Problems with IE after virus and koobface worm

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

axagirl

Thread Starter
Joined
Mar 7, 2006
Messages
145
Hello! Laptop is HP dv6000 running Vista Ultimate. My husband clicked on something on Facebook Saturday and got some Trojan Horse and Koobface worm problems. I was able to go into safe mode and run AVG, Malwearbytes, and Spybot S&D, which found and removed most of them. There were a couple that Resident Shield on AVG said "file is inaccessible" for.

Since Saturday, Internet Explorer keeps shutting down, with a pop up saying that DEP is preventing it from working. I was on it today to check things out, and all at once the Vongo logo popped up in the middle of the screen. Nothing I tried to do got it to go away until I shut down the laptop. In safe mode, I ran the AVG and Malwearbytes scans, as well as Spybot. Nothing showed up.

Tonight, IE kept repeatedly shutting down with the same DEP popup message. Resident Shield on AVG reported a tracking cookie "[email protected][2].txt. Scanned specific files with AVG, but found nothing. I removed some stuff from the temporary files that had contained one of the problems from Saturday. Am currently running Malwearbytes full scan on his laptop.

Anyone have any suggestions?
 

axagirl

Thread Starter
Joined
Mar 7, 2006
Messages
145
Am copying the log from Resident Shield on AVG. Does this mean the tracking cookie is in the Malwearbytes files? Also, in opening Mozilla Firefox instead of IE on this (my husband's laptop), it just found another tracking cookie "on opening" Firefox. Can anyone help?

"Found Tracking cookie.Trafficmp";"C:\Users\Barry and Diana\AppData\Roaming\Mozilla\Firefox\Profiles\p4y5xelg.default\cookies.txt";"";"4/21/2010, 10:36:56 PM";"file";"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
"Found Tracking cookie.Yieldmanager";"C:\Users\Barry and Diana\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt";"";"4/21/2010, 10:36:51 PM";"file";"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
"Found Tracking cookie.Questionmarket";"C:\Users\Barry and Diana\AppData\Local\Temp\Low\Cookies\[email protected][2].txt";"";"4/21/2010, 10:36:14 PM";"file";"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
"Found Tracking cookie.Atdmt";"C:\Users\Barry and Diana\AppData\Local\Temp\Low\Cookies\[email protected][1].txt";"";"4/21/2010, 10:36:14 PM";"file";"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
"Found Tracking cookie.Yieldmanager";"C:\Users\Barry and Diana\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt";"";"4/21/2010, 9:28:51 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
"Found Tracking cookie.Yieldmanager";"C:\Users\Barry and Diana\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt";"";"4/21/2010, 9:15:44 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
"Found Tracking cookie.Yieldmanager";"C:\Users\Barry and Diana\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt";"";"4/21/2010, 8:59:01 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
"Found Tracking cookie.Yieldmanager";"C:\Users\Barry and Diana\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt";"";"4/21/2010, 8:58:50 PM";"file";"C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe"
"Trojan horse Dropper.Generic2.BBN";"C:\Users\Barry and Diana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U4V7WE49\p[1].exe";"Moved to Virus Vault";"4/17/2010, 9:43:54 AM";"file";"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
"Trojan horse Proxy.AJZW";"C:\Users\Barry and Diana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8493GKJ6\ws[1].exe";"Moved to Virus Vault";"4/17/2010, 9:43:38 AM";"file";"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
"Trojan horse Generic17.AOPG";"C:\Users\Barry and Diana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1NBEUGZ9\hostsgb3[1].exe";"Moved to Virus Vault";"4/17/2010, 9:43:24 AM";"file";"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
"Virus identified Worm/Koobface.Y";"C:\Users\Barry and Diana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0970BX69\v2captcha21[1].exe";"Moved to Virus Vault";"4/17/2010, 9:43:20 AM";"file";"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
"Trojan horse FakeAlert.LF";"C:\Users\Barry and Diana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8493GKJ6\hitin[1].htm";"Object is inaccessible.";"4/17/2010, 9:42:56 AM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
"Trojan horse Dropper.Generic2.BBN";"C:\Users\Barry and Diana\AppData\Local\rdr_1271507557.exe";"Moved to Virus Vault";"4/17/2010, 9:42:56 AM";"file";"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
"Trojan horse Proxy.AJZW";"C:\Users\Barry and Diana\AppData\Local\Temp\zpskon_1271514297.exe";"Moved to Virus Vault";"4/17/2010, 8:37:42 AM";"file";"C:\Windows\bill107.exe"
"Trojan horse Generic17.AOPG";"C:\Users\Barry and Diana\AppData\Local\Temp\zpskon_1271519055.exe";"Moved to Virus Vault";"4/17/2010, 8:37:41 AM";"file";"C:\Windows\bill107.exe"
"Virus identified Worm/Koobface.Y";"C:\Users\Barry and Diana\AppData\Local\rdr_1271507860.exe";"Moved to Virus Vault";"4/17/2010, 8:37:41 AM";"file";"C:\Windows\bill107.exe"
"Trojan horse Dropper.Generic2.BBN";"C:\Users\Barry and Diana\AppData\Local\rdr_1271507557.exe";"Object is inaccessible.";"4/17/2010, 8:32:40 AM";"file";"C:\Windows\bill107.exe"
 

axagirl

Thread Starter
Joined
Mar 7, 2006
Messages
145
Here's the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:28:26 PM, on 4/22/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\vsnp2uvc.exe
C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files (x86)\MySpace\IM\MySpaceIM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Hp\QuickPlay\QPService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\AVG\AVG9\avgui.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.alot.com/web?q=&pr=au...src_id=11161&camp_id=508&tb_version=2.4.3.405
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ALOT Toolbar BHO - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files (x86)\alot\bin\alot.dll (file missing)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files (x86)\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files (x86)\alot\bin\alot.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ccApp] "c:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles(x86)%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles(x86)%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles(x86)%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files (x86)\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files (x86)\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\RunOnce: [MySpaceIMDelete] "C:\Windows\system32\CMD.exe" /q /c rmdir /q /s "C:\Program Files (x86)\MySpace\IM"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files (x86)\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files (x86)\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Vongo Tray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files (x86)\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate1ca93ebf6b8b9af) (gupdate1ca93ebf6b8b9af) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files (x86)\Norton Internet Security\isPwdSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files (x86)\Vongo\VongoService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 16780 bytes
 

axagirl

Thread Starter
Joined
Mar 7, 2006
Messages
145
Anyone out there? Just wondering if anyone has any ideas about these issues. Thanks.
 

axagirl

Thread Starter
Joined
Mar 7, 2006
Messages
145
Additional info: Windows Defender has 4 messages in its history since all this happened. It says the threat is "unknown" and that the action done was "permit." No one has permitted anything to my knowledge. One of the "resources" states:

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL

Otherwise, the computer has been working fine since the actions I took above.

Anyone know if this is something that's a problem? Thanks.
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
* Run Kaspersky online virus scan Kaspersky Online Scanner.

After the updates have downloaded, click on the "Scan Settings" button.
select the (b)"Spyware, Adware, Dialers and other potentially dangerous programs" for the scan.
Under "Please select a target to scan", click "My Computer".
When the scan is finished, Save the results from the scan!

Note: Kavscan is a scanner only & won't fix anything but will normally find the most infected files so it's report gives us a good place to work from

If that won't run then
Run an online antivirus check from one of the following sites

http://www.eset.com/online-scanner
http://www.pandasoftware.com/activescan/
http://www.bitdefender.com/scan8/ie.html
 

axagirl

Thread Starter
Joined
Mar 7, 2006
Messages
145
Thanks! Sorry this is taking so long. First the Kavscan didn't work b/c I was using Google Chrome. Then it wouldn't work b/c I didn't run Mozilla as an administrator. Then (I assume) it didn't work b/c Norton AV was also running on this laptop, so I just followed the instructions on my other thread for running Norton removal. Now I'm going to disconnect AVG and try this again!
 

axagirl

Thread Starter
Joined
Mar 7, 2006
Messages
145
Now, once again the "viruses, worms, Trojans, and rootkits" box is checked, but grayed out, and it still won't let me select that box. I'm going to try to run it while I wait for further advice.
 

axagirl

Thread Starter
Joined
Mar 7, 2006
Messages
145
The scan has run for an hour and a half, but is only 16% complete. Also, whenever I began to run the Kavscan, a message came up saying the site had an incomplete signature (at least I think that was the wording) and asked if I wanted to run it anyway.
 

axagirl

Thread Starter
Joined
Mar 7, 2006
Messages
145
OK...the scan finally finished, and it said no threats were found. Any further advice? Thanks!
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
Download OTScanIt.exe to your Desktop
  • Close any open browsers.
  • If your Real protection or Antivirus intervenes with OTScanIt, allow it to run.
  • Double-click on OTS.exe to start the program.
  • Now on the toolbar at the top select "Scan all users" then click the Run Scan button
  • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Save that notepad file
If the log is too large to post, use the Reply button, scroll down to the attachments section and attach the notepad file here.
 

axagirl

Thread Starter
Joined
Mar 7, 2006
Messages
145
OK...here's the Notepad report. I'll see if it'll copy here.

Code:
OTS logfile created on: 5/5/2010 11:58:42 AM - Run 1
OTS by OldTimer - Version 3.1.31.0     Folder = C:\Users\Barry and Diana\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 41.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 54.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 139.27 Gb Total Space | 78.96 Gb Free Space | 56.69% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 2.23 Gb Free Space | 22.83% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: BARRYANDDIANA
Current User Name: Barry and Diana
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Users\Barry and Diana\Desktop\OTS.exe -> [2010/05/05 11:57:56 | 000,640,000 | ---- | M] (OldTimer Tools)
avgtray.exe -> C:\Program Files (x86)\AVG\AVG9\avgtray.exe -> [2010/04/22 09:58:02 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.)
realsched.exe -> C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe -> [2010/03/14 19:44:23 | 000,202,256 | ---- | M] (RealNetworks, Inc.)
avgwdsvc.exe -> C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -> [2010/03/13 10:03:56 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.)
teatimer.exe -> C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe -> [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.)
onenotem.exe -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE -> [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation)
sdwinsec.exe -> C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -> [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.)
vsnp2uvc.exe -> C:\Windows\vsnp2uvc.exe -> [2008/08/01 20:10:54 | 000,675,840 | ---- | M] (Sonix)
searchprotection.exe -> C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe -> [2007/06/08 10:59:38 | 000,224,248 | ---- | M] (Yahoo! Inc.)
clsched.exe -> C:\Program Files (x86)\Hp\QuickPlay\Kernel\TV\CLSched.exe -> [2007/03/28 20:45:38 | 000,118,877 | ---- | M] ()
clcapsvc.exe -> C:\Program Files (x86)\Hp\QuickPlay\Kernel\TV\CLCapSvc.exe -> [2007/03/28 20:45:34 | 000,270,431 | ---- | M] ()
bluetoothheadsetproxy.exe -> C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe -> [2006/12/20 13:32:56 | 000,014,640 | ---- | M] (Broadcom Corporation.)
 
[Modules - Safe List]
ots.exe -> C:\Users\Barry and Diana\Desktop\OTS.exe -> [2010/05/05 11:57:56 | 000,640,000 | ---- | M] (OldTimer Tools)
rpchromebrowserrecordhelper.dll -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll -> [2010/03/14 19:46:07 | 000,040,960 | ---- | M] ()
comdlg32.dll -> C:\Windows\SysWOW64\comdlg32.dll -> [2008/01/19 03:33:58 | 000,450,048 | ---- | M] (Microsoft Corporation)
msscript.ocx -> C:\Windows\SysWOW64\msscript.ocx -> [2008/01/19 03:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation)
comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll -> [2008/01/19 03:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation)
msvcp71.dll -> C:\Windows\SysWOW64\msvcp71.dll -> [2003/03/18 20:14:52 | 000,499,712 | ---- | M] (Microsoft Corporation)
msvcr71.dll -> C:\Windows\SysWOW64\msvcr71.dll -> [2003/02/21 04:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation)
 
[Win32 Services - Safe List]
64bit-(WinDefend)  [Auto | Running] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2008/01/19 04:06:50 | 000,383,544 | ---- | M] (Microsoft Corporation)
64bit-(UmRdpService)  [On_Demand | Stopped] -> C:\Windows\SysNative\umrdp.dll -> [2008/01/19 04:04:21 | 000,252,928 | ---- | M] ()
64bit-(CscService)  [Auto | Running] -> C:\Windows\SysNative\cscsvc.dll -> [2008/01/19 04:01:11 | 000,598,016 | ---- | M] ()
64bit-(AppMgmt)  [On_Demand | Stopped] -> C:\Windows\SysNative\appmgmts.dll -> [2008/01/19 04:00:52 | 000,195,584 | ---- | M] ()
64bit-(wbengine)  [On_Demand | Stopped] -> C:\Windows\SysNative\wbengine.exe -> [2008/01/19 04:00:43 | 001,147,904 | ---- | M] ()
64bit-(Fax)  [On_Demand | Stopped] -> C:\Windows\SysNative\fxssvc.exe -> [2008/01/19 04:00:17 | 000,689,152 | ---- | M] ()
64bit-(BthServ)  [Auto | Running] -> C:\Windows\SysNative\bthserv.dll -> [2006/11/02 07:16:35 | 000,051,200 | ---- | M] ()
64bit-(XAudioService)  [Auto | Running] -> C:\Windows\SysNative\DRIVERS\xaudio64.exe -> [2006/08/05 05:48:30 | 000,410,624 | ---- | M] ()
(avg9wd) AVG Free WatchDog [Auto | Running] -> C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -> [2010/03/13 10:03:56 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.)
(SBSDWSCService) SBSD Security Center Service [Auto | Running] -> C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -> [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.)
(clr_optimization_v2.0.50727_64) Microsoft .NET Framework NGEN v2.0.50727_X64 [On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -> [2008/07/27 14:01:49 | 000,093,184 | ---- | M] (Microsoft Corporation)
(Vongo Service) Vongo Service [On_Demand | Stopped] -> C:\Program Files (x86)\Vongo\VongoService.exe -> [2007/03/29 13:59:42 | 000,176,128 | ---- | M] (Starz Entertainment Group LLC)
(CLSched) CyberLink Task Scheduler (CTS) [Auto | Running] -> C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLSched.exe -> [2007/03/28 20:45:38 | 000,118,877 | ---- | M] ()
(CLCapSvc) CyberLink Background Capture Service (CBCS) [Auto | Running] -> C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -> [2007/03/28 20:45:34 | 000,270,431 | ---- | M] ()
(MSDTC) Distributed Transaction Coordinator [Unknown | Stopped] -> C:\Windows\SysWOW64\Msdtc -> [2006/11/02 09:34:14 | 000,000,000 | ---D | M]
(vds) Virtual Disk [On_Demand | Stopped] -> C:\Windows\SysWOW64\wbem\vds.mof -> [2006/11/02 02:35:15 | 000,060,994 | ---- | M] ()
(VSS) Volume Shadow Copy [On_Demand | Stopped] -> C:\Windows\SysWOW64\wbem\vss.mof -> [2006/11/02 02:35:15 | 000,055,846 | ---- | M] ()
(IDriverT) InstallDriver Table Manager [On_Demand | Stopped] -> C:\Program Files (x86)\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> [2004/10/22 06:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation)
 
[Driver Services - Safe List]
64bit-(AvgTdiA) AVG Free Network Redirector x64 [Kernel | System | Running] -> C:\Windows\SysNative\Drivers\avgtdia.sys -> [2010/04/22 09:57:56 | 000,317,520 | ---- | M] ()
64bit-(AvgMfx64) AVG On-access Scanner Minifilter Driver x64 [File_System | System | Running] -> C:\Windows\SysNative\Drivers\avgmfx64.sys -> [2010/03/13 10:04:04 | 000,035,464 | ---- | M] ()
64bit-(AvgLdx64) AVG AVI Loader Driver x64 [Kernel | System | Running] -> C:\Windows\SysNative\Drivers\avgldx64.sys -> [2010/03/13 10:02:48 | 000,269,320 | ---- | M] ()
64bit-(SNP2UVC) USB2.0 PC Camera (SNP2UVC) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\snp2uvc.sys -> [2009/06/09 17:16:06 | 003,557,376 | ---- | M] ()
64bit-(BTHPORT) Bluetooth Port Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\BTHport.sys -> [2008/04/28 22:10:55 | 000,276,480 | ---- | M] ()
64bit-(BTHUSB) Bluetooth Radio USB Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\BTHUSB.sys -> [2008/04/28 22:10:51 | 000,034,304 | ---- | M] ()
64bit-(fvevol) BitLocker Drive Encryption Filter Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\DRIVERS\fvevol.sys -> [2008/01/19 04:10:43 | 000,161,848 | ---- | M] ()
64bit-(BthPan) Bluetooth Device (Personal Area Network) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\bthpan.sys -> [2008/01/19 02:34:19 | 000,115,712 | ---- | M] ()
64bit-(usbvideo) USB Video Device (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\usbvideo.sys -> [2008/01/19 02:34:14 | 000,168,704 | ---- | M] ()
64bit-(RFCOMM) Bluetooth Device (RFCOMM Protocol TDI) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\rfcomm.sys -> [2008/01/19 02:34:13 | 000,062,976 | ---- | M] ()
64bit-(BthEnum) Bluetooth Enumerator Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\BthEnum.sys -> [2008/01/19 02:34:13 | 000,023,040 | ---- | M] ()
64bit-(sdbus) sdbus [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\sdbus.sys -> [2008/01/19 02:02:55 | 000,111,104 | ---- | M] ()
64bit-(CmBatt) Microsoft ACPI Control Method Battery Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\CmBatt.sys -> [2008/01/19 02:02:42 | 000,017,792 | ---- | M] ()
64bit-(CSC) Offline Files Driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\csc.sys -> [2008/01/19 01:55:40 | 000,460,800 | ---- | M] ()
64bit-(HdAudAddService) Microsoft UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\CHDART64.sys -> [2007/02/22 12:25:40 | 000,189,440 | ---- | M] ()
64bit-(PxHlpa64) PxHlpa64 [Kernel | Boot | Running] -> C:\Windows\SysNative\Drivers\PxHlpa64.sys -> [2007/02/02 06:00:00 | 000,052,856 | ---- | M] ()
64bit-(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\SynTP.sys -> [2007/01/12 23:59:08 | 000,297,272 | ---- | M] ()
64bit-(BCM43XX) Broadcom 802.11 Network Adapter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\bcmwl664.sys -> [2007/01/03 11:43:12 | 000,640,512 | ---- | M] ()
64bit-(BCM43XV) Broadcom Extensible 802.11 Network Adapter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\bcmwl664.sys -> [2007/01/03 11:43:12 | 000,640,512 | ---- | M] ()
64bit-(btwavdt) Bluetooth AVDT [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\btwavdt.sys -> [2007/01/02 06:45:42 | 000,095,536 | ---- | M] ()
64bit-(btwaudio) Bluetooth Audio Device Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\btwaudio.sys -> [2007/01/02 06:45:42 | 000,086,832 | ---- | M] ()
64bit-(btwrchid) btwrchid [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\btwrchid.sys -> [2007/01/02 06:45:42 | 000,020,016 | ---- | M] ()
64bit-(eabfiltr) eabfiltr [Kernel | System | Running] -> C:\Windows\SysNative\DRIVERS\eabfiltr64.sys -> [2006/11/30 13:26:06 | 000,012,800 | ---- | M] ()
64bit-(rismxdp) Ricoh xD-Picture Card Driver [Kernel | Auto | Running] -> C:\Windows\SysNative\DRIVERS\rixdpx64.sys -> [2006/11/18 09:07:48 | 000,055,296 | ---- | M] ()
64bit-(rimmptsk) rimmptsk [Kernel | Auto | Running] -> C:\Windows\SysNative\DRIVERS\rimmpx64.sys -> [2006/11/17 13:49:52 | 000,052,224 | ---- | M] ()
64bit-(rimsptsk) rimsptsk [Kernel | Auto | Running] -> C:\Windows\SysNative\DRIVERS\rimspx64.sys -> [2006/11/15 21:59:52 | 000,053,760 | ---- | M] ()
64bit-(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -> [2006/10/18 23:33:34 | 001,513,472 | ---- | M] ()
64bit-(CAXHWAZL) CAXHWAZL [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -> [2006/10/18 23:31:12 | 000,296,448 | ---- | M] ()
64bit-(winachsf) winachsf [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -> [2006/10/18 23:30:10 | 000,731,648 | ---- | M] ()
64bit-(NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\nvm60x64.sys -> [2006/10/09 22:09:03 | 000,742,696 | ---- | M] ()
64bit-(HSFHWAZL) HSFHWAZL [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -> [2006/09/18 17:38:12 | 000,286,720 | ---- | M] ()
64bit-(XAudio) XAudio [Kernel | Auto | Running] -> C:\Windows\SysNative\DRIVERS\xaudio64.sys -> [2006/08/05 05:42:48 | 000,009,728 | ---- | M] ()
64bit-(HBtnKey) HBtnKey [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\cpqbttn64.sys -> [2006/06/28 12:40:00 | 000,012,672 | ---- | M] ()
64bit-(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -> [2006/06/20 02:27:24 | 000,017,024 | ---- | M] ()
(mpsdrv) Windows Firewall Authorization Driver [Kernel | On_Demand | Running] -> C:\Windows\SysWOW64\wbem\mpsdrv.mof -> [2007/08/14 21:44:43 | 000,001,088 | ---- | M] ()
(CSC) Offline Files Driver [Kernel | System | Running] -> C:\Windows\CSC -> [2007/04/21 08:17:15 | 000,000,000 | ---D | M]
(Tcpip) TCP/IP Protocol Driver [Kernel | Boot | Running] -> C:\Windows\SysWOW64\wbem\tcpip.mof -> [2006/09/18 17:36:40 | 000,003,066 | ---- | M] ()
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> C:\Windows\SysWOW64\mdmxsdk.dll -> [2006/06/20 02:26:50 | 000,094,208 | ---- | M] (Conexant)
(SNP2UVC) USB2.0 PC Camera (SNP2UVC) [Kernel | On_Demand | Running] -> C:\Windows\snp2uvc.ini -> [2006/05/19 15:39:58 | 000,015,497 | ---- | M] ()
 
[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.yahoo.com/ -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.yahoo.com/ -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomSearch" -> http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll [AVG Security Toolbar BHO] -> [2009/11/25 14:01:54 | 001,230,080 | ---- | M] ()
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll [AVG Security Toolbar BHO] -> [2009/11/25 14:01:54 | 001,230,080 | ---- | M] ()
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-2202879018-2374627474-3343927548-1000\] > -> -> 
HKEY_USERS\S-1-5-21-2202879018-2374627474-3343927548-1000\: Main\\"Search Page" -> http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com -> 
HKEY_USERS\S-1-5-21-2202879018-2374627474-3343927548-1000\: Main\\"Start Page" -> http://www.yahoo.com/ -> 
HKEY_USERS\S-1-5-21-2202879018-2374627474-3343927548-1000\: SearchURL\\"" -> http://search.alot.com/web?q=&pr=auto&client_id=6BB7F2E001C9D0C21CF7806D&src_id=11161&camp_id=508&tb_version=2.4.3.405 -> 
HKEY_USERS\S-1-5-21-2202879018-2374627474-3343927548-1000\: "ProxyEnable" -> 0 -> 
< FireFox Settings [Prefs.js] > -> C:\Users\Barry and Diana\AppData\Roaming\Mozilla\FireFox\Profiles\p4y5xelg.default\prefs.js -> 
browser.search.defaultenginename -> "Yahoo! Search" ->
browser.search.defaulturl -> "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" ->
browser.search.selectedEngine -> "Yahoo! Search" ->
browser.startup.homepage -> "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official" ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71} -> C:\Program Files (x86)\AVG\AVG9\Firefox [C:\PROGRAM FILES (X86)\AVG\AVG9\FIREFOX] -> [2010/04/22 11:28:28 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\[email protected] [C:\PROGRAM FILES (X86)\AVG\AVG9\TOOLBAR\FIREFOX\[email protected]] -> [2009/11/14 18:15:16 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT] -> [2010/03/14 19:46:08 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 2.0\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 2.0\extensions\\Components -> C:\Program Files (x86)\Mozilla Firefox\components [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2010/05/04 10:24:02 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 2.0\extensions\\Plugins -> C:\Program Files (x86)\Mozilla Firefox\plugins [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS] -> [2010/03/14 19:46:23 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
  -> C:\Users\Barry and Diana\AppData\Roaming\Mozilla\Firefox\Profiles\p4y5xelg.default\extensions -> [2010/05/04 10:36:14 | 000,000,000 | ---D | M]
Microsoft .NET Framework Assistant   -> C:\Users\Barry and Diana\AppData\Roaming\Mozilla\Firefox\Profiles\p4y5xelg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2009/10/29 11:06:30 | 000,000,000 | ---D | M]
Google Toolbar for Firefox   -> C:\Users\Barry and Diana\AppData\Roaming\Mozilla\Firefox\Profiles\p4y5xelg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}(74) -> [2010/04/03 13:41:39 | 000,000,000 | ---D | M]
< FireFox SearchPlugins [User Folders] > -> 
 MySpace.xml -> C:\Users\Barry and Diana\AppData\Roaming\Mozilla\Firefox\Profiles\p4y5xelg.default\searchplugins\MySpace.xml -> [2008/12/12 14:23:54 | 000,002,158 | ---- | M] ()
< FireFox Extensions [Program Folders] > -> 
  -> C:\Program Files (x86)\Mozilla Firefox\extensions -> [2010/05/04 11:32:27 | 000,000,000 | ---D | M]
Google Toolbar for Firefox   -> C:\Program Files (x86)\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} -> [2008/05/04 01:56:13 | 000,000,000 | ---D | M]
  -> C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] -> [2008/05/04 01:55:54 | 000,000,000 | ---D | M]
  -> C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] -> [2008/11/08 11:41:37 | 000,000,000 | ---D | M]
Hosts file not found -> -> 
< 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar Helper] -> [2010/02/03 00:03:29 | 000,373,872 | ---- | M] (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg64.dll [Google Toolbar Notifier BHO] -> [2010/02/03 00:10:30 | 000,319,984 | ---- | M] (Google Inc.)
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [&Yahoo! Toolbar Helper] -> [2007/09/05 17:48:58 | 000,816,400 | ---- | M] (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/23 00:08:42 | 000,062,080 | ---- | M] (Adobe Systems Incorporated)
{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} [HKLM] -> C:\Program Files (x86)\alot\bin\alot.dll [ALOT Toolbar BHO] -> File not found
{1E8A6170-7264-4D0F-BEAE-D42A53123C75} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{3049C3E9-B461-4BC5-8870-4C09146192CA} [HKLM] -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> [2010/03/14 19:46:07 | 000,341,600 | ---- | M] (RealPlayer)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files (x86)\AVG\AVG8\avgssie.dll [AVG Safe Search] -> File not found
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> C:\Program Files (x86)\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 16:33:52 | 000,198,136 | ---- | M] (Yahoo! Inc.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files (x86)\Java\jre1.6.0\bin\ssv.dll [SSVHelper Class] -> [2007/04/21 10:02:00 | 000,501,384 | ---- | M] (Sun Microsystems, Inc.)
{A3BC75A2-1F87-4686-AA43-5347D756017C} [HKLM] -> C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll [AVG Security Toolbar BHO] -> [2009/11/25 14:01:54 | 001,230,080 | ---- | M] ()
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar Helper] -> [2010/02/03 00:03:10 | 000,279,664 | ---- | M] (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [Google Toolbar Notifier BHO] -> [2010/02/03 00:10:30 | 000,812,528 | ---- | M] (Google Inc.)
< 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar] -> [2010/02/03 00:03:29 | 000,373,872 | ---- | M] (Google Inc.)
"Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/02/03 00:03:10 | 000,279,664 | ---- | M] (Google Inc.)
"{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7}" [HKLM] -> C:\Program Files (x86)\alot\bin\alot.dll [ALOT Toolbar] -> File not found
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll [AVG Security Toolbar] -> [2009/11/25 14:01:54 | 001,230,080 | ---- | M] ()
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> [2007/09/05 17:48:58 | 000,816,400 | ---- | M] (Yahoo! Inc.)
"Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2202879018-2374627474-3343927548-1000\] > -> HKEY_USERS\S-1-5-21-2202879018-2374627474-3343927548-1000\Software\Microsoft\Internet Explorer\Toolbar\ -> 
64bit-WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar] -> [2010/02/03 00:03:29 | 000,373,872 | ---- | M] (Google Inc.)
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/02/03 00:03:10 | 000,279,664 | ---- | M] (Google Inc.)
WebBrowser\\"{A057A204-BACC-4D26-9990-79A187E2698E}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"HP Health Check Scheduler" -> C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe] -> [2008/10/09 07:58:56 | 000,075,008 | ---- | M] (Hewlett-Packard)
"NvCplDaemon" -> C:\Windows\SysNative\NvCpl.DLL [RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup] -> [2007/01/14 01:40:00 | 009,797,120 | ---- | M] ()
"NvMediaCenter" -> C:\Windows\SysNative\NvMcTray.DLL [RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit] -> [2007/01/14 01:40:00 | 000,073,728 | ---- | M] ()
"NvSvc" -> C:\Windows\SysNative\nvsvc64.DLL [RUNDLL32.EXE C:\Windows\system32\nvsvc64.dll,nvsvcStart] -> [2007/01/14 01:40:00 | 000,057,344 | ---- | M] ()
"snp2uvc" -> C:\Windows\vsnp2uvc.exe [C:\Windows\vsnp2uvc.exe] -> [2008/08/01 20:10:54 | 000,675,840 | ---- | M] (Sonix)
"Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe [%ProgramFiles%\Windows Defender\MSASCui.exe -hide] -> [2008/01/19 04:07:02 | 001,584,184 | ---- | M] (Microsoft Corporation)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Adobe Reader Speed Launcher" -> C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe ["C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> [2008/10/15 02:04:34 | 000,039,792 | ---- | M] (Adobe Systems Incorporated)
"AVG9_TRAY" -> C:\Program Files (x86)\AVG\AVG9\avgtray.exe [C:\PROGRA~2\AVG\AVG9\avgtray.exe] -> [2010/04/22 09:58:02 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.)
"HP Health Check Scheduler" -> c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe] -> [2008/10/09 07:58:56 | 000,075,008 | ---- | M] (Hewlett-Packard)
"TkBellExe" -> C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe ["C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe"  -osboot] -> [2010/03/14 19:44:23 | 000,202,256 | ---- | M] (RealNetworks, Inc.)
< RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 
"Launcher" -> C:\Windows\SMINST\Launcher.exe [%WINDIR%\SMINST\launcher.exe] -> [2006/11/07 20:39:18 | 000,044,128 | ---- | M] (soft thinks)
"Malwarebytes' Anti-Malware" -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe ["C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent] -> [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation)
< Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"MySpaceIM" -> C:\Program Files (x86)\MySpace\IM\MySpaceIM.exe [C:\Program Files (x86)\MySpace\IM\MySpaceIM.exe] -> File not found
< Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"MySpaceIM" -> C:\Program Files (x86)\MySpace\IM\MySpaceIM.exe [C:\Program Files (x86)\MySpace\IM\MySpaceIM.exe] -> File not found
< Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> [2008/01/19 03:33:30 | 001,233,920 | ---- | M] (Microsoft Corporation)
"WindowsWelcomeCenter" -> C:\Windows\SysWow64\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2008/01/19 03:36:02 | 002,153,472 | ---- | M] (Microsoft Corporation)
< Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> [2008/01/19 03:33:30 | 001,233,920 | ---- | M] (Microsoft Corporation)
"WindowsWelcomeCenter" -> C:\Windows\SysWow64\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2008/01/19 03:36:02 | 002,153,472 | ---- | M] (Microsoft Corporation)
< Run [HKEY_USERS\S-1-5-21-2202879018-2374627474-3343927548-1000\] > -> HKEY_USERS\S-1-5-21-2202879018-2374627474-3343927548-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"SpybotSD TeaTimer" -> C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe] -> [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.)
"swg" -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ["C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"] -> [2009/02/21 11:03:29 | 000,039,408 | ---- | M] (Google Inc.)
"WMPNSCFG" -> C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe] -> File not found
"YSearchProtection" -> C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe [C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe] -> [2007/06/08 10:59:38 | 000,224,248 | ---- | M] (Yahoo! Inc.)
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoActiveDesktop" ->  [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" ->  [0] -> File not found
\\"EnableLUA" ->  [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< 64bit-Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{CCA281CA-C863-46ef-9331-5C8D4460577F}:C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [HKLM] -> C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [Button: @btrez.dll,-4015] -> [2006/10/26 19:28:50 | 000,005,601 | ---- | M] ()
{CCA281CA-C863-46ef-9331-5C8D4460577F}:C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [HKLM] -> C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [Menu: @btrez.dll,-12650] -> [2006/10/26 19:28:50 | 000,005,601 | ---- | M] ()
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} [HKLM] -> C:\Program Files (x86)\Java\jre1.6.0\bin\ssv.dll [Menu: Sun Java Console] -> [2007/04/21 10:02:00 | 000,501,384 | ---- | M] (Sun Microsystems, Inc.)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2009/02/26 19:45:52 | 000,603,040 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2009/02/26 19:45:52 | 000,603,040 | ---- | M] (Microsoft Corporation)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> C:\Program Files (x86)\Yahoo!\Common\yiesrvc.dll [Button: Yahoo! Services] -> [2006/10/31 16:33:52 | 000,198,136 | ---- | M] (Yahoo! Inc.)
{CCA281CA-C863-46ef-9331-5C8D4460577F}:C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [HKLM] -> C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [Button: Send To Bluetooth] -> [2006/10/26 19:28:50 | 000,005,601 | ---- | M] ()
{CCA281CA-C863-46ef-9331-5C8D4460577F}:C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [HKLM] -> C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [Menu: Send to &Bluetooth Device...] -> [2006/10/26 19:28:50 | 000,005,601 | ---- | M] ()
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7001 domain(s) found. -> 
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7001 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7001 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7001 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-2202879018-2374627474-3343927548-1000\] > -> HKEY_USERS\S-1-5-21-2202879018-2374627474-3343927548-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-2202879018-2374627474-3343927548-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7001 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2202879018-2374627474-3343927548-1000\] > -> HKEY_USERS\S-1-5-21-2202879018-2374627474-3343927548-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-2202879018-2374627474-3343927548-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} [HKLM] -> C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll [Installation Support] -> 
{49232000-16E4-426C-A231-62846947304B} [HKLM] -> https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab [SysData Class] -> 
{73ECB3AA-4717-450C-A2AB-D00DAD9EE203} [HKLM] -> http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab [GMNRev Class] -> 
{8100D56A-5661-482C-BEE8-AFECE305D968} [HKLM] -> http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab [Facebook Photo Uploader 5 Control] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab [Java Plug-in 1.6.0] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab [Reg Error: Key error.] -> 
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab [Java Plug-in 1.6.0] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab [Java Plug-in 1.6.0] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 209.18.47.61 209.18.47.62 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{A7D96788-74DB-414B-831C-B99B3DF95ECD}\\DhcpNameServer -> 209.18.47.61 209.18.47.62   (Broadcom 802.11a/b/g WLAN) -> 
IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
"MaxScriptStatements" -> Reg Error: Invalid data type.
"Use My Stylesheet" -> Reg Error: Invalid data type.
< 64bit-AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
64bit-*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
avgrssta.dll -> C:\Windows\SysNative\avgrssta.dll -> [2010/03/13 10:04:04 | 000,012,976 | ---- | M] ()
*MultiFile Done* -> -> 
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\explorer.exe -> [2008/10/29 02:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{8FA30D23-AEB0-4958-85B0-75A46499AE59} -> lport=6004 | profile=private | protocol=17 | dir=in | action=allow | name=microsoft office outlook | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{068F0BD6-7B0E-438E-9E47-2029B227F551} -> profile=public | dir=in | action=allow | name=avgupd.exe | app=c:\program files (x86)\avg\avg8\avgupd.exe | 
{185835CE-99FF-4534-A0E5-1B5E15074B8C} -> profile=private | dir=in | action=allow | name=avgnsa.exe | app=c:\program files (x86)\avg\avg9\avgnsa.exe | 
{1EF881D3-AB9C-433C-93C3-B57E7375C22B} -> profile=public | protocol=17 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
{24AEE4C8-21D8-4355-986C-C4B7E591FF10} -> dir=in | action=allow | name=quick play | app=c:\program files (x86)\hp\quickplay\qp.exe | 
{2FA44839-7685-4B26-9408-D18CEBDFE0ED} -> dir=in | action=allow | name=myspaceim | app=c:\program files (x86)\myspace\im\myspaceim.exe | 
{3ACD4DF9-A81C-4CA0-BC49-6AC02D288A75} -> profile=public | protocol=17 | dir=in | action=allow | name=yahoo! ft server | app=c:\program files (x86)\yahoo!\messenger\yserver.exe | 
{409ADC6D-BC1C-49D4-A181-0499C20B7BE9} -> profile=public | protocol=17 | dir=in | action=allow | name=yahoo! messenger | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
{61AF1129-6179-43B1-BD4E-2FF882F311BB} -> profile=public | protocol=6 | dir=in | action=allow | name=norton removal tool | app=c:\users\barry and diana\appdata\local\temp\7zsb7ca.tmp\symnrt.exe | 
{7716C6C4-D3C2-4D8A-B897-06CDC8C95F4C} -> profile=public | protocol=6 | dir=in | action=allow | name=yahoo! ft server | app=c:\program files (x86)\yahoo!\messenger\yserver.exe | 
{8B29F285-0E33-4FF2-B84C-4DE6F0A930E0} -> profile=private | protocol=6 | dir=in | action=allow | name=norton removal tool | app=c:\users\barry and diana\appdata\local\temp\7zs281a.tmp\symnrt.exe | 
{9DE5E60F-A766-4581-9DA9-55E7A5A39A96} -> profile=public | protocol=6 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
{BBA3DFF8-1CCE-4B4F-9935-B26A96EBD9E0} -> dir=in | action=allow | name=quick play resident program | app=c:\program files (x86)\hp\quickplay\qpservice.exe | 
{BE09D85A-74D2-4C1C-B245-173DB8DD0397} -> profile=private | protocol=17 | dir=in | action=allow | name=norton removal tool | app=c:\users\barry and diana\appdata\local\temp\7zs281a.tmp\symnrt.exe | 
{D6FF2512-3AC8-4337-AA51-A4BC24BBAAF6} -> profile=public | protocol=6 | dir=in | action=allow | name=yahoo! messenger | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
{E24328FB-C15D-4508-A0FA-999EB864B8A3} -> profile=public | protocol=17 | dir=in | action=allow | name=norton removal tool | app=c:\users\barry and diana\appdata\local\temp\7zsb7ca.tmp\symnrt.exe | 
TCP Query User{662F1000-EAEA-469D-B1DE-1D1D1BCB3A17}C:\program files (x86)\hp games\wheel of fortune\wheel of fortune.exe -> profile=public | protocol=6 | dir=in | action=allow | name=wheel of fortune | app=c:\program files (x86)\hp games\wheel of fortune\wheel of fortune.exe | 
TCP Query User{B2C657D5-F467-4758-9D84-926E25056E48}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe -> profile=private | protocol=6 | dir=in | action=block | name=yahoo! messenger | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
UDP Query User{D80F8D96-C299-4A74-B341-82FF49E089CD}C:\program files (x86)\hp games\wheel of fortune\wheel of fortune.exe -> profile=public | protocol=17 | dir=in | action=allow | name=wheel of fortune | app=c:\program files (x86)\hp games\wheel of fortune\wheel of fortune.exe | 
UDP Query User{F39E125D-1D2E-4AEE-BFAB-05BF5EAAE655}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe -> profile=private | protocol=17 | dir=in | action=block | name=yahoo! messenger | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" -> C:\Windows\SysNative\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/01/19 02:29:04 | 000,079,872 | ---- | M] ()
< Drives with AutoRun files > ->  -> 
D:\AUTOMODE [@echo off | IF EXIST C:\ST_RP\MANUALMODE ECHO MANUAL BATCH MODE ALREADY SET ! | IF NOT EXIST C:\ST_RP\MANUALMODE ECHO SET TO MANUAL BATCH EXECUTION ! | IF NOT EXIST C:\ST_RP\MANUALMODE IF EXIST C:\ST_RP\AUTOMODE DEL C:\ST_RP\AUTOMODE /F > NUL | IF NOT EXIST C:\ST_RP\MANUALMODE COPY C:\ST_RP\SET_AUTO_MODE.CMD C:\ST_RP\MANUALMODE > NUL | ECHO. | ] -> D:\AUTOMODE [ NTFS ] -> [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
64bit-comfile [open] -> "%1" %* -> File not found
64bit-exefile [open] -> "%1" %* -> File not found
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
 
[Files/Folders - Created Within 30 Days]
 OTS.exe -> C:\Users\Barry and Diana\Desktop\OTS.exe -> [2010/05/05 11:57:53 | 000,640,000 | ---- | C] (OldTimer Tools)
 Norton_Removal_Tool.exe -> C:\Users\Barry and Diana\Desktop\Norton_Removal_Tool.exe -> [2010/05/04 11:29:05 | 000,854,064 | ---- | C] (Symantec Corporation)
 Sun -> C:\Windows\Sun -> [2010/05/04 10:21:35 | 000,000,000 | ---D | C]
 Trend Micro -> C:\Program Files (x86)\Trend Micro -> [2010/04/22 12:28:03 | 000,000,000 | ---D | C]
 HJTsetup.exe -> C:\Users\Barry and Diana\Desktop\HJTsetup.exe -> [2010/04/22 12:27:50 | 000,812,344 | ---- | C] (Trend Micro Inc.)
 AVG8 -> C:\Users\Barry and Diana\AppData\Roaming\AVG8 -> [2010/04/21 13:50:51 | 000,000,000 | ---D | C]
 SWF Studio -> C:\Program Files (x86)\Common Files\SWF Studio -> [2010/04/21 13:29:48 | 000,000,000 | ---D | C]
 Config.Msi -> C:\Config.Msi -> [2010/04/15 03:12:31 | 000,000,000 | -HSD | C]
 vbscript.dll -> C:\Windows\SysWow64\vbscript.dll -> [2010/04/14 07:23:55 | 000,420,352 | ---- | C] (Microsoft Corporation)
 l3codeca.acm -> C:\Windows\SysWow64\l3codeca.acm -> [2010/04/14 07:23:40 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS)
 cabview.dll -> C:\Windows\SysWow64\cabview.dll -> [2010/04/14 07:21:17 | 000,098,304 | ---- | C] (Microsoft Corporation)
 wintrust.dll -> C:\Windows\SysWow64\wintrust.dll -> [2010/04/14 07:21:12 | 000,171,520 | ---- | C] (Microsoft Corporation)
 
[Files/Folders - Modified Within 30 Days]
 ntuser.dat -> C:\Users\Barry and Diana\ntuser.dat -> [2010/05/05 11:58:35 | 007,602,176 | -HS- | M] ()
 OTS.exe -> C:\Users\Barry and Diana\Desktop\OTS.exe -> [2010/05/05 11:57:56 | 000,640,000 | ---- | M] (OldTimer Tools)
 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2010/05/05 11:37:37 | 000,003,168 | -H-- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2010/05/05 11:37:37 | 000,003,168 | -H-- | M] ()
 GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2010/05/05 11:29:00 | 000,000,898 | ---- | M] ()
 incavi.avm -> C:\Windows\SysNative\drivers\Avg\incavi.avm -> [2010/05/05 09:09:52 | 059,590,935 | ---- | M] ()
 GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2010/05/05 00:29:00 | 000,000,894 | ---- | M] ()
 User_Feed_Synchronization-{49483BE6-4234-4767-9DC1-FE066E7CB619}.job -> C:\Windows\tasks\User_Feed_Synchronization-{49483BE6-4234-4767-9DC1-FE066E7CB619}.job -> [2010/05/04 19:57:59 | 000,000,438 | -H-- | M] ()
 nvModes.dat -> C:\Users\Barry and Diana\AppData\Roaming\nvModes.dat -> [2010/05/04 19:37:27 | 000,033,321 | ---- | M] ()
 nvModes.001 -> C:\Users\Barry and Diana\AppData\Roaming\nvModes.001 -> [2010/05/04 19:37:27 | 000,033,321 | ---- | M] ()
 bootstat.dat -> C:\Windows\bootstat.dat -> [2010/05/04 19:37:11 | 000,067,584 | --S- | M] ()
 PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2010/05/04 11:37:28 | 000,690,960 | ---- | M] ()
 perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2010/05/04 11:37:28 | 000,595,684 | ---- | M] ()
 perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2010/05/04 11:37:28 | 000,101,350 | ---- | M] ()
 hpqp.ini -> C:\Users\Public\Documents\hpqp.ini -> [2010/05/04 11:32:34 | 000,000,152 | ---- | M] ()
 SA.DAT -> C:\Windows\tasks\SA.DAT -> [2010/05/04 11:31:38 | 000,000,006 | -H-- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2010/05/04 11:31:26 | 2078,916,608 | -HS- | M] ()
 bthservsdp.dat -> C:\Windows\bthservsdp.dat -> [2010/05/04 11:30:23 | 000,000,012 | ---- | M] ()
 ntuser.dat{29a92851-3eb8-11df-b45f-001a6b7de373}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Barry and Diana\ntuser.dat{29a92851-3eb8-11df-b45f-001a6b7de373}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/04 11:30:19 | 000,524,288 | -HS- | M] ()
 ntuser.dat{29a92851-3eb8-11df-b45f-001a6b7de373}.TM.blf -> C:\Users\Barry and Diana\ntuser.dat{29a92851-3eb8-11df-b45f-001a6b7de373}.TM.blf -> [2010/05/04 11:30:19 | 000,065,536 | -HS- | M] ()
 IconCache.db -> C:\Users\Barry and Diana\AppData\Local\IconCache.db -> [2010/05/04 11:30:17 | 003,525,703 | -H-- | M] ()
 Norton_Removal_Tool.exe -> C:\Users\Barry and Diana\Desktop\Norton_Removal_Tool.exe -> [2010/05/04 11:29:03 | 000,854,064 | ---- | M] (Symantec Corporation)
 FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2010/05/02 15:05:41 | 000,445,152 | ---- | M] ()
 mbamswissarmy.sys -> C:\Windows\SysWow64\drivers\mbamswissarmy.sys -> [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation)
 mbam.sys -> C:\Windows\SysNative\drivers\mbam.sys -> [2010/04/29 15:39:28 | 000,024,664 | ---- | M] ()
 Google Chrome.lnk -> C:\Users\Public\Desktop\Google Chrome.lnk -> [2010/04/29 03:30:00 | 000,002,025 | ---- | M] ()
 HPCeeScheduleForBarry and Diana.job -> C:\Windows\tasks\HPCeeScheduleForBarry and Diana.job -> [2010/04/28 03:25:59 | 000,000,374 | ---- | M] ()
 request.gzip -> C:\Windows\SysWow64\request.gzip -> [2010/04/25 14:47:11 | 000,001,130 | ---- | M] ()
 responseBody.xml -> C:\Windows\SysWow64\responseBody.xml -> [2010/04/25 14:47:11 | 000,000,134 | ---- | M] ()
 requestBody.xml -> C:\Windows\SysWow64\requestBody.xml -> [2010/04/25 14:47:10 | 000,002,650 | ---- | M] ()
 Resident Shield report April 23 2010.csv -> C:\Users\Barry and Diana\Documents\Resident Shield report April 23 2010.csv -> [2010/04/23 11:14:16 | 000,013,412 | ---- | M] ()
 hosts.20100428-165731.backup -> C:\Windows\SysNative\drivers\etc\hosts.20100428-165731.backup -> [2010/04/23 07:52:59 | 000,392,729 | R--- | M] ()
 HijackThis.lnk -> C:\Users\Barry and Diana\Desktop\HijackThis.lnk -> [2010/04/22 12:28:04 | 000,001,928 | ---- | M] ()
 HJTsetup.exe -> C:\Users\Barry and Diana\Desktop\HJTsetup.exe -> [2010/04/22 12:27:49 | 000,812,344 | ---- | M] (Trend Micro Inc.)
 avgtdia.sys -> C:\Windows\SysNative\drivers\avgtdia.sys -> [2010/04/22 09:57:56 | 000,317,520 | ---- | M] ()
 hosts.20100423-075259.backup -> C:\Windows\SysNative\drivers\etc\hosts.20100423-075259.backup -> [2010/04/20 13:02:09 | 000,391,971 | R--- | M] ()
 Letter to Bill Shreve of Rotary 2.doc -> C:\Users\Barry and Diana\Documents\Letter to Bill Shreve of Rotary 2.doc -> [2010/04/16 15:13:13 | 000,029,696 | ---- | M] ()
 Spybot - Search & Destroy.lnk -> C:\Users\Barry and Diana\Desktop\Spybot - Search & Destroy.lnk -> [2010/04/08 12:10:58 | 000,001,097 | ---- | M] ()
 
[Files - No Company Name]
 IconCache.db -> C:\Users\Barry and Diana\AppData\Local\IconCache.db -> [2010/04/28 03:22:02 | 003,525,703 | -H-- | C] ()
 HPCeeScheduleForBarry and Diana.job -> C:\Windows\tasks\HPCeeScheduleForBarry and Diana.job -> [2010/04/25 14:46:41 | 000,000,374 | ---- | C] ()
 Resident Shield report April 23 2010.csv -> C:\Users\Barry and Diana\Documents\Resident Shield report April 23 2010.csv -> [2010/04/23 11:12:31 | 000,013,412 | ---- | C] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2010/04/22 23:34:21 | 2078,916,608 | -HS- | C] ()
 HijackThis.lnk -> C:\Users\Barry and Diana\Desktop\HijackThis.lnk -> [2010/04/22 12:28:04 | 000,001,928 | ---- | C] ()
 responseBody.xml -> C:\Windows\SysWow64\responseBody.xml -> [2010/04/18 14:30:12 | 000,000,134 | ---- | C] ()
 requestBody.xml -> C:\Windows\SysWow64\requestBody.xml -> [2010/04/18 14:30:11 | 000,002,650 | ---- | C] ()
 request.gzip -> C:\Windows\SysWow64\request.gzip -> [2010/04/18 14:30:11 | 000,001,130 | ---- | C] ()
 mbam.sys -> C:\Windows\SysNative\drivers\mbam.sys -> [2010/04/17 09:00:28 | 000,024,664 | ---- | C] ()
 Letter to Bill Shreve of Rotary 2.doc -> C:\Users\Barry and Diana\Documents\Letter to Bill Shreve of Rotary 2.doc -> [2010/04/16 15:13:11 | 000,029,696 | ---- | C] ()
 ntoskrnl.exe -> C:\Windows\SysNative\ntoskrnl.exe -> [2010/04/14 07:24:01 | 004,690,832 | ---- | C] ()
 vbscript.dll -> C:\Windows\SysNative\vbscript.dll -> [2010/04/14 07:23:55 | 000,612,864 | ---- | C] ()
 l3codeca.acm -> C:\Windows\SysNative\l3codeca.acm -> [2010/04/14 07:23:40 | 000,072,192 | ---- | C] ()
 cabview.dll -> C:\Windows\SysNative\cabview.dll -> [2010/04/14 07:21:17 | 000,104,960 | ---- | C] ()
 wintrust.dll -> C:\Windows\SysNative\wintrust.dll -> [2010/04/14 07:21:12 | 000,218,112 | ---- | C] ()
 Spybot - Search & Destroy.lnk -> C:\Users\Barry and Diana\Desktop\Spybot - Search & Destroy.lnk -> [2010/04/08 12:10:58 | 000,001,097 | ---- | C] ()
 hptcpmon.ini -> C:\Windows\SysWow64\hptcpmon.ini -> [2009/01/19 13:31:41 | 000,003,399 | R--- | C] ()
 agissi.dll -> C:\Windows\SysWow64\agissi.dll -> [2009/01/19 13:31:21 | 000,749,568 | R--- | C] ()
 zhhp_res.dll -> C:\Windows\SysWow64\zhhp_res.dll -> [2009/01/19 13:31:13 | 011,194,368 | R--- | C] ()
 vshp2600.dll -> C:\Windows\SysWow64\vshp2600.dll -> [2009/01/19 13:31:12 | 000,114,688 | R--- | C] ()
 hpntwksetup.ini -> C:\Windows\hpntwksetup.ini -> [2009/01/19 13:30:04 | 000,000,579 | ---- | C] ()
 msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2008/09/14 21:10:41 | 000,368,640 | ---- | C] ()
 tcpmon.ini -> C:\Windows\SysWow64\tcpmon.ini -> [2008/09/14 21:09:34 | 000,060,124 | ---- | C] ()
 px.ini -> C:\Windows\SysWow64\px.ini -> [2007/02/27 16:43:02 | 000,000,000 | ---- | C] ()
 CddbPlaylist2Roxio.dll -> C:\Windows\SysWow64\CddbPlaylist2Roxio.dll -> [2006/12/14 02:01:36 | 000,520,192 | ---- | C] ()
 CddbFileTaggerRoxio.dll -> C:\Windows\SysWow64\CddbFileTaggerRoxio.dll -> [2006/12/14 02:01:36 | 000,204,800 | ---- | C] ()
 GlobalUserInterface.CompositeFont -> C:\Windows\Fonts\GlobalUserInterface.CompositeFont -> [2006/11/02 11:06:34 | 000,030,808 | ---- | C] ()
 GlobalSerif.CompositeFont -> C:\Windows\Fonts\GlobalSerif.CompositeFont -> [2006/11/02 11:06:34 | 000,029,779 | ---- | C] ()
 GlobalSansSerif.CompositeFont -> C:\Windows\Fonts\GlobalSansSerif.CompositeFont -> [2006/11/02 11:06:34 | 000,026,489 | ---- | C] ()
 GlobalMonospace.CompositeFont -> C:\Windows\Fonts\GlobalMonospace.CompositeFont -> [2006/11/02 11:06:34 | 000,026,040 | ---- | C] ()
 snp2uvc.ini -> C:\Windows\snp2uvc.ini -> [2006/05/19 15:39:58 | 000,015,497 | ---- | C] ()
< End of report >
 

axagirl

Thread Starter
Joined
Mar 7, 2006
Messages
145
Since it looks like it didn't all get printed, I'll try to attach it.
 

Attachments

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
nothing showing in teh OT log

what problems exactly are you having now
 

axagirl

Thread Starter
Joined
Mar 7, 2006
Messages
145
We've had no more problems since the April 21 date when the virus/worm infected the computer. I shut it down, booted in Safe Mode, ran AVG, MWB, and Spybot. The record of what was found is in the Resident Shield log I posted. There was a problem with a pop-up message about DEP when IE was opened for a day or so, but I reset IE to default settings and that stopped. I also changed the settings in the Resident Shield so that it stopped reporting each tracking cookie that showed up.

I was mainly concerned b/c I didn't understand why the Windows Defender "History" had messages about "unknown" threats that were "permitted" when neither my husband nor I was aware of "permitting" anything.

I've been keeping a close eye on everything since the problem occurred, running MWB and Spybot frequently. Yesterday, as per your advice, I ran the Kapersky, then today, the OTS; also removed the Norton AV from the computer as I was advised to do in a separate thread concerning my own laptop.

Do you think I should mark this thread "solved"?

Thank you SO much for all of your help!
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Staff online

Members online

Top