harris\AppData\Local\{9EA32EA1-4E37-4FDA-9A14-A95090B56E5A}
2011-10-28 05:38:55 -------- d-----w- C:\Users\Brett Harris\AppData\Local\{D2CED57B-8CD8-44BD-B9E2-C3E6E29A63AD}
2011-10-28 05:38:32 -------- d-----w- C:\Users\Brett Harris\AppData\Local\{6CBC4671-0367-49F1-8F55-83510D063BAF}
2011-10-28 05:21:21 -------- d-----w- C:\Users\Brett Harris\AppData\Local\{1A323A03-ED8A-4E86-AE22-6482C3EF3C58}
2011-10-28 05:20:57 -------- d-----w- C:\Users\Brett Harris\AppData\Local\{E53F5482-8849-47AD-8238-095E5693FC8D}
2011-10-26 07:15:03 6144 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2011-10-26 07:15:02 6144 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
.
==================== Find3M ====================
.
2011-11-13 02:50:13 58696 ----a-w- C:\Windows\SysWow64\AOLParconLink.exe
2011-10-28 05:23:16 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-27 05:40:28 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-27 05:40:28 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-27 04:43:07 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-27 04:43:06 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
.
============= FINISH: 16:46:11.78 ===============
 

Attachments

bvharris

Thread Starter
Joined
Nov 23, 2011
Messages
9
The following is the setting for the start page shown by Internet Explorer, do you know what it is did you set this up

uStart Page = https://ts.air.org/Default.htm
It's the login page for the terminal services program to remote into my work PC. I pretty much only use IE for that and to connect to my wireless router's admin gateway. Firefox is my primary browser.
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
Ok, never seen that start page before. Not seeing a great deal wrong up to now. OK do the following please:

Step 1

Download aswMBR from Here

  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below



    Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives
  • Once the scan finishes click Save log to save the log to your Desktop.


  • Copy and paste the contents of aswMBR.txt back here for review
  • You will also notice another file created on the desktop named MBR.dat. Right-click that file and select Send To and then Compressed (zipped) file. Attach that zipped file to your next reply as well.

Step 2

Download
OTL from any of the following links and save to your Desktop:

Link 1
Link 2
Link 3
Link 4
  • Double click on the icon
    to run it, Vista or Windows 7 users right click and select Run as Administartor. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Under the Extra Registry section, check Use SafeList
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Under the Custom Scan box paste this in:

    Code:
    [B]netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs[/B]
  • Click the
    button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your reply

Let me see the following in your reply :-
  • aswMBR log
  • OTL scan log
  • Extras log
  • Attach the MBR.zip file
 

bvharris

Thread Starter
Joined
Nov 23, 2011
Messages
9
Here you go:


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-23 18:03:18
-----------------------------
18:03:18.104 OS Version: Windows x64 6.1.7600
18:03:18.104 Number of processors: 8 586 0x1A05
18:03:18.104 ComputerName: BRETTHARRIS-PC UserName: Brett Harris
18:03:18.361 Initialize success
18:03:38.919 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:03:38.921 Disk 0 Vendor: SAMSUNG_HD502HJ 1AJ10001 Size: 476940MB BusType: 3
18:03:38.924 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Scsi\mv91xx1Port5Path0Target0Lun0
18:03:38.926 Disk 1 Vendor: C300-CTF 0002 Size: 61057MB BusType: 11
18:03:38.929 Device \Driver\mv91xx -> DriverStartIo SCSIPORT.SYS fffff88000c04bc0
18:03:40.932 Disk 1 MBR read successfully
18:03:40.935 Disk 1 MBR scan
18:03:40.938 Disk 1 Windows 7 default MBR code
18:03:40.942 Service scanning
18:03:42.542 Modules scanning
18:03:42.546 Disk 1 trace - called modules:
18:03:42.552 ntoskrnl.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll mv91xx.sys
18:03:42.556 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8006b50060]
18:03:42.560 3 CLASSPNP.SYS[fffff88001b9543f] -> nt!IofCallDriver -> \Device\Scsi\mv91xx1Port5Path0Target0Lun0[0xfffffa800632b050]
18:03:42.890 Scan finished successfully
18:03:48.213 Disk 1 MBR has been saved successfully to "C:\Users\Brett Harris\Desktop\MBR.dat"
18:03:48.219 The log file has been saved successfully to "C:\Users\Brett Harris\Desktop\aswMBR.txt"


OTL logfile created on: 11/23/2011 6:06:18 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Brett Harris\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 3.94 Gb Available Physical Memory | 65.78% Memory free
11.98 Gb Paging File | 9.74 Gb Available in Paging File | 81.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59.62 Gb Total Space | 15.67 Gb Free Space | 26.27% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 322.94 Gb Free Space | 69.34% Space Free | Partition Type: NTFS

Computer Name: BRETTHARRIS-PC | User Name: Brett Harris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/23 18:00:05 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Brett Harris\Desktop\OTL.exe
PRC - [2011/11/18 12:54:46 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\firefox.exe
PRC - [2011/11/18 12:54:45 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugin-container.exe
PRC - [2011/10/13 09:31:58 | 002,042,088 | ---- | M] (GameStop Corp.) -- E:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe
PRC - [2011/09/01 19:42:06 | 024,183,152 | ---- | M] (Dropbox, Inc.) -- C:\Users\Brett Harris\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/08/10 15:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccsvchst.exe
PRC - [2011/05/05 09:11:36 | 004,950,664 | ---- | M] () -- E:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
PRC - [2010/05/21 00:28:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- E:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/21 00:27:58 | 011,318,784 | ---- | M] (OpenOffice.org) -- E:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2010/01/22 12:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/11/06 11:58:38 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/10/26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/10/26 13:15:56 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009/10/23 12:31:44 | 000,401,920 | ---- | M] (Amazon.com) -- E:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
PRC - [2009/10/23 12:31:44 | 000,326,144 | ---- | M] (Amazon.com) -- E:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
PRC - [2009/04/24 17:01:24 | 001,683,456 | ---- | M] () -- C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe
PRC - [2009/03/30 17:13:52 | 001,828,128 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Ralink\Common\RaUI.exe
PRC - [2008/09/05 10:23:20 | 000,075,040 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter.exe
PRC - [2008/04/17 03:33:14 | 000,181,544 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe
PRC - [2008/04/17 03:31:54 | 000,169,256 | ---- | M] (Maxtor Corporation) -- C:\Program Files (x86)\Maxtor\OneTouch Status\MaxMenuMgr.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/18 12:54:46 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\mozjs.dll
MOD - [2011/10/28 00:23:15 | 008,522,400 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/05/05 09:11:36 | 004,950,664 | ---- | M] () -- E:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
MOD - [2011/05/05 09:11:12 | 000,100,352 | ---- | M] () -- E:\Program Files\Verizon V CAST Media Manager\avutil-50.dll
MOD - [2011/05/05 09:11:10 | 000,684,032 | ---- | M] () -- E:\Program Files\Verizon V CAST Media Manager\libexpat.dll
MOD - [2011/05/05 09:11:10 | 000,466,975 | ---- | M] () -- E:\Program Files\Verizon V CAST Media Manager\sqlite3.dll
MOD - [2011/03/15 06:13:46 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/05/04 15:36:28 | 000,970,752 | ---- | M] () -- E:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/03/24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/03/19 10:45:36 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/03/19 10:45:36 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/03/19 10:45:36 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/10/23 12:31:44 | 000,038,912 | ---- | M] () -- E:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\utility.dll
MOD - [2009/06/27 10:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2009/04/24 17:01:24 | 001,683,456 | ---- | M] () -- C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe
MOD - [2009/04/24 16:03:28 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\LG Soft India\forteManager\bin\MonitorEngRes.dll
MOD - [2009/04/24 16:03:22 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\LG Soft India\forteManager\bin\ApplicationManager.dll
MOD - [2009/04/24 16:03:14 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\LG Soft India\forteManager\bin\ACRHook.dll
MOD - [2009/04/24 16:03:14 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\LG Soft India\forteManager\bin\ProtocolEngine.dll
MOD - [2009/04/24 16:03:12 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\LG Soft India\forteManager\bin\DeviceManager.dll
MOD - [2009/04/24 16:03:10 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\LG Soft India\forteManager\bin\ErrorHandler.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/10/27 02:51:38 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/11/12 21:13:32 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/08/10 15:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe -- (NIS)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/15 13:07:17 | 000,025,832 | ---- | M] (BioWare) [Auto | Running] -- E:\Program Files (x86)\Electronic Arts\Dragon Age Ultimate\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/11/06 11:58:38 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/10/26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/10/23 12:31:44 | 000,401,920 | ---- | M] (Amazon.com) [Auto | Running] -- E:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/05 10:23:56 | 000,210,720 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter64.exe -- (RalinkRegistryWriter64)
SRV - [2008/09/05 10:23:20 | 000,075,040 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter)
SRV - [2008/04/17 03:33:14 | 000,181,544 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/13 13:18:22 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/09/26 19:38:11 | 001,084,024 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/08/08 18:38:05 | 000,167,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2011/08/02 21:22:10 | 000,729,720 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/08/02 21:22:10 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/07/25 21:18:39 | 000,401,016 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/07/25 21:18:35 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symds64.sys -- (SymDS)
DRV:64bit: - [2011/07/25 21:15:52 | 000,189,560 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ironx64.sys -- (SymIRON)
DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/10/27 04:00:16 | 008,012,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/10/27 02:14:24 | 000,287,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/08/16 05:42:00 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/04/07 03:04:00 | 000,290,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress) Intel(R)
DRV:64bit: - [2010/03/08 13:08:36 | 000,121,800 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HtcVComV64.sys -- (HtcVCom32)
DRV:64bit: - [2010/03/08 13:03:54 | 000,121,800 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HtcUsbMdmV64.sys -- (HtcUsbMdmV64)
DRV:64bit: - [2010/01/22 12:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/01/22 12:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/12/25 02:05:40 | 000,297,512 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2009/10/29 03:14:38 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/07/15 22:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/19 07:56:08 | 000,712,704 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011/11/23 17:03:59 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20111123.003\ex64.sys -- (NAVEX15)
DRV - [2011/11/23 17:03:59 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20111123.003\eng64.sys -- (NAVENG)
DRV - [2011/11/17 02:55:04 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/11/14 14:28:01 | 001,156,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20111114.002\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/11/13 13:20:07 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/11/11 16:47:24 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20111122.030\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/05/25 15:43:58 | 000,043,032 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\SMSIVZAM5X64.sys -- (SMSIVZAM5X64)
DRV - [2009/04/24 16:03:10 | 000,018,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys -- (LGII2CDevice)
DRV - [2009/04/24 16:03:10 | 000,014,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys -- (LGDDCDevice)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-47448684-2351438465-426522871-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://ts.air.org/Default.htm
IE - HKU\S-1-5-21-47448684-2351438465-426522871-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-47448684-2351438465-426522871-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-47448684-2351438465-426522871-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1D 55 D2 5D A3 8E CB 01 [binary data]
IE - HKU\S-1-5-21-47448684-2351438465-426522871-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\S-1-5-21-47448684-2351438465-426522871-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search the web"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:2.1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.6


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Brett Harris\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2011/11/13 13:22:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2011/11/23 16:40:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/22 15:02:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/22 15:02:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\components [2011/11/18 12:54:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins

[2010/11/17 18:29:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brett Harris\AppData\Roaming\Mozilla\Extensions
[2011/10/31 18:40:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brett Harris\AppData\Roaming\Mozilla\Firefox\Profiles\8rftvxlg.default\extensions
[2010/11/18 22:51:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/11/18 19:55:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/11/18 22:51:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\BRETT HARRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8RFTVXLG.DEFAULT\EXTENSIONS\[email protected]
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ips\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-47448684-2351438465-426522871-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AmazonGSDownloaderTray] E:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [mxomssmenu] C:\Program Files (x86)\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-47448684-2351438465-426522871-1000..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-21-47448684-2351438465-426522871-1000..\Run: [EPSON NX410 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFCA.EXE /FU "C:\Windows\TEMP\E_S9114.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-47448684-2351438465-426522871-1000..\Run: [HLBackupScheduler] e:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe ()
O4 - HKU\S-1-5-21-47448684-2351438465-426522871-1000..\Run: [Steam] E:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Brett Harris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Brett Harris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Brett Harris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Impulse Now.lnk = E:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe (GameStop Corp.)
O4 - Startup: C:\Users\Brett Harris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = E:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-47448684-2351438465-426522871-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{206C268F-E473-4A87-AEDC-8D43A43B0C7D}: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBB3C2FC-1F52-44A8-B8DF-E5C137765213}: DhcpNameServer = 10.0.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\S-1-5-21-47448684-2351438465-426522871-1000 Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{330360ed-16b7-11e0-b79c-20cf30543827}\Shell - "" = AutoRun
O33 - MountPoints2\{330360ed-16b7-11e0-b79c-20cf30543827}\Shell\AutoRun\command - "" = F:\TL-Bootstrap.exe
O33 - MountPoints2\{4770ac5e-f2aa-11df-9c03-20cf30543827}\Shell - "" = AutoRun
O33 - MountPoints2\{4770ac5e-f2aa-11df-9c03-20cf30543827}\Shell\AutoRun\command - "" = F:\launcher.exe
O33 - MountPoints2\{cd043b33-a2e9-11e0-89e8-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{cd043b33-a2e9-11e0-89e8-00038a000015}\Shell\AutoRun\command - "" = F:\TL-Bootstrap.exe
O33 - MountPoints2\{ea1f224d-814d-11e0-bd5e-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{ea1f224d-814d-11e0-bd5e-00038a000015}\Shell\AutoRun\command - "" = F:\TL-Bootstrap.exe
O33 - MountPoints2\{ea1f2490-814d-11e0-bd5e-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{ea1f2490-814d-11e0-bd5e-00038a000015}\Shell\AutoRun\command - "" = F:\TL-Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/23 18:01:57 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Brett Harris\Desktop\aswMBR.exe
[2011/11/23 18:00:22 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Brett Harris\Desktop\OTL.exe
[2011/11/23 16:38:41 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/11/23 16:38:01 | 000,523,264 | ---- | C] (OldTimer Tools) -- C:\Users\Brett Harris\Desktop\OTM.exe
[2011/11/23 01:49:53 | 000,000,000 | ---D | C] -- C:\Users\Brett Harris\AppData\Local\AOL
[2011/11/23 01:39:39 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Brett Harris\Desktop\dds.com
[2011/11/23 01:37:56 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Brett Harris\Desktop\HijackThis.exe
[2011/11/21 20:25:06 | 000,000,000 | ---D | C] -- C:\Users\Brett Harris\AppData\Roaming\Malwarebytes
[2011/11/21 20:24:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/21 20:24:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/21 20:24:40 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/11/21 20:24:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/18 12:44:22 | 000,000,000 | ---D | C] -- C:\Users\Brett Harris\AppData\Roaming\Systweak
[2011/11/18 12:44:20 | 000,018,816 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2011/11/13 13:24:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2011/11/13 13:20:00 | 001,084,024 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symefa64.sys
[2011/11/13 13:20:00 | 000,729,720 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtsp64.sys
[2011/11/13 13:20:00 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symds64.sys
[2011/11/13 13:20:00 | 000,401,016 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symnets.sys
[2011/11/13 13:20:00 | 000,189,560 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ironx64.sys
[2011/11/13 13:20:00 | 000,167,048 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ccsetx64.sys
[2011/11/13 13:20:00 | 000,037,496 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtspx64.sys
[2011/11/13 13:19:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A
[2011/11/13 13:18:45 | 000,000,000 | ---D | C] -- C:\Users\Brett Harris\Documents\Symantec
[2011/11/13 13:18:22 | 000,174,200 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/11/13 13:18:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/11/13 13:18:22 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/11/13 13:18:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64
[2011/11/13 13:18:02 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2011/11/13 13:18:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2011/11/13 13:18:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/11/13 13:17:16 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/11/13 13:17:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2011/11/07 17:35:24 | 000,000,000 | ---D | C] -- C:\Users\Brett Harris\AppData\Local\{796209AC-C401-42D3-9417-B63E8281A653}
[2011/11/07 17:35:03 | 000,000,000 | ---D | C] -- C:\Users\Brett Harris\AppData\Local\{9EA32EA1-4E37-4FDA-9A14-A95090B56E5A}
[2011/10/28 00:38:55 | 000,000,000 | ---D | C] -- C:\Users\Brett Harris\AppData\Local\{D2CED57B-8CD8-44BD-B9E2-C3E6E29A63AD}
[2011/10/28 00:38:32 | 000,000,000 | ---D | C] -- C:\Users\Brett Harris\AppData\Local\{6CBC4671-0367-49F1-8F55-83510D063BAF}
[2011/10/28 00:21:21 | 000,000,000 | ---D | C] -- C:\Users\Brett Harris\AppData\Local\{1A323A03-ED8A-4E86-AE22-6482C3EF3C58}
[2011/10/28 00:20:57 | 000,000,000 | ---D | C] -- C:\Users\Brett Harris\AppData\Local\{E53F5482-8849-47AD-8238-095E5693FC8D}
[2011/10/25 20:05:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed

========== Files - Modified Within 30 Days ==========

[2011/11/23 18:05:05 | 000,000,143 | ---- | M] () -- C:\Users\Brett Harris\AppData\Roaming\default.rss
[2011/11/23 18:04:44 | 000,000,543 | ---- | M] () -- C:\Users\Brett Harris\Desktop\MBR.zip
[2011/11/23 18:03:48 | 000,000,512 | ---- | M] () -- C:\Users\Brett Harris\Desktop\MBR.dat
[2011/11/23 18:02:59 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Brett Harris\Desktop\aswMBR.exe
[2011/11/23 18:00:05 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Brett Harris\Desktop\OTL.exe
[2011/11/23 16:47:12 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/23 16:47:12 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/23 16:44:40 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/23 16:44:40 | 000,660,280 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/23 16:44:40 | 000,121,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/23 16:40:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/23 16:40:06 | 529,879,039 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/23 16:37:53 | 000,523,264 | ---- | M] (OldTimer Tools) -- C:\Users\Brett Harris\Desktop\OTM.exe
[2011/11/23 16:37:25 | 000,000,442 | ---- | M] () -- C:\FixitRegBackup.reg
[2011/11/23 16:36:43 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/11/23 01:46:46 | 000,000,006 | ---- | M] () -- C:\Windows\msoffice.ini
[2011/11/23 01:39:39 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Brett Harris\Desktop\dds.com
[2011/11/23 01:37:46 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Brett Harris\Desktop\HijackThis.exe
[2011/11/21 20:24:42 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/14 11:03:30 | 000,205,093 | ---- | M] () -- C:\Users\Brett Harris\Documents\Romance_Of_The_Three_Kingdoms_Xi_NTSC_Custom-cdcovers_cc-front.jpg
[2011/11/13 13:22:11 | 000,002,510 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011/11/13 13:22:05 | 001,840,943 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\Cat.DB
[2011/11/13 13:20:08 | 000,004,782 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\VT20111023.023
[2011/11/13 13:18:22 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/11/13 13:18:22 | 000,007,530 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/11/13 13:18:22 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/11/12 22:36:14 | 000,003,616 | -H-- | M] () -- C:\IPH.PH
[2011/11/12 21:50:13 | 000,058,696 | ---- | M] (AOL Inc.) -- C:\Windows\SysWow64\AOLParconLink.exe
[2011/11/10 03:18:00 | 000,433,096 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/03 19:43:43 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\isolate.ini
[2011/11/02 19:08:48 | 000,007,502 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symefa64.cat
[2011/10/28 00:23:16 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2011/11/23 18:04:44 | 000,000,543 | ---- | C] () -- C:\Users\Brett Harris\Desktop\MBR.zip
[2011/11/23 18:03:48 | 000,000,512 | ---- | C] () -- C:\Users\Brett Harris\Desktop\MBR.dat
[2011/11/23 16:37:25 | 000,000,442 | ---- | C] () -- C:\FixitRegBackup.reg
[2011/11/21 20:24:42 | 000,001,114 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/14 11:03:29 | 000,205,093 | ---- | C] () -- C:\Users\Brett Harris\Documents\Romance_Of_The_Three_Kingdoms_Xi_NTSC_Custom-cdcovers_cc-front.jpg
[2011/11/13 13:21:59 | 001,840,943 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\Cat.DB
[2011/11/13 13:20:24 | 000,004,782 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\VT20111023.023
[2011/11/13 13:20:00 | 000,007,510 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ccsetx64.cat
[2011/11/13 13:20:00 | 000,007,504 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtspx64.cat
[2011/11/13 13:20:00 | 000,007,502 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symefa64.cat
[2011/11/13 13:20:00 | 000,007,500 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtsp64.cat
[2011/11/13 13:20:00 | 000,007,496 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symds64.cat
[2011/11/13 13:20:00 | 000,007,492 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\iron.cat
[2011/11/13 13:20:00 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symnet64.cat
[2011/11/13 13:20:00 | 000,003,433 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symefa.inf
[2011/11/13 13:20:00 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symds.inf
[2011/11/13 13:20:00 | 000,001,440 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symnet.inf
[2011/11/13 13:20:00 | 000,001,438 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtsp64.inf
[2011/11/13 13:20:00 | 000,001,420 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtspx64.inf
[2011/11/13 13:20:00 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ccsetx64.inf
[2011/11/13 13:20:00 | 000,000,772 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\iron.inf
[2011/11/13 13:19:56 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\isolate.ini
[2011/11/13 13:18:22 | 000,007,530 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/11/13 13:18:22 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/11/13 13:18:21 | 000,002,510 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011/11/12 21:41:18 | 000,000,006 | ---- | C] () -- C:\Windows\msoffice.ini
[2011/06/29 22:49:21 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/06/29 22:49:21 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011/06/29 22:49:21 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011/06/29 22:49:21 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011/06/29 22:49:21 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011/06/29 22:49:21 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011/06/29 22:49:21 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011/06/29 22:49:21 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011/06/29 22:49:21 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011/06/29 22:49:21 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011/06/29 22:49:21 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011/06/29 22:49:21 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011/06/29 22:49:21 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011/06/29 22:49:21 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011/06/29 22:49:21 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011/06/29 22:49:21 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011/05/22 15:07:51 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/02/12 15:37:59 | 000,000,143 | ---- | C] () -- C:\Users\Brett Harris\AppData\Roaming\default.rss
[2011/01/27 16:33:01 | 000,776,490 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/14 18:44:00 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/11/17 18:28:17 | 000,013,650 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2010/11/17 18:01:04 | 000,037,035 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010/11/17 18:00:26 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/11/17 18:00:22 | 000,026,791 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010/11/17 17:58:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/09/17 18:17:02 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/02 07:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

========== LOP Check ==========

[2011/02/04 22:57:42 | 000,000,000 | ---D | M] -- C:\Users\Brett Harris\AppData\Roaming\acccore
[2011/08/16 15:53:54 | 000,000,000 | ---D | M] -- C:\Users\Brett Harris\AppData\Roaming\Amazon
[2011/10/28 00:21:36 | 000,000,000 | ---D | M] -- C:\Users\Brett Harris\AppData\Roaming\c1ibD3onGaHsJfL
[2011/10/23 09:11:41 | 000,000,000 | ---D | M] -- C:\Users\Brett Harris\AppData\Roaming\CONtxA0uc2b3n4Q
[2011/11/23 16:40:55 | 000,000,000 | ---D | M] -- C:\Users\Brett Harris\AppData\Roaming\Dropbox
[2011/08/18 07:31:35 | 000,000,000 | ---D | M] -- C:\Users\Brett Harris\AppData\Roaming\EPSON
[2011/06/16 19:59:55 | 000,000,000 | ---D | M] -- C:\Users\Brett Harris\AppData\Roaming\gtk-2.0
[2011/10/23 09:12:04 | 000,000,000 | ---D | M] -- C:\Users\Brett Harris\AppData\Roaming\H9hYXwjUVlBzNc1
[2011/10/23 09:08:40 | 000,000,000 | ---D | M] -- C:\Users\Brett Harris\AppData\Roaming\k11uvSSobFpGaJd
[2011/10/23 09:08:40 | 000,000,000 | ---D | M] -- C:\Users\Brett Harris\AppData\Roaming\lUCeeIIrzPNx
[2010/11/18 20:01:39 | 000,000,000 | ---D | M] -- C:\Users\Brett Harris\AppData\Roaming\Notepad++
[2010/11/18 20:05:01 | 000,000,000 | ---D | M] -- C:\Users\Brett Harris\AppData\Roaming\OpenOffice.org
[2011/10/23 09:11:59 | 000,000,000 | ---D | M] -- C:\Users\Brett Harris\AppData\Roaming\OVelIBtzPyAuDoF
[2011/10/23 09:11:37 | 000,000,000 | ---D | M] -- C:\Users\Brett Harris\AppData\Roaming\RIVrlONtx0c
[2010/11/27 13:17:43 | 000,000,000 | ---D | M] -- C:\Users\Brett Harris\AppData\Roaming\runic games
[2010/11/24 18:02:56 | 000,000,000 | ---D | M] -- C:\Users\Brett Harris\AppData\Roaming\Stardock
[2011/11/18 12:51:05 | 000,000,000 | ---D | M] -- C:\Users\Brett Harris\AppData\Roaming\Systweak
[2011/10/23 09:11:51 | 000,000,000 | ---D | M] -- C:\Users\Brett Harris\AppData\Roaming\tL9gTZqjYwIrO
[2011/10/23 09:11:49 | 000,000,000 | ---D | M] -- C:\Users\Brett Harris\AppData\Roaming\UdEK8gRZ9Yw
[2011/10/23 09:08:32 | 000,000,000 | ---D | M] -- C:\Users\Brett Harris\AppData\Roaming\UH6sWK7fE9TqYw
[2011/10/23 09:11:56 | 000,000,000 | ---D | M] -- C:\Users\Brett Harris\AppData\Roaming\UQH6dWK7fLg
[2011/10/23 09:12:07 | 000,000,000 | ---D | M] -- C:\Users\Brett Harris\AppData\Roaming\wNtxP0ucSiDoG
[2011/10/23 09:08:36 | 000,000,000 | ---D | M] -- C:\Users\Brett Harris\AppData\Roaming\xGG5aQQ6dW8fLhX
[2011/10/23 09:11:44 | 000,000,000 | ---D | M] -- C:\Users\Brett Harris\AppData\Roaming\XvD2obF4pG
[2009/07/14 00:08:49 | 000,032,750 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\uninstall\helper.exe" /HideShortcuts [2011/11/18 12:54:45 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\uninstall\helper.exe" /ShowShortcuts [2011/11/18 12:54:45 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/18 12:54:45 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\firefox.exe [2011/11/18 12:54:46 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\firefox.exe" -preferences [2011/11/18 12:54:46 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\firefox.exe" -safe-mode [2011/11/18 12:54:46 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 20:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 20:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 20:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/08/19 23:35:15 | 000,673,024 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011/08/19 23:35:15 | 000,673,024 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 4.0 BETA 12\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2011/11/18 12:54:45 | 000,713,560 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 4.0 BETA 12\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2011/11/18 12:54:45 | 000,713,560 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 4.0 BETA 12\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2011/11/18 12:54:45 | 000,713,560 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 4.0 BETA 12\FIREFOX.EXE [2011/11/18 12:54:46 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 4.0 BETA 12\FIREFOX.EXE" -PREFERENCES [2011/11/18 12:54:46 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 4.0 BETA 12\FIREFOX.EXE" -SAFE-MODE [2011/11/18 12:54:46 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/13 20:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/13 20:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/13 20:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/08/19 23:35:15 | 000,673,024 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011/08/19 23:35:15 | 000,673,024 | ---- | M] (Microsoft Corporation)

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >



OTL Extras logfile created on: 11/23/2011 6:06:18 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Brett Harris\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 3.94 Gb Available Physical Memory | 65.78% Memory free
11.98 Gb Paging File | 9.74 Gb Available in Paging File | 81.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59.62 Gb Total Space | 15.67 Gb Free Space | 26.27% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 322.94 Gb Free Space | 69.34% Space Free | Partition Type: NTFS

Computer Name: BRETTHARRIS-PC | User Name: Brett Harris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-47448684-2351438465-426522871-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{056E5A6F-BEF6-4094-8724-D45F0F564312}" = Microsoft SQL Server 2008 Setup Support Files
"{0C6C4C8A-3B96-4681-90BA-0E15CDE96298}" = Microsoft SQL Server 2008 Management Studio
"{108C8C1D-DA02-4A6C-94CD-5603F6A6FC72}" = Microsoft SQL Server 2008 Management Studio
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
"{8DF9D3DF-6D03-A04F-217F-F2577D973DBE}" = ATI Catalyst Install Manager
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}" = Paint.NET v3.5.8
"{AE0D971F-5430-8874-B09E-3F1C76E2F8FF}" = WMV9/VC-1 Video Playback
"{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}" = Microsoft SQL Server 2008 Native Client
"{CC7D4CC8-FE90-17E2-FAC6-3D14C93DCE09}" = AMD Drag and Drop Transcoding
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D29E5E5F-47CA-087E-DCBF-FB75171D5B2E}" = ccc-utility64
"{D5558268-0050-4B95-AD5E-426960E1EFE1}" = Intel(R) Network Connections 15.3.68.0
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"EPSON NX410 Series" = EPSON NX410 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"PROSetDX" = Intel(R) Network Connections 15.3.68.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01C5A10F-AD9B-405B-853A-6659841A1242}" = Microsoft SQL Server 2008 Policies
"{02627EE5-EACA-4742-A9CC-E687631773E4}" = Nero ShowTime
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{135F49F2-9071-F45A-4263-DF7D42FBF7DD}" = CCC Help English
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{304377FD-A237-476D-8F21-14B1C5C3B520}" = Dragon Age DLC Service
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{3744B641-61DE-417F-BCDC-9CCED4224DF8}" = LightScribe System Software
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3F66C4BF-4BD9-FF9C-FA9F-4579F60A33B3}" = Catalyst Control Center Graphics Previews Vista
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4220E523-EDE1-449F-83F5-8267D20E1ED0}" = Maxtor Manager
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BF021F7-37A7-4086-B4F1-D5914925D18B}" = VZAccess Manager
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4D44D635-6EDA-4FA5-AB9B-23CF73DA58EA}" = Nero Express OEM
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{64CDE8F2-3791-46F5-BAD2-72FFF5252FAB}" = Microsoft SQL Server Compact 3.5 SP1 Query Tools English
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4E70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = The Sims Medieval
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A914AE85-1A36-0575-714C-BF996BDA20C7}" = ccc-core-static
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{AE249BA3-2421-3996-5E9A-DF4A9F3551FC}" = Catalyst Control Center InstallProxy
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
"{D08A5DFE-F0C2-74FC-DD56-A3B371E9344D}" = EA Shared Game Component: Activation
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D793423B-FF18-4A54-B9C9-75B3396BAAC4}" = Browser Configuration Utility
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DA6FAB8D-E87A-4E8E-A3D3-B7B9F479C725}" = forteManager
"{DB8B49A9-7CF1-34DB-6DF2-1EC41C0FE5E1}" = Catalyst Control Center Graphics Previews Common
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher Enhanced Edition
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{fa66ce34-782c-4177-91bb-f4ef0009f95c}" = Nero 9 Essentials
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIM_7" = AIM 7
"Amazon Games & Software Downloader_is1" = Amazon Games & Software Downloader
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
"com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Shared Game Component: Activation
"Dragon Age DLC Service" = Dragon Age DLC Service
"Dragon Age Origins - Ultimate Edition" = Dragon Age Origins - Ultimate Edition
"EA Installer.-286143439" = EA Installer
"EA Installer.922951512" = EA Installer
"EADM" = EA Download Manager
"EPSON Scanner" = EPSON Scan
"FastStone Capture" = FastStone Capture 6.7
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"HTC_WModemDriver" = WModem Driver Installer
"Impulse" = Impulse
"InstallShield_{4220E523-EDE1-449F-83F5-8267D20E1ED0}" = Maxtor Manager
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"MagniDriver" = marvell 91xx driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Master of Orion" = Master of Orion
"Master of Orion II" = Master of Orion II
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"Mozilla Firefox 9.0 (x86 en-US)" = Mozilla Firefox 9.0 (x86 en-US)
"NIS" = Norton Internet Security
"Notepad++" = Notepad++
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.12
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Steam App 107300" = Breath of Death VII
"Steam App 107310" = Cthulhu Saves the World
"Steam App 19900" = Far Cry 2
"Steam App 22330" = The Elder Scrolls IV: Oblivion
"Steam App 23490" = Tropico 3 - Steam Special Edition
"Steam App 24780" = SimCity 4 Deluxe
"Steam App 31290" = Back to the Future: Episode 1
"Steam App 3910" = Sid Meier's Civilization III: Complete
"Steam App 620" = Portal 2
"Steam App 6910" = Deus Ex: Game of the Year Edition
"Steam App 8930" = Sid Meier's Civilization V
"Steam App 94500" = Back to the Future: Ep 2 - Get Tannen!
"Steam App 94510" = Back to the Future: Ep 3 - Citizen Brown
"Steam App 9900" = Star Trek Online
"Unofficial Oblivion Patch_is1" = Unofficial Oblivion Patch v3.2.0
"Verizon V CAST Media Manager" = Verizon V CAST Media Manager
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.1.7
"WinGimp-2.0_is1" = Gimp 2.6.2 Debug
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-47448684-2351438465-426522871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/17/2011 1:30:20 AM | Computer Name = BrettHarris-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 11/18/2011 2:25:35 AM | Computer Name = BrettHarris-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 11/19/2011 1:30:23 AM | Computer Name = BrettHarris-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 11/20/2011 1:34:29 AM | Computer Name = BrettHarris-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 11/20/2011 8:00:00 PM | Computer Name = BrettHarris-PC | Source = Windows Backup | ID = 4103
Description =

Error - 11/21/2011 1:04:36 AM | Computer Name = BrettHarris-PC | Source = Application Hang | ID = 1002
Description = The program waol.exe version 9.6.0.1 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: fa0 Start Time:
01cca7ed258be220 Termination Time: 11 Application Path: E:\Program Files (x86)\AOL
Desktop 9.6\waol.exe Report Id:

Error - 11/21/2011 1:48:31 AM | Computer Name = BrettHarris-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 11/22/2011 1:41:41 AM | Computer Name = BrettHarris-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 11/23/2011 1:30:40 AM | Computer Name = BrettHarris-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 11/23/2011 5:29:13 PM | Computer Name = BrettHarris-PC | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x8004FF11 Description:Can’t install Microsoft Security Essentials
on a computer running in safe mode. Your computer is currently running in safe
mode. To install Security Essentials, your computer must be running in normal mode.
Please restart your computer in normal mode, and then try to run the Security Essentials
Setup Wizard again. Error code:0x8004FF11.

[ System Events ]
Error - 11/23/2011 5:29:14 PM | Computer Name = BrettHarris-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 11/23/2011 5:29:14 PM | Computer Name = BrettHarris-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 11/23/2011 5:29:14 PM | Computer Name = BrettHarris-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 11/23/2011 5:29:14 PM | Computer Name = BrettHarris-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 11/23/2011 5:29:14 PM | Computer Name = BrettHarris-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 11/23/2011 5:32:03 PM | Computer Name = BrettHarris-PC | Source = DCOM | ID = 10005
Description =

Error - 11/23/2011 5:32:07 PM | Computer Name = BrettHarris-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 11/23/2011 5:32:07 PM | Computer Name = BrettHarris-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 11/23/2011 5:32:07 PM | Computer Name = BrettHarris-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 11/23/2011 5:38:41 PM | Computer Name = BrettHarris-PC | Source = Service Control Manager | ID = 7034
Description = The Amazon Download Agent service terminated unexpectedly. It has
done this 1 time(s).


< End of report >
 

Attachments

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
Re-Run
by double left click, Vista and Widows 7 users right click and select Run as Administrator.
  • Under the
    box at the bottom, paste in the following

    Code:
    :OTL
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    :Files
    C:\Users\Brett Harris\AppData\Roaming\c1ibD3onGaHsJfL
    C:\Users\Brett Harris\AppData\Roaming\CONtxA0uc2b3n4Q
    C:\Users\Brett Harris\AppData\Roaming\H9hYXwjUVlBzNc1
    C:\Users\Brett Harris\AppData\Roaming\k11uvSSobFpGaJd
    C:\Users\Brett Harris\AppData\Roaming\lUCeeIIrzPNx
    C:\Users\Brett Harris\AppData\Roaming\OVelIBtzPyAuDoF
    C:\Users\Brett Harris\AppData\Roaming\RIVrlONtx0c
    C:\Users\Brett Harris\AppData\Roaming\tL9gTZqjYwIrO
    C:\Users\Brett Harris\AppData\Roaming\UdEK8gRZ9Yw
    C:\Users\Brett Harris\AppData\Roaming\UH6sWK7fE9TqYw
    C:\Users\Brett Harris\AppData\Roaming\UQH6dWK7fLg
    C:\Users\Brett Harris\AppData\Roaming\wNtxP0ucSiDoG
    C:\Users\Brett Harris\AppData\Roaming\xGG5aQQ6dW8fLhX
    C:\Users\Brett Harris\AppData\Roaming\XvD2obF4pG
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click
    button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log it produces in your next reply.

Next,

Run ESET Online Scan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the
    button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on
    to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the
    icon on your desktop.
  • Check
  • Click the
    button.
  • Accept any security warnings from your browser.
  • Check
  • Leave the tick out of remove found threats
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push
    , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the
    button.
  • Push
You can refer to this animation by neomage if needed.
Frequently asked questions available Here Please read them before running the scan.

Also be aware this scan can take several hours to complete depending on the size of your system.

ESET log can be found here "C:\Program Files\ESET\EsetOnlineScanner\log.txt".

Post those two logs....

Kevin
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top