1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Glacial internet connection - possible virus?

Discussion in 'Virus & Other Malware Removal' started by bvharris, Nov 23, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. bvharris

    bvharris Thread Starter

    Joined:
    Nov 23, 2011
    Messages:
    9
    Greetings! I'd like to say in advance how grateful I am for any help you fine folks can provide. I usually like to think of myself as reasonably self-sufficient computer-wise, but I've realized there's a time to admit when you're stumped and seek out people who know more than you do. :)

    Anyway, here's my issue:

    This last weekend the internet connection on my desktop (which I built last year with help from a friend) became glacially slow to the point where it was basically unusable. Now, we have a somewhat convoluted network set-up in my apartment because we share our internet connection with the people upstairs, where the wireless router is located. We've definitely had connection issues before, but I've usually been able to solve them, and I'm less certain what's happening to me now is a network issue because my girlfriend can connect fine using her Mac. I'd like to eliminate the virus possibility first (which is a good idea anyway) before I look more at the possibility of a network setup issue. If more details on my network situation are needed, let me know.

    About a month ago, well before the current issue popped up, I was infected with a virus. I'm not sure the exact type or nature, but it was one of the ones which manifested itself as fake anti-spyware software. I was running only Microsoft Security Essentials at the time, which couldn't seem to handle it, so I went out and bought Norton (perhaps a panic move, but there you go). I installed Norton about 2 weeks ago, and all seemed fine. It found some stuff on its initial run, but nothing since. Then all of a sudden this weekend I can barely connect to the internet. I've tried running scans in both normal and safe mode, and also downloaded MalwareBytes and tried that (it found some problems Norton hadn't when run in safe mode, but still didn't fix the problem).

    When I look at my wireless connection's properties, it seems like it should be working fine, and Windows doesn't see any problem with it, which is what leads me to believe something might be secretly sucking up my bandwidth.

    Anyway, I could ramble on all day with more details, but for now I'll just get out of the way and post the requested logs. I'd be more than happy to provide any additional details!

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 1:50:10 AM, on 11/23/2011
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16869)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    E:\Program Files (x86)\Steam\Steam.exe
    E:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
    C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe
    C:\Program Files (x86)\Ralink\Common\RaUI.exe
    C:\Users\Brett Harris\AppData\Roaming\Dropbox\bin\Dropbox.exe
    E:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe
    C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
    C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    E:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files (x86)\Maxtor\OneTouch Status\MaxMenuMgr.exe
    C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    E:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
    E:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    E:\Program Files (x86)\Stardock\Impulse\Impulse.exe
    C:\Users\Brett Harris\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://ts.air.org/Default.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll
    O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\IPS\IPSBHO.DLL
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll
    O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
    O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
    O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files (x86)\Maxtor\OneTouch Status\maxmenumgr.exe"
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [AmazonGSDownloaderTray] E:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
    O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKCU\..\Run: [EPSON NX410 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFCA.EXE /FU "C:\Windows\TEMP\E_S9114.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [Steam] "E:\Program Files (x86)\Steam\steam.exe" -silent
    O4 - HKCU\..\Run: [HLBackupScheduler] e:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: Dropbox.lnk = Brett Harris\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Startup: Impulse Now.lnk = E:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe
    O4 - Startup: OpenOffice.org 3.2.lnk = E:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O4 - Global Startup: forteManager.lnk = ?
    O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files (x86)\Ralink\Common\RaUI.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Amazon Download Agent - Amazon.com - E:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
    O23 - Service: Dragon Age: Origins Updater (DAUpdaterSvc) - BioWare - E:\Program Files (x86)\Electronic Arts\Dragon Age Ultimate\bin_ship\daupdatersvc.service.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter.exe
    O23 - Service: Ralink Registry Writer 64 (RalinkRegistryWriter64) - Ralink Technology, Corp. - C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter64.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 12204 bytes



    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
    Run by Brett Harris at 1:52:49 on 2011-11-23
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6135.4141 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    E:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
    C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
    E:\Program Files (x86)\Electronic Arts\Dragon Age Ultimate\bin_ship\daupdatersvc.service.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe
    C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe
    C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter.exe
    C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter64.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Windows\System32\spool\drivers\x64\3\E_IATIFCA.EXE
    E:\Program Files (x86)\Steam\Steam.exe
    E:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe
    C:\Program Files (x86)\Ralink\Common\RaUI.exe
    C:\Users\Brett Harris\AppData\Roaming\Dropbox\bin\Dropbox.exe
    E:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe
    C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
    C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    E:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files (x86)\Maxtor\OneTouch Status\MaxMenuMgr.exe
    C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    E:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
    E:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\msiexec.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    \\?\C:\Windows\system32\wbem\WMIADAP.EXE
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = https://ts.air.org/Default.htm
    uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll
    BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\IPS\IPSBHO.DLL
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll
    uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
    uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    uRun: [EPSON NX410 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFCA.EXE /FU "C:\Windows\TEMP\E_S9114.tmp" /EF "HKCU"
    uRun: [Steam] "E:\Program Files (x86)\Steam\steam.exe" -silent
    uRun: [HLBackupScheduler] e:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
    mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
    mRun: [mxomssmenu] "C:\Program Files (x86)\Maxtor\OneTouch Status\maxmenumgr.exe"
    mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [AmazonGSDownloaderTray] E:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "E:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    StartupFolder: C:\Users\BRETTH~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Brett Harris\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\Users\BRETTH~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\IMPULS~1.LNK - E:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe
    StartupFolder: C:\Users\BRETTH~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - E:\Program Files\OpenOffice.org 3\program\quickstart.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FORTEM~1.LNK - C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RALINK~1.LNK - C:\Program Files (x86)\Ralink\Common\RaUI.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    TCP: DhcpNameServer = 10.0.1.15
    TCP: Interfaces\{206C268F-E473-4A87-AEDC-8D43A43B0C7D} : DhcpNameServer = 10.0.1.1
    TCP: Interfaces\{CBB3C2FC-1F52-44A8-B8DF-E5C137765213} : DhcpNameServer = 10.0.1.15
    TCP: Interfaces\{CBB3C2FC-1F52-44A8-B8DF-E5C137765213}\23631313B4C696E676C656 : DhcpNameServer = 10.0.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll
    BHO-X64: Norton Identity Protection - No File
    BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\IPS\IPSBHO.DLL
    BHO-X64: Norton Vulnerability Protection - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll
    mRun-x64: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
    mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
    mRun-x64: [mxomssmenu] "C:\Program Files (x86)\Maxtor\OneTouch Status\maxmenumgr.exe"
    mRun-x64: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [AmazonGSDownloaderTray] E:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
    mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [QuickTime Task] "E:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Brett Harris\AppData\Roaming\Mozilla\Firefox\Profiles\8rftvxlg.default\
    FF - prefs.js: browser.search.selectedEngine - Search the web
    FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    FF - plugin: C:\Users\Brett Harris\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - plugin: E:\Program Files (x86)\QuickTime\Plugins\npqtplugin.dll
    FF - plugin: E:\Program Files (x86)\QuickTime\Plugins\npqtplugin2.dll
    FF - plugin: E:\Program Files (x86)\QuickTime\Plugins\npqtplugin3.dll
    FF - plugin: E:\Program Files (x86)\QuickTime\Plugins\npqtplugin4.dll
    FF - plugin: E:\Program Files (x86)\QuickTime\Plugins\npqtplugin5.dll
    FF - plugin: E:\Program Files (x86)\QuickTime\Plugins\npqtplugin6.dll
    FF - plugin: E:\Program Files (x86)\QuickTime\Plugins\npqtplugin7.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    ============= SERVICES / DRIVERS ===============
    .
    R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]
    R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1302000.00A\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1302000.00A\SYMDS64.SYS [?]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1302000.00A\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1302000.00A\SYMEFA64.SYS [?]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20111114.002\BHDrvx64.sys [2011-11-14 1156216]
    R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1302000.00A\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1302000.00A\ccSetx64.sys [?]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20111122.030\IDSviA64.sys [2011-11-22 488568]
    R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1302000.00A\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1302000.00A\Ironx64.SYS [?]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1302000.00A\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1302000.00A\SYMNETS.SYS [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 Amazon Download Agent;Amazon Download Agent;E:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2010-11-19 401920]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
    R2 DAUpdaterSvc;Dragon Age: Origins Updater;E:\Program Files (x86)\Electronic Arts\Dragon Age Ultimate\bin_ship\daupdatersvc.service.exe [2010-11-24 25832]
    R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccsvchst.exe [2011-11-13 138760]
    R2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter.exe [2010-11-17 75040]
    R2 RalinkRegistryWriter64;Ralink Registry Writer 64;C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter64.exe [2010-11-17 210720]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-17 138360]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
    R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
    R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
    R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
    R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y62x64.sys --> C:\Windows\system32\DRIVERS\e1y62x64.sys [?]
    S3 HtcUsbMdmV64;HTC Proprietary USB Driver;C:\Windows\system32\DRIVERS\HtcUsbMdmV64.sys --> C:\Windows\system32\DRIVERS\HtcUsbMdmV64.sys [?]
    S3 HtcVCom32;HTC Diagnostic Port;C:\Windows\system32\DRIVERS\HtcVComV64.sys --> C:\Windows\system32\DRIVERS\HtcVComV64.sys [?]
    S3 LGDDCDevice;LGDDCDevice;C:\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys [2010-11-18 14336]
    S3 LGII2CDevice;LGII2CDevice;C:\Program Files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys [2010-11-18 18432]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-5-25 43032]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2011-11-23 06:49:53 -------- d-----w- C:\Users\Brett Harris\AppData\Local\AOL
    2011-11-23 06:48:21 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{10116C99-33EC-47AD-B800-DF4954A5C8B5}\offreg.dll
    2011-11-22 22:58:51 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{10116C99-33EC-47AD-B800-DF4954A5C8B5}\mpengine.dll
    2011-11-22 01:25:06 -------- d-----w- C:\Users\Brett Harris\AppData\Roaming\Malwarebytes
    2011-11-22 01:24:42 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-11-22 01:24:40 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-11-22 01:24:40 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-11-18 17:44:22 -------- d-----w- C:\Users\Brett Harris\AppData\Roaming\Systweak
    2011-11-18 17:44:20 18816 ----a-w- C:\Windows\System32\roboot64.exe
    2011-11-13 18:24:36 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
    2011-11-13 18:20:00 729720 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\srtsp64.sys
    2011-11-13 18:20:00 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1302000.00A\symds64.sys
    2011-11-13 18:20:00 401016 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\symnets.sys
    2011-11-13 18:20:00 37496 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\srtspx64.sys
    2011-11-13 18:20:00 189560 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\ironx64.sys
    2011-11-13 18:20:00 167048 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\ccsetx64.sys
    2011-11-13 18:20:00 1084024 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\symefa64.sys
    2011-11-13 18:19:56 -------- d-----w- C:\Windows\System32\drivers\NISx64\1302000.00A
    2011-11-13 18:18:22 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
    2011-11-13 18:18:22 -------- d-----w- C:\Program Files\Symantec
    2011-11-13 18:18:22 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
    2011-11-13 18:18:03 -------- d-----w- C:\Windows\System32\drivers\NISx64
    2011-11-13 18:18:02 -------- d-----w- C:\Program Files (x86)\Norton Internet Security
    2011-11-13 18:18:01 -------- d-----w- C:\ProgramData\Norton
    2011-11-13 18:17:16 -------- d-----w- C:\ProgramData\NortonInstaller
    2011-11-13 18:17:16 -------- d-----w- C:\Program Files (x86)\NortonInstaller
    2011-11-13 03:33:23 -------- d-----w- C:\Program Files (x86)\Common Files\AOL
    2011-11-09 14:57:42 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
    2011-11-09 14:57:42 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
    2011-11-09 14:57:41 3141120 ----a-w- C:\Windows\System32\win32k.sys
    2011-11-09 14:57:41 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2011-11-08 02:54:07 -------- d-----w- C:\Users\Brett Harris\AppData\Roaming\b66ddWK77fL9gXq
    2011-11-08 02:54:06 -------- d-----w- C:\Users\Brett Harris\AppData\Roaming\pvvSS2iibF3nGaQ
    2011-11-08 02:54:03 -------- d-----w- C:\Users\Brett Harris\AppData\Roaming\XCCCwkkIVr
    2011-11-08 02:54:03 -------- d-----w- C:\Users\Brett Harris\AppData\Roaming\qfEELL8gTZqhCwU
    2011-11-08 02:54:02 -------- d-----w- C:\Users\Brett Harris\AppData\Roaming\m22iibF3pnG5a
    2011-11-08 02:54:02 -------- d-----w- C:\Users\Brett Harris\AppData\Roaming\c00uucSS2ib3pG4
    2011-11-07 22:35:24 -------- d-----w- C:\Users\Brett Harris\AppData\Local\{796209AC-C401-42D3-9417-B63E8281A653}
    2011-11-07 22:35:03 -------- d-----w- C:\Users\Brett Harris\AppData\Local\{9EA32EA1-4E37-4FDA-9A14-A95090B56E5A}
    2011-10-28 05:38:55 -------- d-----w- C:\Users\Brett Harris\AppData\Local\{D2CED57B-8CD8-44BD-B9E2-C3E6E29A63AD}
    2011-10-28 05:38:32 -------- d-----w- C:\Users\Brett Harris\AppData\Local\{6CBC4671-0367-49F1-8F55-83510D063BAF}
    2011-10-28 05:21:21 -------- d-----w- C:\Users\Brett Harris\AppData\Local\{1A323A03-ED8A-4E86-AE22-6482C3EF3C58}
    2011-10-28 05:20:57 -------- d-----w- C:\Users\Brett Harris\AppData\Local\{E53F5482-8849-47AD-8238-095E5693FC8D}
    2011-10-26 07:15:03 6144 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
    2011-10-26 07:15:02 6144 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
    .
    ==================== Find3M ====================
    .
    2011-11-13 02:50:13 58696 ----a-w- C:\Windows\SysWow64\AOLParconLink.exe
    2011-10-28 05:23:16 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-08-27 05:40:28 861184 ----a-w- C:\Windows\System32\oleaut32.dll
    2011-08-27 05:40:28 331776 ----a-w- C:\Windows\System32\oleacc.dll
    2011-08-27 04:43:07 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
    2011-08-27 04:43:06 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
    .
    ============= FINISH: 1:53:13.22 ===============
     

    Attached Files:

  2. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,955
    First Name:
    Frank
    I'm not trained and authorized to assist you with the DDS log, but I did notice one obvious issue. You have 2 antivirus programs installed and running at the same time. They will fight each other and bog down a computer and cause various problems. One of them needs to go.

    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

    You'll need to wait for a gold/blue shield expert to assist you.

    ---------------------------------------------------------
     
  3. bvharris

    bvharris Thread Starter

    Joined:
    Nov 23, 2011
    Messages:
    9
    Thanks! I actually haven't been running both regularly, I think they are set to both run on start-up though, which is when I ran the scan. I've tried running each alone (and neither, in safe mode), and that didn't seem to make a difference. I'll give it another try though (and make sure I get rid of one in the long run).
     
  4. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya bvharris,

    I second what you`ve already been advised by flavallee, two AV programs is a definite NO. I`d remove MSE as Norton IS is paid for.

    Go Here scroll to Microsoft Security Essentials read the info, use the tool.

    Next,

    There are remnants from a previous infection, do the following:

    Please download OTM by OldTimer.
    Alternative Mirror 1
    Alternative Mirror 2
    Save it to your desktop.
    Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator
    • Copy the text between the dotted lines below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      -------------------------------------------------------------------

      :Files
      ipconfig /flushdns /c
      C:\Users\Brett Harris\AppData\Roaming\b66ddWK77fL9gXq
      C:\Users\Brett Harris\AppData\Roaming\pvvSS2iibF3nGaQ
      C:\Users\Brett Harris\AppData\Roaming\XCCCwkkIVr
      C:\Users\Brett Harris\AppData\Roaming\qfEELL8gTZqhCwU
      C:\Users\Brett Harris\AppData\Roaming\m22iibF3pnG5a
      C:\Users\Brett Harris\AppData\Roaming\c00uucSS2ib3pG4

      :Commands
      [EmptyTemp]

      ---------------------------------------------------------------------
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
    • Click the red [​IMG] button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTM
    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    If the machine reboots, the Results log can be found here:

    c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

    Where mmddyyyy_hhmmss is the date of the tool run.

    Let me see the log from OTM, also post fresh set DDS logs and give update on issues/concerns....

    Kevin
     
  5. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,955
    First Name:
    Frank
    Personally, I would get rid of NIS and keep MSE, but it's your choice.

    If you do get rid of NIS, make sure to download and run its removal tool afterwards so it can get rid of the leftover file and registry debris.

    http://majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html

    -----------------------------------------------
     
  6. bvharris

    bvharris Thread Starter

    Joined:
    Nov 23, 2011
    Messages:
    9
    Thanks Kevin, I'll do all that when I get home from work and post the updated logs. I really appreciate the quick response!
     
  7. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    OK, anytime you`re ready. I`m in the UK so will only be online maybe 2 more hours, been a long day for me.....
     
  8. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,955
    First Name:
    Frank
    It's all yours, Kevin. :)

    It should be after 9:00 P.M. there now. ;)

    ---------------------------------------------------------
     
  9. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Yep 9:15 PM, promised myself an early night, no later than 11 PM. Had too many late ones recently, starting to catch up...
     
  10. bvharris

    bvharris Thread Starter

    Joined:
    Nov 23, 2011
    Messages:
    9
    Thanks again! I really appreciate the help, please don't stay up any later than you normally would on my account.

    I uninstalled MSE for now, just to have only one AV program running, though I may re-evaluate that later.

    I ran the OTM program as you advised, the results are below along with a fresh DDS log.

    Nothing new to report in terms of functionality on the PC, it's just as bad as it's been. In fact, after running that tool the PC itself actually seems a bit more sluggish (poor mouse responsiveness, for example), though that may just be perception after a day on my working-just-fine work PC.

    One other thing I forgot to mention earlier, and may well be nothing. When I open up the taskmanager I see 3 processes running which have no user or description: csrss.exe, atieclxx.exe, and winlogon.exe. I know that these are all normal windows processes, but my haphazard googling also informed me that sometimes viruses masquerade as these files. When I right click them and select "Open File Location" there is no response, which does raise an eyebrow. Not sure if I'm just looking for problems wherever I can find them, but I wanted to mention it.


    All processes killed
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Brett Harris\Desktop\cmd.bat deleted successfully.
    C:\Users\Brett Harris\Desktop\cmd.txt deleted successfully.
    C:\Users\Brett Harris\AppData\Roaming\b66ddWK77fL9gXq folder moved successfully.
    C:\Users\Brett Harris\AppData\Roaming\pvvSS2iibF3nGaQ folder moved successfully.
    C:\Users\Brett Harris\AppData\Roaming\XCCCwkkIVr folder moved successfully.
    C:\Users\Brett Harris\AppData\Roaming\qfEELL8gTZqhCwU folder moved successfully.
    C:\Users\Brett Harris\AppData\Roaming\m22iibF3pnG5a folder moved successfully.
    C:\Users\Brett Harris\AppData\Roaming\c00uucSS2ib3pG4 folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Brett Harris
    ->Temp folder emptied: 219375535 bytes
    ->Temporary Internet Files folder emptied: 109898789 bytes
    ->Java cache emptied: 185154 bytes
    ->FireFox cache emptied: 67621728 bytes
    ->Flash cache emptied: 270491 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 56502 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 162504184 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
    RecycleBin emptied: 11784214 bytes

    Total Files Cleaned = 545.00 mb


    OTM by OldTimer - Version 3.1.19.0 log created on 11232011_163841

    Files moved on Reboot...
    C:\Users\Brett Harris\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...



    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
    Run by Brett Harris at 16:45:52 on 2011-11-23
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6135.4293 [GMT -5:00]
    .
    AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\atieclxx.exe
    E:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
    C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
    E:\Program Files (x86)\Electronic Arts\Dragon Age Ultimate\bin_ship\daupdatersvc.service.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe
    C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe
    C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter.exe
    C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter64.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    E:\Program Files (x86)\Steam\Steam.exe
    E:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe
    C:\Program Files (x86)\Ralink\Common\RaUI.exe
    C:\Users\Brett Harris\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
    C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\Maxtor\OneTouch Status\MaxMenuMgr.exe
    C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    E:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
    E:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    E:\Program Files\OpenOffice.org 3\program\soffice.exe
    E:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\taskeng.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = https://ts.air.org/Default.htm
    uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll
    BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\IPS\IPSBHO.DLL
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll
    uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
    uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    uRun: [EPSON NX410 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFCA.EXE /FU "C:\Windows\TEMP\E_S9114.tmp" /EF "HKCU"
    uRun: [Steam] "E:\Program Files (x86)\Steam\steam.exe" -silent
    uRun: [HLBackupScheduler] e:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
    mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
    mRun: [mxomssmenu] "C:\Program Files (x86)\Maxtor\OneTouch Status\maxmenumgr.exe"
    mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [AmazonGSDownloaderTray] E:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "E:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    StartupFolder: C:\Users\BRETTH~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Brett Harris\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\Users\BRETTH~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\IMPULS~1.LNK - E:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe
    StartupFolder: C:\Users\BRETTH~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - E:\Program Files\OpenOffice.org 3\program\quickstart.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FORTEM~1.LNK - C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RALINK~1.LNK - C:\Program Files (x86)\Ralink\Common\RaUI.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    TCP: DhcpNameServer = 10.0.1.1
    TCP: Interfaces\{206C268F-E473-4A87-AEDC-8D43A43B0C7D} : DhcpNameServer = 10.0.1.1
    TCP: Interfaces\{CBB3C2FC-1F52-44A8-B8DF-E5C137765213} : DhcpNameServer = 10.0.1.1
    TCP: Interfaces\{CBB3C2FC-1F52-44A8-B8DF-E5C137765213}\841627279637F545F6C626562747 : DhcpNameServer = 10.0.1.15
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll
    BHO-X64: Norton Identity Protection - No File
    BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\IPS\IPSBHO.DLL
    BHO-X64: Norton Vulnerability Protection - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll
    mRun-x64: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
    mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
    mRun-x64: [mxomssmenu] "C:\Program Files (x86)\Maxtor\OneTouch Status\maxmenumgr.exe"
    mRun-x64: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [AmazonGSDownloaderTray] E:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
    mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [QuickTime Task] "E:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Brett Harris\AppData\Roaming\Mozilla\Firefox\Profiles\8rftvxlg.default\
    FF - prefs.js: browser.search.selectedEngine - Search the web
    FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    FF - plugin: C:\Users\Brett Harris\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - plugin: E:\Program Files (x86)\QuickTime\Plugins\npqtplugin.dll
    FF - plugin: E:\Program Files (x86)\QuickTime\Plugins\npqtplugin2.dll
    FF - plugin: E:\Program Files (x86)\QuickTime\Plugins\npqtplugin3.dll
    FF - plugin: E:\Program Files (x86)\QuickTime\Plugins\npqtplugin4.dll
    FF - plugin: E:\Program Files (x86)\QuickTime\Plugins\npqtplugin5.dll
    FF - plugin: E:\Program Files (x86)\QuickTime\Plugins\npqtplugin6.dll
    FF - plugin: E:\Program Files (x86)\QuickTime\Plugins\npqtplugin7.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    ============= SERVICES / DRIVERS ===============
    .
    R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]
    R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1302000.00A\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1302000.00A\SYMDS64.SYS [?]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1302000.00A\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1302000.00A\SYMEFA64.SYS [?]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20111114.002\BHDrvx64.sys [2011-11-14 1156216]
    R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1302000.00A\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1302000.00A\ccSetx64.sys [?]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20111122.030\IDSviA64.sys [2011-11-22 488568]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1302000.00A\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1302000.00A\Ironx64.SYS [?]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1302000.00A\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1302000.00A\SYMNETS.SYS [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 Amazon Download Agent;Amazon Download Agent;E:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2010-11-19 401920]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
    R2 DAUpdaterSvc;Dragon Age: Origins Updater;E:\Program Files (x86)\Electronic Arts\Dragon Age Ultimate\bin_ship\daupdatersvc.service.exe [2010-11-24 25832]
    R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccsvchst.exe [2011-11-13 138760]
    R2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter.exe [2010-11-17 75040]
    R2 RalinkRegistryWriter64;Ralink Registry Writer 64;C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter64.exe [2010-11-17 210720]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-17 138360]
    R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
    R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
    R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y62x64.sys --> C:\Windows\system32\DRIVERS\e1y62x64.sys [?]
    S3 HtcUsbMdmV64;HTC Proprietary USB Driver;C:\Windows\system32\DRIVERS\HtcUsbMdmV64.sys --> C:\Windows\system32\DRIVERS\HtcUsbMdmV64.sys [?]
    S3 HtcVCom32;HTC Diagnostic Port;C:\Windows\system32\DRIVERS\HtcVComV64.sys --> C:\Windows\system32\DRIVERS\HtcVComV64.sys [?]
    S3 LGDDCDevice;LGDDCDevice;C:\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys [2010-11-18 14336]
    S3 LGII2CDevice;LGII2CDevice;C:\Program Files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys [2010-11-18 18432]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-5-25 43032]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2011-11-23 21:38:41 -------- d-----w- C:\_OTM
    2011-11-23 21:37:25 442 ----a-w- C:\FixitRegBackup.reg
    2011-11-23 06:49:53 -------- d-----w- C:\Users\Brett Harris\AppData\Local\AOL
    2011-11-22 01:25:06 -------- d-----w- C:\Users\Brett Harris\AppData\Roaming\Malwarebytes
    2011-11-22 01:24:42 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-11-22 01:24:40 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-11-22 01:24:40 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-11-18 17:44:22 -------- d-----w- C:\Users\Brett Harris\AppData\Roaming\Systweak
    2011-11-18 17:44:20 18816 ----a-w- C:\Windows\System32\roboot64.exe
    2011-11-13 18:24:36 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
    2011-11-13 18:20:00 729720 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\srtsp64.sys
    2011-11-13 18:20:00 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1302000.00A\symds64.sys
    2011-11-13 18:20:00 401016 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\symnets.sys
    2011-11-13 18:20:00 37496 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\srtspx64.sys
    2011-11-13 18:20:00 189560 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\ironx64.sys
    2011-11-13 18:20:00 167048 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\ccsetx64.sys
    2011-11-13 18:20:00 1084024 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\symefa64.sys
    2011-11-13 18:19:56 -------- d-----w- C:\Windows\System32\drivers\NISx64\1302000.00A
    2011-11-13 18:18:22 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
    2011-11-13 18:18:22 -------- d-----w- C:\Program Files\Symantec
    2011-11-13 18:18:22 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
    2011-11-13 18:18:03 -------- d-----w- C:\Windows\System32\drivers\NISx64
    2011-11-13 18:18:02 -------- d-----w- C:\Program Files (x86)\Norton Internet Security
    2011-11-13 18:18:01 -------- d-----w- C:\ProgramData\Norton
    2011-11-13 18:17:16 -------- d-----w- C:\ProgramData\NortonInstaller
    2011-11-13 18:17:16 -------- d-----w- C:\Program Files (x86)\NortonInstaller
    2011-11-09 14:57:42 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
    2011-11-09 14:57:42 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
    2011-11-09 14:57:41 3141120 ----a-w- C:\Windows\System32\win32k.sys
    2011-11-09 14:57:41 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2011-11-07 22:35:24 -------- d-----w- C:\Users\Brett Harris\AppData\Local\{796209AC-C401-42D3-9417-B63E8281A653}
    2011-11-07 22:35:03 -------- d-----w- C:\Users\Brett Harris\AppData\Local\{9EA32EA1-4E37-4FDA-9A14-A95090B56E5A}
    2011-10-28 05:38:55 -------- d-----w- C:\Users\Brett Harris\AppData\Local\{D2CED57B-8CD8-44BD-B9E2-C3E6E29A63AD}
    2011-10-28 05:38:32 -------- d-----w- C:\Users\Brett Harris\AppData\Local\{6CBC4671-0367-49F1-8F55-83510D063BAF}
    2011-10-28 05:21:21 -------- d-----w- C:\Users\Brett Harris\AppData\Local\{1A323A03-ED8A-4E86-AE22-6482C3EF3C58}
    2011-10-28 05:20:57 -------- d-----w- C:\Users\Brett Harris\AppData\Local\{E53F5482-8849-47AD-8238-095E5693FC8D}
    2011-10-26 07:15:03 6144 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
    2011-10-26 07:15:02 6144 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
    .
    ==================== Find3M ====================
    .
    2011-11-13 02:50:13 58696 ----a-w- C:\Windows\SysWow64\AOLParconLink.exe
    2011-10-28 05:23:16 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-08-27 05:40:28 861184 ----a-w- C:\Windows\System32\oleaut32.dll
    2011-08-27 05:40:28 331776 ----a-w- C:\Windows\System32\oleacc.dll
    2011-08-27 04:43:07 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
    2011-08-27 04:43:06 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
    .
    ============= FINISH: 16:46:11.78 ===============
     

    Attached Files:

  11. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    The following is the setting for the start page shown by Internet Explorer, do you know what it is did you set this up

    uStart Page = https://ts.air.org/Default.htm
     
  12. bvharris

    bvharris Thread Starter

    Joined:
    Nov 23, 2011
    Messages:
    9
    It's the login page for the terminal services program to remote into my work PC. I pretty much only use IE for that and to connect to my wireless router's admin gateway. Firefox is my primary browser.
     
  13. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Ok, never seen that start page before. Not seeing a great deal wrong up to now. OK do the following please:

    Step 1

    Download aswMBR from Here

    • Save aswMBR.exe to your Desktop
    • Double click aswMBR.exe to run it
    • Click the Scan button to start the scan as illustrated below

      [​IMG]

      Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives
    • Once the scan finishes click Save log to save the log to your Desktop.

      [​IMG]
    • Copy and paste the contents of aswMBR.txt back here for review
    • You will also notice another file created on the desktop named MBR.dat. Right-click that file and select Send To and then Compressed (zipped) file. Attach that zipped file to your next reply as well.

    Step 2

    Download [​IMG] OTL from any of the following links and save to your Desktop:

    Link 1
    Link 2
    Link 3
    Link 4
    • Double click on the icon [​IMG] to run it, Vista or Windows 7 users right click and select Run as Administartor. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top, make sure Stadard output is selected.
    • Select Scan all users
    • Under the Extra Registry section, check Use SafeList
    • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
    • Under the Custom Scan box paste this in:

      Code:
      [B]netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      explorer.exe
      winlogon.exe
      Userinit.exe
      svchost.exe
      /md5stop
      %systemroot%\*. /mp /s
      hklm\software\clients\startmenuinternet|command /rs
      hklm\software\clients\startmenuinternet|command /64 /rs
      CREATERESTOREPOINT
      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs[/B]
      
    • Click the [​IMG] button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your reply

    Let me see the following in your reply :-
    • aswMBR log
    • OTL scan log
    • Extras log
    • Attach the MBR.zip file
     
  14. bvharris

    bvharris Thread Starter

    Joined:
    Nov 23, 2011
    Messages:
    9
    Here you go:


    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-11-23 18:03:18
    -----------------------------
    18:03:18.104 OS Version: Windows x64 6.1.7600
    18:03:18.104 Number of processors: 8 586 0x1A05
    18:03:18.104 ComputerName: BRETTHARRIS-PC UserName: Brett Harris
    18:03:18.361 Initialize success
    18:03:38.919 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    18:03:38.921 Disk 0 Vendor: SAMSUNG_HD502HJ 1AJ10001 Size: 476940MB BusType: 3
    18:03:38.924 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Scsi\mv91xx1Port5Path0Target0Lun0
    18:03:38.926 Disk 1 Vendor: C300-CTF 0002 Size: 61057MB BusType: 11
    18:03:38.929 Device \Driver\mv91xx -> DriverStartIo SCSIPORT.SYS fffff88000c04bc0
    18:03:40.932 Disk 1 MBR read successfully
    18:03:40.935 Disk 1 MBR scan
    18:03:40.938 Disk 1 Windows 7 default MBR code
    18:03:40.942 Service scanning
    18:03:42.542 Modules scanning
    18:03:42.546 Disk 1 trace - called modules:
    18:03:42.552 ntoskrnl.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll mv91xx.sys
    18:03:42.556 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8006b50060]
    18:03:42.560 3 CLASSPNP.SYS[fffff88001b9543f] -> nt!IofCallDriver -> \Device\Scsi\mv91xx1Port5Path0Target0Lun0[0xfffffa800632b050]
    18:03:42.890 Scan finished successfully
    18:03:48.213 Disk 1 MBR has been saved successfully to "C:\Users\Brett Harris\Desktop\MBR.dat"
    18:03:48.219 The log file has been saved successfully to "C:\Users\Brett Harris\Desktop\aswMBR.txt"


    OTL logfile created on: 11/23/2011 6:06:18 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Brett Harris\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.99 Gb Total Physical Memory | 3.94 Gb Available Physical Memory | 65.78% Memory free
    11.98 Gb Paging File | 9.74 Gb Available in Paging File | 81.33% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 59.62 Gb Total Space | 15.67 Gb Free Space | 26.27% Space Free | Partition Type: NTFS
    Drive E: | 465.76 Gb Total Space | 322.94 Gb Free Space | 69.34% Space Free | Partition Type: NTFS

    Computer Name: BRETTHARRIS-PC | User Name: Brett Harris | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/11/23 18:00:05 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Brett Harris\Desktop\OTL.exe
    PRC - [2011/11/18 12:54:46 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\firefox.exe
    PRC - [2011/11/18 12:54:45 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugin-container.exe
    PRC - [2011/10/13 09:31:58 | 002,042,088 | ---- | M] (GameStop Corp.) -- E:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe
    PRC - [2011/09/01 19:42:06 | 024,183,152 | ---- | M] (Dropbox, Inc.) -- C:\Users\Brett Harris\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2011/08/10 15:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccsvchst.exe
    PRC - [2011/05/05 09:11:36 | 004,950,664 | ---- | M] () -- E:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
    PRC - [2010/05/21 00:28:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- E:\Program Files\OpenOffice.org 3\program\soffice.bin
    PRC - [2010/05/21 00:27:58 | 011,318,784 | ---- | M] (OpenOffice.org) -- E:\Program Files\OpenOffice.org 3\program\soffice.exe
    PRC - [2010/01/22 12:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    PRC - [2009/11/06 11:58:38 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    PRC - [2009/10/26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
    PRC - [2009/10/26 13:15:56 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
    PRC - [2009/10/23 12:31:44 | 000,401,920 | ---- | M] (Amazon.com) -- E:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
    PRC - [2009/10/23 12:31:44 | 000,326,144 | ---- | M] (Amazon.com) -- E:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
    PRC - [2009/04/24 17:01:24 | 001,683,456 | ---- | M] () -- C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe
    PRC - [2009/03/30 17:13:52 | 001,828,128 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Ralink\Common\RaUI.exe
    PRC - [2008/09/05 10:23:20 | 000,075,040 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter.exe
    PRC - [2008/04/17 03:33:14 | 000,181,544 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe
    PRC - [2008/04/17 03:31:54 | 000,169,256 | ---- | M] (Maxtor Corporation) -- C:\Program Files (x86)\Maxtor\OneTouch Status\MaxMenuMgr.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/11/18 12:54:46 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\mozjs.dll
    MOD - [2011/10/28 00:23:15 | 008,522,400 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    MOD - [2011/05/05 09:11:36 | 004,950,664 | ---- | M] () -- E:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
    MOD - [2011/05/05 09:11:12 | 000,100,352 | ---- | M] () -- E:\Program Files\Verizon V CAST Media Manager\avutil-50.dll
    MOD - [2011/05/05 09:11:10 | 000,684,032 | ---- | M] () -- E:\Program Files\Verizon V CAST Media Manager\libexpat.dll
    MOD - [2011/05/05 09:11:10 | 000,466,975 | ---- | M] () -- E:\Program Files\Verizon V CAST Media Manager\sqlite3.dll
    MOD - [2011/03/15 06:13:46 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2010/05/04 15:36:28 | 000,970,752 | ---- | M] () -- E:\Program Files\OpenOffice.org 3\program\libxml2.dll
    MOD - [2010/03/24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    MOD - [2010/03/19 10:45:36 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
    MOD - [2010/03/19 10:45:36 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
    MOD - [2010/03/19 10:45:36 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
    MOD - [2009/10/23 12:31:44 | 000,038,912 | ---- | M] () -- E:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\utility.dll
    MOD - [2009/06/27 10:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
    MOD - [2009/04/24 17:01:24 | 001,683,456 | ---- | M] () -- C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe
    MOD - [2009/04/24 16:03:28 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\LG Soft India\forteManager\bin\MonitorEngRes.dll
    MOD - [2009/04/24 16:03:22 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\LG Soft India\forteManager\bin\ApplicationManager.dll
    MOD - [2009/04/24 16:03:14 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\LG Soft India\forteManager\bin\ACRHook.dll
    MOD - [2009/04/24 16:03:14 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\LG Soft India\forteManager\bin\ProtocolEngine.dll
    MOD - [2009/04/24 16:03:12 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\LG Soft India\forteManager\bin\DeviceManager.dll
    MOD - [2009/04/24 16:03:10 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\LG Soft India\forteManager\bin\ErrorHandler.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2010/10/27 02:51:38 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2011/11/12 21:13:32 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2011/08/10 15:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe -- (NIS)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/12/15 13:07:17 | 000,025,832 | ---- | M] (BioWare) [Auto | Running] -- E:\Program Files (x86)\Electronic Arts\Dragon Age Ultimate\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
    SRV - [2009/11/06 11:58:38 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
    SRV - [2009/10/26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
    SRV - [2009/10/23 12:31:44 | 000,401,920 | ---- | M] (Amazon.com) [Auto | Running] -- E:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/09/05 10:23:56 | 000,210,720 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter64.exe -- (RalinkRegistryWriter64)
    SRV - [2008/09/05 10:23:20 | 000,075,040 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter)
    SRV - [2008/04/17 03:33:14 | 000,181,544 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/11/13 13:18:22 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
    DRV:64bit: - [2011/09/26 19:38:11 | 001,084,024 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symefa64.sys -- (SymEFA)
    DRV:64bit: - [2011/08/08 18:38:05 | 000,167,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ccsetx64.sys -- (ccSet_NIS)
    DRV:64bit: - [2011/08/02 21:22:10 | 000,729,720 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtsp64.sys -- (SRTSP)
    DRV:64bit: - [2011/08/02 21:22:10 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV:64bit: - [2011/07/25 21:18:39 | 000,401,016 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symnets.sys -- (SymNetS)
    DRV:64bit: - [2011/07/25 21:18:35 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symds64.sys -- (SymDS)
    DRV:64bit: - [2011/07/25 21:15:52 | 000,189,560 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ironx64.sys -- (SymIRON)
    DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/10/27 04:00:16 | 008,012,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2010/10/27 02:14:24 | 000,287,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2010/08/16 05:42:00 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2010/04/07 03:04:00 | 000,290,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress) Intel(R)
    DRV:64bit: - [2010/03/08 13:08:36 | 000,121,800 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HtcVComV64.sys -- (HtcVCom32)
    DRV:64bit: - [2010/03/08 13:03:54 | 000,121,800 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HtcUsbMdmV64.sys -- (HtcUsbMdmV64)
    DRV:64bit: - [2010/01/22 12:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
    DRV:64bit: - [2010/01/22 12:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
    DRV:64bit: - [2009/12/25 02:05:40 | 000,297,512 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
    DRV:64bit: - [2009/10/29 03:14:38 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
    DRV:64bit: - [2009/07/15 22:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/19 07:56:08 | 000,712,704 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2011/11/23 17:03:59 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20111123.003\ex64.sys -- (NAVEX15)
    DRV - [2011/11/23 17:03:59 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20111123.003\eng64.sys -- (NAVENG)
    DRV - [2011/11/17 02:55:04 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2011/11/14 14:28:01 | 001,156,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20111114.002\BHDrvx64.sys -- (BHDrvx64)
    DRV - [2011/11/13 13:20:07 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
    DRV - [2011/11/11 16:47:24 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20111122.030\IDSviA64.sys -- (IDSVia64)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/05/25 15:43:58 | 000,043,032 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\SMSIVZAM5X64.sys -- (SMSIVZAM5X64)
    DRV - [2009/04/24 16:03:10 | 000,018,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys -- (LGII2CDevice)
    DRV - [2009/04/24 16:03:10 | 000,014,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys -- (LGDDCDevice)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-47448684-2351438465-426522871-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://ts.air.org/Default.htm
    IE - HKU\S-1-5-21-47448684-2351438465-426522871-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    IE - HKU\S-1-5-21-47448684-2351438465-426522871-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-47448684-2351438465-426522871-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1D 55 D2 5D A3 8E CB 01 [binary data]
    IE - HKU\S-1-5-21-47448684-2351438465-426522871-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
    IE - HKU\S-1-5-21-47448684-2351438465-426522871-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Search the web"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: [email protected]:2.1.0
    FF - prefs.js..extensions.enabledItems: [email protected]:1.0.6


    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Brett Harris\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2011/11/13 13:22:15 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2011/11/23 16:40:41 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/22 15:02:00 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/22 15:02:00 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\components [2011/11/18 12:54:46 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins

    [2010/11/17 18:29:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brett Harris\AppData\Roaming\Mozilla\Extensions
    [2011/10/31 18:40:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brett Harris\AppData\Roaming\Mozilla\Firefox\Profiles\8rftvxlg.default\extensions
    [2010/11/18 22:51:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2010/11/18 19:55:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/11/18 22:51:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    () (No name found) -- C:\USERS\BRETT HARRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8RFTVXLG.DEFAULT\EXTENSIONS\[email protected]
    [2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ips\ipsbho.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation)
    O3 - HKU\S-1-5-21-47448684-2351438465-426522871-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AmazonGSDownloaderTray] E:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
    O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
    O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
    O4 - HKLM..\Run: [mxomssmenu] C:\Program Files (x86)\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
    O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-47448684-2351438465-426522871-1000..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
    O4 - HKU\S-1-5-21-47448684-2351438465-426522871-1000..\Run: [EPSON NX410 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFCA.EXE /FU "C:\Windows\TEMP\E_S9114.tmp" /EF "HKCU" File not found
    O4 - HKU\S-1-5-21-47448684-2351438465-426522871-1000..\Run: [HLBackupScheduler] e:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe ()
    O4 - HKU\S-1-5-21-47448684-2351438465-426522871-1000..\Run: [Steam] E:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - Startup: C:\Users\Brett Harris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Brett Harris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O4 - Startup: C:\Users\Brett Harris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Impulse Now.lnk = E:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe (GameStop Corp.)
    O4 - Startup: C:\Users\Brett Harris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = E:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-47448684-2351438465-426522871-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{206C268F-E473-4A87-AEDC-8D43A43B0C7D}: DhcpNameServer = 10.0.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBB3C2FC-1F52-44A8-B8DF-E5C137765213}: DhcpNameServer = 10.0.1.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKU\S-1-5-21-47448684-2351438465-426522871-1000 Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{330360ed-16b7-11e0-b79c-20cf30543827}\Shell - "" = AutoRun
    O33 - MountPoints2\{330360ed-16b7-11e0-b79c-20cf30543827}\Shell\AutoRun\command - "" = F:\TL-Bootstrap.exe
    O33 - MountPoints2\{4770ac5e-f2aa-11df-9c03-20cf30543827}\Shell - "" = AutoRun
    O33 - MountPoints2\{4770ac5e-f2aa-11df-9c03-20cf30543827}\Shell\AutoRun\command - "" = F:\launcher.exe
    O33 - MountPoints2\{cd043b33-a2e9-11e0-89e8-00038a000015}\Shell - "" = AutoRun
    O33 - MountPoints2\{cd043b33-a2e9-11e0-89e8-00038a000015}\Shell\AutoRun\command - "" = F:\TL-Bootstrap.exe
    O33 - MountPoints2\{ea1f224d-814d-11e0-bd5e-00038a000015}\Shell - "" = AutoRun
    O33 - MountPoints2\{ea1f224d-814d-11e0-bd5e-00038a000015}\Shell\AutoRun\command - "" = F:\TL-Bootstrap.exe
    O33 - MountPoints2\{ea1f2490-814d-11e0-bd5e-00038a000015}\Shell - "" = AutoRun
    O33 - MountPoints2\{ea1f2490-814d-11e0-bd5e-00038a000015}\Shell\AutoRun\command - "" = F:\TL-Bootstrap.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/11/23 18:01:57 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Brett Harris\Desktop\aswMBR.exe
    [2011/11/23 18:00:22 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Brett Harris\Desktop\OTL.exe
    [2011/11/23 16:38:41 | 000,000,000 | ---D | C] -- C:\_OTM
    [2011/11/23 16:38:01 | 000,523,264 | ---- | C] (OldTimer Tools) -- C:\Users\Brett Harris\Desktop\OTM.exe
    [2011/11/23 01:49:53 | 000,000,000 | ---D | C] -- C:\Users\Brett Harris\AppData\Local\AOL
    [2011/11/23 01:39:39 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Brett Harris\Desktop\dds.com
    [2011/11/23 01:37:56 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Brett Harris\Desktop\HijackThis.exe
    [2011/11/21 20:25:06 | 000,000,000 | ---D | C] -- C:\Users\Brett Harris\AppData\Roaming\Malwarebytes
    [2011/11/21 20:24:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/11/21 20:24:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/11/21 20:24:40 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2011/11/21 20:24:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2011/11/18 12:44:22 | 000,000,000 | ---D | C] -- C:\Users\Brett Harris\AppData\Roaming\Systweak
    [2011/11/18 12:44:20 | 000,018,816 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
    [2011/11/13 13:24:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
    [2011/11/13 13:20:00 | 001,084,024 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symefa64.sys
    [2011/11/13 13:20:00 | 000,729,720 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtsp64.sys
    [2011/11/13 13:20:00 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symds64.sys
    [2011/11/13 13:20:00 | 000,401,016 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symnets.sys
    [2011/11/13 13:20:00 | 000,189,560 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ironx64.sys
    [2011/11/13 13:20:00 | 000,167,048 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ccsetx64.sys
    [2011/11/13 13:20:00 | 000,037,496 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtspx64.sys
    [2011/11/13 13:19:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A
    [2011/11/13 13:18:45 | 000,000,000 | ---D | C] -- C:\Users\Brett Harris\Documents\Symantec
    [2011/11/13 13:18:22 | 000,174,200 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
    [2011/11/13 13:18:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
    [2011/11/13 13:18:22 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
    [2011/11/13 13:18:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64
    [2011/11/13 13:18:02 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
    [2011/11/13 13:18:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
    [2011/11/13 13:18:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
    [2011/11/13 13:17:16 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
    [2011/11/13 13:17:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
    [2011/11/07 17:35:24 | 000,000,000 | ---D | C] -- C:\Users\Brett Harris\AppData\Local\{796209AC-C401-42D3-9417-B63E8281A653}
    [2011/11/07 17:35:03 | 000,000,000 | ---D | C] -- C:\Users\Brett Harris\AppData\Local\{9EA32EA1-4E37-4FDA-9A14-A95090B56E5A}
    [2011/10/28 00:38:55 | 000,000,000 | ---D | C] -- C:\Users\Brett Harris\AppData\Local\{D2CED57B-8CD8-44BD-B9E2-C3E6E29A63AD}
    [2011/10/28 00:38:32 | 000,000,000 | ---D | C] -- C:\Users\Brett Harris\AppData\Local\{6CBC4671-0367-49F1-8F55-83510D063BAF}
    [2011/10/28 00:21:21 | 000,000,000 | ---D | C] -- C:\Users\Brett Harris\AppData\Local\{1A323A03-ED8A-4E86-AE22-6482C3EF3C58}
    [2011/10/28 00:20:57 | 000,000,000 | ---D | C] -- C:\Users\Brett Harris\AppData\Local\{E53F5482-8849-47AD-8238-095E5693FC8D}
    [2011/10/25 20:05:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed

    ========== Files - Modified Within 30 Days ==========

    [2011/11/23 18:05:05 | 000,000,143 | ---- | M] () -- C:\Users\Brett Harris\AppData\Roaming\default.rss
    [2011/11/23 18:04:44 | 000,000,543 | ---- | M] () -- C:\Users\Brett Harris\Desktop\MBR.zip
    [2011/11/23 18:03:48 | 000,000,512 | ---- | M] () -- C:\Users\Brett Harris\Desktop\MBR.dat
    [2011/11/23 18:02:59 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Brett Harris\Desktop\aswMBR.exe
    [2011/11/23 18:00:05 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Brett Harris\Desktop\OTL.exe
    [2011/11/23 16:47:12 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/11/23 16:47:12 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/11/23 16:44:40 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/11/23 16:44:40 | 000,660,280 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/11/23 16:44:40 | 000,121,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/11/23 16:40:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/11/23 16:40:06 | 529,879,039 | -HS- | M] () -- C:\hiberfil.sys
    [2011/11/23 16:37:53 | 000,523,264 | ---- | M] (OldTimer Tools) -- C:\Users\Brett Harris\Desktop\OTM.exe
    [2011/11/23 16:37:25 | 000,000,442 | ---- | M] () -- C:\FixitRegBackup.reg
    [2011/11/23 16:36:43 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2011/11/23 01:46:46 | 000,000,006 | ---- | M] () -- C:\Windows\msoffice.ini
    [2011/11/23 01:39:39 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Brett Harris\Desktop\dds.com
    [2011/11/23 01:37:46 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Brett Harris\Desktop\HijackThis.exe
    [2011/11/21 20:24:42 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/11/14 11:03:30 | 000,205,093 | ---- | M] () -- C:\Users\Brett Harris\Documents\Romance_Of_The_Three_Kingdoms_Xi_NTSC_Custom-cdcovers_cc-front.jpg
    [2011/11/13 13:22:11 | 000,002,510 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
    [2011/11/13 13:22:05 | 001,840,943 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\Cat.DB
    [2011/11/13 13:20:08 | 000,004,782 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\VT20111023.023
    [2011/11/13 13:18:22 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
    [2011/11/13 13:18:22 | 000,007,530 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
    [2011/11/13 13:18:22 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
    [2011/11/12 22:36:14 | 000,003,616 | -H-- | M] () -- C:\IPH.PH
    [2011/11/12 21:50:13 | 000,058,696 | ---- | M] (AOL Inc.) -- C:\Windows\SysWow64\AOLParconLink.exe
    [2011/11/10 03:18:00 | 000,433,096 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2011/11/03 19:43:43 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\isolate.ini
    [2011/11/02 19:08:48 | 000,007,502 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symefa64.cat
    [2011/10/28 00:23:16 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

    ========== Files Created - No Company Name ==========

    [2011/11/23 18:04:44 | 000,000,543 | ---- | C] () -- C:\Users\Brett Harris\Desktop\MBR.zip
    [2011/11/23 18:03:48 | 000,000,512 | ---- | C] () -- C:\Users\Brett Harris\Desktop\MBR.dat
    [2011/11/23 16:37:25 | 000,000,442 | ---- | C] () -- C:\FixitRegBackup.reg
    [2011/11/21 20:24:42 | 000,001,114 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/11/14 11:03:29 | 000,205,093 | ---- | C] () -- C:\Users\Brett Harris\Documents\Romance_Of_The_Three_Kingdoms_Xi_NTSC_Custom-cdcovers_cc-front.jpg
    [2011/11/13 13:21:59 | 001,840,943 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\Cat.DB
    [2011/11/13 13:20:24 | 000,004,782 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\VT20111023.023
    [2011/11/13 13:20:00 | 000,007,510 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ccsetx64.cat
    [2011/11/13 13:20:00 | 000,007,504 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtspx64.cat
    [2011/11/13 13:20:00 | 000,007,502 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symefa64.cat
    [2011/11/13 13:20:00 | 000,007,500 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtsp64.cat
    [2011/11/13 13:20:00 | 000,007,496 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symds64.cat
    [2011/11/13 13:20:00 | 000,007,492 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\iron.cat
    [2011/11/13 13:20:00 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symnet64.cat
    [2011/11/13 13:20:00 | 000,003,433 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symefa.inf
    [2011/11/13 13:20:00 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symds.inf
    [2011/11/13 13:20:00 | 000,001,440 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symnet.inf
    [2011/11/13 13:20:00 | 000,001,438 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtsp64.inf
    [2011/11/13 13:20:00 | 000,001,420 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtspx64.inf
    [2011/11/13 13:20:00 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ccsetx64.inf
    [2011/11/13 13:20:00 | 000,000,772 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\iron.inf
    [2011/11/13 13:19:56 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\isolate.ini
    [2011/11/13 13:18:22 | 000,007,530 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
    [2011/11/13 13:18:22 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
    [2011/11/13 13:18:21 | 000,002,510 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
    [2011/11/12 21:41:18 | 000,000,006 | ---- | C] () -- C:\Windows\msoffice.ini
    [2011/06/29 22:49:21 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
    [2011/06/29 22:49:21 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
    [2011/06/29 22:49:21 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
    [2011/06/29 22:49:21 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
    [2011/06/29 22:49:21 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
    [2011/06/29 22:49:21 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
    [2011/06/29 22:49:21 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
    [2011/06/29 22:49:21 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
    [2011/06/29 22:49:21 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
    [2011/06/29 22:49:21 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
    [2011/06/29 22:49:21 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
    [2011/06/29 22:49:21 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
    [2011/06/29 22:49:21 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
    [2011/06/29 22:49:21 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
    [2011/06/29 22:49:21 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
    [2011/06/29 22:49:21 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
    [2011/05/22 15:07:51 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2011/02/12 15:37:59 | 000,000,143 | ---- | C] () -- C:\Users\Brett Harris\AppData\Roaming\default.rss
    [2011/01/27 16:33:01 | 000,776,490 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/01/14 18:44:00 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
    [2010/11/17 18:28:17 | 000,013,650 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
    [2010/11/17 18:01:04 | 000,037,035 | ---- | C] () -- C:\Windows\Ascd_log.ini
    [2010/11/17 18:00:26 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
    [2010/11/17 18:00:22 | 000,026,791 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
    [2010/11/17 17:58:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2010/09/17 18:17:02 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
    [2009/04/02 07:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
    [2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
    [2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

    ========== LOP Check ==========

    [2011/02/04 22:57:42 | 000,000,000 | ---D | M] -- C:\Users\Brett Harris\AppData\Roaming\acccore
    [2011/08/16 15:53:54 | 000,000,000 | ---D | M] -- C:\Users\Brett Harris\AppData\Roaming\Amazon
    [2011/10/28 00:21:36 | 000,000,000 | ---D | M] -- C:\Users\Brett Harris\AppData\Roaming\c1ibD3onGaHsJfL
    [2011/10/23 09:11:41 | 000,000,000 | ---D | M] -- C:\Users\Brett Harris\AppData\Roaming\CONtxA0uc2b3n4Q
    [2011/11/23 16:40:55 | 000,000,000 | ---D | M] -- C:\Users\Brett Harris\AppData\Roaming\Dropbox
    [2011/08/18 07:31:35 | 000,000,000 | ---D | M] -- C:\Users\Brett Harris\AppData\Roaming\EPSON
    [2011/06/16 19:59:55 | 000,000,000 | ---D | M] -- C:\Users\Brett Harris\AppData\Roaming\gtk-2.0
    [2011/10/23 09:12:04 | 000,000,000 | ---D | M] -- C:\Users\Brett Harris\AppData\Roaming\H9hYXwjUVlBzNc1
    [2011/10/23 09:08:40 | 000,000,000 | ---D | M] -- C:\Users\Brett Harris\AppData\Roaming\k11uvSSobFpGaJd
    [2011/10/23 09:08:40 | 000,000,000 | ---D | M] -- C:\Users\Brett Harris\AppData\Roaming\lUCeeIIrzPNx
    [2010/11/18 20:01:39 | 000,000,000 | ---D | M] -- C:\Users\Brett Harris\AppData\Roaming\Notepad++
    [2010/11/18 20:05:01 | 000,000,000 | ---D | M] -- C:\Users\Brett Harris\AppData\Roaming\OpenOffice.org
    [2011/10/23 09:11:59 | 000,000,000 | ---D | M] -- C:\Users\Brett Harris\AppData\Roaming\OVelIBtzPyAuDoF
    [2011/10/23 09:11:37 | 000,000,000 | ---D | M] -- C:\Users\Brett Harris\AppData\Roaming\RIVrlONtx0c
    [2010/11/27 13:17:43 | 000,000,000 | ---D | M] -- C:\Users\Brett Harris\AppData\Roaming\runic games
    [2010/11/24 18:02:56 | 000,000,000 | ---D | M] -- C:\Users\Brett Harris\AppData\Roaming\Stardock
    [2011/11/18 12:51:05 | 000,000,000 | ---D | M] -- C:\Users\Brett Harris\AppData\Roaming\Systweak
    [2011/10/23 09:11:51 | 000,000,000 | ---D | M] -- C:\Users\Brett Harris\AppData\Roaming\tL9gTZqjYwIrO
    [2011/10/23 09:11:49 | 000,000,000 | ---D | M] -- C:\Users\Brett Harris\AppData\Roaming\UdEK8gRZ9Yw
    [2011/10/23 09:08:32 | 000,000,000 | ---D | M] -- C:\Users\Brett Harris\AppData\Roaming\UH6sWK7fE9TqYw
    [2011/10/23 09:11:56 | 000,000,000 | ---D | M] -- C:\Users\Brett Harris\AppData\Roaming\UQH6dWK7fLg
    [2011/10/23 09:12:07 | 000,000,000 | ---D | M] -- C:\Users\Brett Harris\AppData\Roaming\wNtxP0ucSiDoG
    [2011/10/23 09:08:36 | 000,000,000 | ---D | M] -- C:\Users\Brett Harris\AppData\Roaming\xGG5aQQ6dW8fLhX
    [2011/10/23 09:11:44 | 000,000,000 | ---D | M] -- C:\Users\Brett Harris\AppData\Roaming\XvD2obF4pG
    [2009/07/14 00:08:49 | 000,032,750 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >


    < MD5 for: EXPLORER.EXE >
    [2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
    [2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
    [2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
    [2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
    [2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
    [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
    [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
    [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
    [2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
    [2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
    [2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
    [2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
    [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
    [2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
    [2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
    [2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
    [2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
    [2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
    [2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
    [2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
    [2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
    [2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

    < MD5 for: SVCHOST.EXE >
    [2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
    [2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
    [2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
    [2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

    < MD5 for: USERINIT.EXE >
    [2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
    [2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
    [2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
    [2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
    [2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
    [2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
    [2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
    [2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
    [2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
    [2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

    < %systemroot%\*. /mp /s >

    < hklm\software\clients\startmenuinternet|command /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\uninstall\helper.exe" /HideShortcuts [2011/11/18 12:54:45 | 000,713,560 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\uninstall\helper.exe" /ShowShortcuts [2011/11/18 12:54:45 | 000,713,560 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/18 12:54:45 | 000,713,560 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\firefox.exe [2011/11/18 12:54:46 | 000,924,632 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\firefox.exe" -preferences [2011/11/18 12:54:46 | 000,924,632 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\firefox.exe" -safe-mode [2011/11/18 12:54:46 | 000,924,632 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 20:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 20:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 20:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/08/19 23:35:15 | 000,673,024 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011/08/19 23:35:15 | 000,673,024 | ---- | M] (Microsoft Corporation)

    < hklm\software\clients\startmenuinternet|command /64 /rs >
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 4.0 BETA 12\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2011/11/18 12:54:45 | 000,713,560 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 4.0 BETA 12\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2011/11/18 12:54:45 | 000,713,560 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 4.0 BETA 12\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2011/11/18 12:54:45 | 000,713,560 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 4.0 BETA 12\FIREFOX.EXE [2011/11/18 12:54:46 | 000,924,632 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 4.0 BETA 12\FIREFOX.EXE" -PREFERENCES [2011/11/18 12:54:46 | 000,924,632 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 4.0 BETA 12\FIREFOX.EXE" -SAFE-MODE [2011/11/18 12:54:46 | 000,924,632 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/13 20:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/13 20:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/13 20:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/08/19 23:35:15 | 000,673,024 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011/08/19 23:35:15 | 000,673,024 | ---- | M] (Microsoft Corporation)

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

    < End of report >



    OTL Extras logfile created on: 11/23/2011 6:06:18 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Brett Harris\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.99 Gb Total Physical Memory | 3.94 Gb Available Physical Memory | 65.78% Memory free
    11.98 Gb Paging File | 9.74 Gb Available in Paging File | 81.33% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 59.62 Gb Total Space | 15.67 Gb Free Space | 26.27% Space Free | Partition Type: NTFS
    Drive E: | 465.76 Gb Total Space | 322.94 Gb Free Space | 69.34% Space Free | Partition Type: NTFS

    Computer Name: BRETTHARRIS-PC | User Name: Brett Harris | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-47448684-2351438465-426522871-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{056E5A6F-BEF6-4094-8724-D45F0F564312}" = Microsoft SQL Server 2008 Setup Support Files
    "{0C6C4C8A-3B96-4681-90BA-0E15CDE96298}" = Microsoft SQL Server 2008 Management Studio
    "{108C8C1D-DA02-4A6C-94CD-5603F6A6FC72}" = Microsoft SQL Server 2008 Management Studio
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
    "{8DF9D3DF-6D03-A04F-217F-F2577D973DBE}" = ATI Catalyst Install Manager
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}" = Paint.NET v3.5.8
    "{AE0D971F-5430-8874-B09E-3F1C76E2F8FF}" = WMV9/VC-1 Video Playback
    "{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}" = Microsoft SQL Server 2008 Native Client
    "{CC7D4CC8-FE90-17E2-FAC6-3D14C93DCE09}" = AMD Drag and Drop Transcoding
    "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
    "{D29E5E5F-47CA-087E-DCBF-FB75171D5B2E}" = ccc-utility64
    "{D5558268-0050-4B95-AD5E-426960E1EFE1}" = Intel(R) Network Connections 15.3.68.0
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
    "EPSON NX410 Series" = EPSON NX410 Series Printer Uninstall
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
    "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
    "PROSetDX" = Intel(R) Network Connections 15.3.68.0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{01C5A10F-AD9B-405B-853A-6659841A1242}" = Microsoft SQL Server 2008 Policies
    "{02627EE5-EACA-4742-A9CC-E687631773E4}" = Nero ShowTime
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
    "{135F49F2-9071-F45A-4263-DF7D42FBF7DD}" = CCC Help English
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
    "{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
    "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
    "{304377FD-A237-476D-8F21-14B1C5C3B520}" = Dragon Age DLC Service
    "{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
    "{3744B641-61DE-417F-BCDC-9CCED4224DF8}" = LightScribe System Software
    "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
    "{3F66C4BF-4BD9-FF9C-FA9F-4579F60A33B3}" = Catalyst Control Center Graphics Previews Vista
    "{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
    "{4220E523-EDE1-449F-83F5-8267D20E1ED0}" = Maxtor Manager
    "{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4BF021F7-37A7-4086-B4F1-D5914925D18B}" = VZAccess Manager
    "{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
    "{4D44D635-6EDA-4FA5-AB9B-23CF73DA58EA}" = Nero Express OEM
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
    "{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
    "{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help
    "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    "{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
    "{64CDE8F2-3791-46F5-BAD2-72FFF5252FAB}" = Microsoft SQL Server Compact 3.5 SP1 Query Tools English
    "{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{75D84EF7-0D8C-4E70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
    "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
    "{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
    "{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
    "{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = The Sims Medieval
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
    "{A914AE85-1A36-0575-714C-BF996BDA20C7}" = ccc-core-static
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
    "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
    "{AE249BA3-2421-3996-5E9A-DF4A9F3551FC}" = Catalyst Control Center InstallProxy
    "{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
    "{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
    "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
    "{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
    "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
    "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
    "{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
    "{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
    "{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
    "{D08A5DFE-F0C2-74FC-DD56-A3B371E9344D}" = EA Shared Game Component: Activation
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D793423B-FF18-4A54-B9C9-75B3396BAAC4}" = Browser Configuration Utility
    "{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
    "{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
    "{DA6FAB8D-E87A-4E8E-A3D3-B7B9F479C725}" = forteManager
    "{DB8B49A9-7CF1-34DB-6DF2-1EC41C0FE5E1}" = Catalyst Control Center Graphics Previews Common
    "{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
    "{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
    "{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
    "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
    "{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher Enhanced Edition
    "{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
    "{fa66ce34-782c-4177-91bb-f4ef0009f95c}" = Nero 9 Essentials
    "{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "AIM_7" = AIM 7
    "Amazon Games & Software Downloader_is1" = Amazon Games & Software Downloader
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
    "com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Shared Game Component: Activation
    "Dragon Age DLC Service" = Dragon Age DLC Service
    "Dragon Age Origins - Ultimate Edition" = Dragon Age Origins - Ultimate Edition
    "EA Installer.-286143439" = EA Installer
    "EA Installer.922951512" = EA Installer
    "EADM" = EA Download Manager
    "EPSON Scanner" = EPSON Scan
    "FastStone Capture" = FastStone Capture 6.7
    "ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
    "HTC_WModemDriver" = WModem Driver Installer
    "Impulse" = Impulse
    "InstallShield_{4220E523-EDE1-449F-83F5-8267D20E1ED0}" = Maxtor Manager
    "InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
    "MagniDriver" = marvell 91xx driver
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "Master of Orion" = Master of Orion
    "Master of Orion II" = Master of Orion II
    "Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
    "Mozilla Firefox 9.0 (x86 en-US)" = Mozilla Firefox 9.0 (x86 en-US)
    "NIS" = Norton Internet Security
    "Notepad++" = Notepad++
    "Oblivion mod manager_is1" = Oblivion mod manager 1.1.12
    "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
    "SoftwareUpdUtility" = Download Updater (AOL LLC)
    "Steam App 107300" = Breath of Death VII
    "Steam App 107310" = Cthulhu Saves the World
    "Steam App 19900" = Far Cry 2
    "Steam App 22330" = The Elder Scrolls IV: Oblivion
    "Steam App 23490" = Tropico 3 - Steam Special Edition
    "Steam App 24780" = SimCity 4 Deluxe
    "Steam App 31290" = Back to the Future: Episode 1
    "Steam App 3910" = Sid Meier's Civilization III: Complete
    "Steam App 620" = Portal 2
    "Steam App 6910" = Deus Ex: Game of the Year Edition
    "Steam App 8930" = Sid Meier's Civilization V
    "Steam App 94500" = Back to the Future: Ep 2 - Get Tannen!
    "Steam App 94510" = Back to the Future: Ep 3 - Citizen Brown
    "Steam App 9900" = Star Trek Online
    "Unofficial Oblivion Patch_is1" = Unofficial Oblivion Patch v3.2.0
    "Verizon V CAST Media Manager" = Verizon V CAST Media Manager
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "VLC media player" = VLC media player 1.1.7
    "WinGimp-2.0_is1" = Gimp 2.6.2 Debug
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-47448684-2351438465-426522871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "UnityWebPlayer" = Unity Web Player

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 11/17/2011 1:30:20 AM | Computer Name = BrettHarris-PC | Source = SideBySide | ID = 16842824
    Description = Activation context generation failed for "c:\program files\microsoft
    security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
    security client\MSESysprep.dll" on line 10. The element imaging appears as a child
    of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
    this version of Windows.

    Error - 11/18/2011 2:25:35 AM | Computer Name = BrettHarris-PC | Source = SideBySide | ID = 16842824
    Description = Activation context generation failed for "c:\program files\microsoft
    security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
    security client\MSESysprep.dll" on line 10. The element imaging appears as a child
    of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
    this version of Windows.

    Error - 11/19/2011 1:30:23 AM | Computer Name = BrettHarris-PC | Source = SideBySide | ID = 16842824
    Description = Activation context generation failed for "c:\program files\microsoft
    security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
    security client\MSESysprep.dll" on line 10. The element imaging appears as a child
    of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
    this version of Windows.

    Error - 11/20/2011 1:34:29 AM | Computer Name = BrettHarris-PC | Source = SideBySide | ID = 16842824
    Description = Activation context generation failed for "c:\program files\microsoft
    security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
    security client\MSESysprep.dll" on line 10. The element imaging appears as a child
    of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
    this version of Windows.

    Error - 11/20/2011 8:00:00 PM | Computer Name = BrettHarris-PC | Source = Windows Backup | ID = 4103
    Description =

    Error - 11/21/2011 1:04:36 AM | Computer Name = BrettHarris-PC | Source = Application Hang | ID = 1002
    Description = The program waol.exe version 9.6.0.1 stopped interacting with Windows
    and was closed. To see if more information about the problem is available, check
    the problem history in the Action Center control panel. Process ID: fa0 Start Time:
    01cca7ed258be220 Termination Time: 11 Application Path: E:\Program Files (x86)\AOL
    Desktop 9.6\waol.exe Report Id:

    Error - 11/21/2011 1:48:31 AM | Computer Name = BrettHarris-PC | Source = SideBySide | ID = 16842824
    Description = Activation context generation failed for "c:\program files\microsoft
    security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
    security client\MSESysprep.dll" on line 10. The element imaging appears as a child
    of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
    this version of Windows.

    Error - 11/22/2011 1:41:41 AM | Computer Name = BrettHarris-PC | Source = SideBySide | ID = 16842824
    Description = Activation context generation failed for "c:\program files\microsoft
    security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
    security client\MSESysprep.dll" on line 10. The element imaging appears as a child
    of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
    this version of Windows.

    Error - 11/23/2011 1:30:40 AM | Computer Name = BrettHarris-PC | Source = SideBySide | ID = 16842824
    Description = Activation context generation failed for "c:\program files\microsoft
    security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
    security client\MSESysprep.dll" on line 10. The element imaging appears as a child
    of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
    this version of Windows.

    Error - 11/23/2011 5:29:13 PM | Computer Name = BrettHarris-PC | Source = Microsoft Security Client Setup | ID = 100
    Description = HRESULT:0x8004FF11 Description:Can’t install Microsoft Security Essentials
    on a computer running in safe mode. Your computer is currently running in safe
    mode. To install Security Essentials, your computer must be running in normal mode.
    Please restart your computer in normal mode, and then try to run the Security Essentials
    Setup Wizard again. Error code:0x8004FF11.

    [ System Events ]
    Error - 11/23/2011 5:29:14 PM | Computer Name = BrettHarris-PC | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 11/23/2011 5:29:14 PM | Computer Name = BrettHarris-PC | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 11/23/2011 5:29:14 PM | Computer Name = BrettHarris-PC | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 11/23/2011 5:29:14 PM | Computer Name = BrettHarris-PC | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 11/23/2011 5:29:14 PM | Computer Name = BrettHarris-PC | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 11/23/2011 5:32:03 PM | Computer Name = BrettHarris-PC | Source = DCOM | ID = 10005
    Description =

    Error - 11/23/2011 5:32:07 PM | Computer Name = BrettHarris-PC | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 11/23/2011 5:32:07 PM | Computer Name = BrettHarris-PC | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 11/23/2011 5:32:07 PM | Computer Name = BrettHarris-PC | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 11/23/2011 5:38:41 PM | Computer Name = BrettHarris-PC | Source = Service Control Manager | ID = 7034
    Description = The Amazon Download Agent service terminated unexpectedly. It has
    done this 1 time(s).


    < End of report >
     

    Attached Files:

    • MBR.zip
      File size:
      543 bytes
      Views:
      1
  15. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Re-Run [​IMG] by double left click, Vista and Widows 7 users right click and select Run as Administrator.
    • Under the [​IMG] box at the bottom, paste in the following

      Code:
      :OTL
      O18:64bit: - Protocol\Handler\livecall - No CLSID value found
      O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
      O18:64bit: - Protocol\Handler\msnim - No CLSID value found
      O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
      O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
      O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      :Files
      C:\Users\Brett Harris\AppData\Roaming\c1ibD3onGaHsJfL
      C:\Users\Brett Harris\AppData\Roaming\CONtxA0uc2b3n4Q
      C:\Users\Brett Harris\AppData\Roaming\H9hYXwjUVlBzNc1
      C:\Users\Brett Harris\AppData\Roaming\k11uvSSobFpGaJd
      C:\Users\Brett Harris\AppData\Roaming\lUCeeIIrzPNx
      C:\Users\Brett Harris\AppData\Roaming\OVelIBtzPyAuDoF
      C:\Users\Brett Harris\AppData\Roaming\RIVrlONtx0c
      C:\Users\Brett Harris\AppData\Roaming\tL9gTZqjYwIrO
      C:\Users\Brett Harris\AppData\Roaming\UdEK8gRZ9Yw
      C:\Users\Brett Harris\AppData\Roaming\UH6sWK7fE9TqYw
      C:\Users\Brett Harris\AppData\Roaming\UQH6dWK7fLg
      C:\Users\Brett Harris\AppData\Roaming\wNtxP0ucSiDoG
      C:\Users\Brett Harris\AppData\Roaming\xGG5aQQ6dW8fLhX
      C:\Users\Brett Harris\AppData\Roaming\XvD2obF4pG
      :Commands
      [purity]
      [emptytemp]
      [EMPTYFLASH]
      [CREATERESTOREPOINT]
      [Reboot]
      
    • Then click [​IMG] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post the log it produces in your next reply.

    Next,

    Run ESET Online Scan
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    • Click the [​IMG] button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on [​IMG] to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the [​IMG] icon on your desktop.
    • Check [​IMG]
    • Click the [​IMG] button.
    • Accept any security warnings from your browser.
    • Check [​IMG]
    • Leave the tick out of remove found threats
    • Push the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push [​IMG]
    • Push [​IMG], and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Push the [​IMG] button.
    • Push [​IMG]
    You can refer to this animation by neomage if needed.
    Frequently asked questions available Here Please read them before running the scan.

    Also be aware this scan can take several hours to complete depending on the size of your system.

    ESET log can be found here "C:\Program Files\ESET\EsetOnlineScanner\log.txt".

    Post those two logs....

    Kevin
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1028188

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice