1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Problems with IE after virus and koobface worm

Discussion in 'Virus & Other Malware Removal' started by axagirl, Apr 21, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. axagirl

    axagirl Thread Starter

    Joined:
    Mar 7, 2006
    Messages:
    145
    Hello! Laptop is HP dv6000 running Vista Ultimate. My husband clicked on something on Facebook Saturday and got some Trojan Horse and Koobface worm problems. I was able to go into safe mode and run AVG, Malwearbytes, and Spybot S&D, which found and removed most of them. There were a couple that Resident Shield on AVG said "file is inaccessible" for.

    Since Saturday, Internet Explorer keeps shutting down, with a pop up saying that DEP is preventing it from working. I was on it today to check things out, and all at once the Vongo logo popped up in the middle of the screen. Nothing I tried to do got it to go away until I shut down the laptop. In safe mode, I ran the AVG and Malwearbytes scans, as well as Spybot. Nothing showed up.

    Tonight, IE kept repeatedly shutting down with the same DEP popup message. Resident Shield on AVG reported a tracking cookie "[email protected][2].txt. Scanned specific files with AVG, but found nothing. I removed some stuff from the temporary files that had contained one of the problems from Saturday. Am currently running Malwearbytes full scan on his laptop.

    Anyone have any suggestions?
     
  2. axagirl

    axagirl Thread Starter

    Joined:
    Mar 7, 2006
    Messages:
    145
    Am copying the log from Resident Shield on AVG. Does this mean the tracking cookie is in the Malwearbytes files? Also, in opening Mozilla Firefox instead of IE on this (my husband's laptop), it just found another tracking cookie "on opening" Firefox. Can anyone help?

    "Found Tracking cookie.Trafficmp";"C:\Users\Barry and Diana\AppData\Roaming\Mozilla\Firefox\Profiles\p4y5xelg.default\cookies.txt";"";"4/21/2010, 10:36:56 PM";"file";"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
    "Found Tracking cookie.Yieldmanager";"C:\Users\Barry and Diana\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt";"";"4/21/2010, 10:36:51 PM";"file";"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
    "Found Tracking cookie.Questionmarket";"C:\Users\Barry and Diana\AppData\Local\Temp\Low\Cookies\[email protected][2].txt";"";"4/21/2010, 10:36:14 PM";"file";"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
    "Found Tracking cookie.Atdmt";"C:\Users\Barry and Diana\AppData\Local\Temp\Low\Cookies\[email protected][1].txt";"";"4/21/2010, 10:36:14 PM";"file";"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
    "Found Tracking cookie.Yieldmanager";"C:\Users\Barry and Diana\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt";"";"4/21/2010, 9:28:51 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
    "Found Tracking cookie.Yieldmanager";"C:\Users\Barry and Diana\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt";"";"4/21/2010, 9:15:44 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
    "Found Tracking cookie.Yieldmanager";"C:\Users\Barry and Diana\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt";"";"4/21/2010, 8:59:01 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
    "Found Tracking cookie.Yieldmanager";"C:\Users\Barry and Diana\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt";"";"4/21/2010, 8:58:50 PM";"file";"C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe"
    "Trojan horse Dropper.Generic2.BBN";"C:\Users\Barry and Diana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U4V7WE49\p[1].exe";"Moved to Virus Vault";"4/17/2010, 9:43:54 AM";"file";"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
    "Trojan horse Proxy.AJZW";"C:\Users\Barry and Diana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8493GKJ6\ws[1].exe";"Moved to Virus Vault";"4/17/2010, 9:43:38 AM";"file";"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
    "Trojan horse Generic17.AOPG";"C:\Users\Barry and Diana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1NBEUGZ9\hostsgb3[1].exe";"Moved to Virus Vault";"4/17/2010, 9:43:24 AM";"file";"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
    "Virus identified Worm/Koobface.Y";"C:\Users\Barry and Diana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0970BX69\v2captcha21[1].exe";"Moved to Virus Vault";"4/17/2010, 9:43:20 AM";"file";"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
    "Trojan horse FakeAlert.LF";"C:\Users\Barry and Diana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8493GKJ6\hitin[1].htm";"Object is inaccessible.";"4/17/2010, 9:42:56 AM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
    "Trojan horse Dropper.Generic2.BBN";"C:\Users\Barry and Diana\AppData\Local\rdr_1271507557.exe";"Moved to Virus Vault";"4/17/2010, 9:42:56 AM";"file";"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
    "Trojan horse Proxy.AJZW";"C:\Users\Barry and Diana\AppData\Local\Temp\zpskon_1271514297.exe";"Moved to Virus Vault";"4/17/2010, 8:37:42 AM";"file";"C:\Windows\bill107.exe"
    "Trojan horse Generic17.AOPG";"C:\Users\Barry and Diana\AppData\Local\Temp\zpskon_1271519055.exe";"Moved to Virus Vault";"4/17/2010, 8:37:41 AM";"file";"C:\Windows\bill107.exe"
    "Virus identified Worm/Koobface.Y";"C:\Users\Barry and Diana\AppData\Local\rdr_1271507860.exe";"Moved to Virus Vault";"4/17/2010, 8:37:41 AM";"file";"C:\Windows\bill107.exe"
    "Trojan horse Dropper.Generic2.BBN";"C:\Users\Barry and Diana\AppData\Local\rdr_1271507557.exe";"Object is inaccessible.";"4/17/2010, 8:32:40 AM";"file";"C:\Windows\bill107.exe"
     
  3. axagirl

    axagirl Thread Starter

    Joined:
    Mar 7, 2006
    Messages:
    145
    Here's the HJT log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:28:26 PM, on 4/22/2010
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v8.00 (8.00.6001.18904)
    Boot mode: Normal

    Running processes:
    C:\Windows\vsnp2uvc.exe
    C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
    C:\Program Files (x86)\MySpace\IM\MySpaceIM.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\Hp\QuickPlay\QPService.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files (x86)\AVG\AVG9\avgtray.exe
    C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    C:\Program Files (x86)\AVG\AVG9\avgui.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.alot.com/web?q=&pr=au...src_id=11161&camp_id=508&tb_version=2.4.3.405
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - - (no file)
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
    R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O1 - Hosts: ::1 localhost
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: ALOT Toolbar BHO - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files (x86)\alot\bin\alot.dll (file missing)
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files (x86)\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files (x86)\alot\bin\alot.dll (file missing)
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles(x86)%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles(x86)%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles(x86)%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files (x86)\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files (x86)\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKLM\..\RunOnce: [MySpaceIMDelete] "C:\Windows\system32\CMD.exe" /q /c rmdir /q /s "C:\Program Files (x86)\MySpace\IM"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files (x86)\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files (x86)\MySpace\IM\MySpaceIM.exe (User 'Default user')
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: Vongo Tray.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files (x86)\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (file missing)
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLSched.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: Google Update Service (gupdate1ca93ebf6b8b9af) (gupdate1ca93ebf6b8b9af) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files (x86)\Norton Internet Security\isPwdSvc.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files (x86)\Vongo\VongoService.exe
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

    --
    End of file - 16780 bytes
     
  4. axagirl

    axagirl Thread Starter

    Joined:
    Mar 7, 2006
    Messages:
    145
    Anyone out there? Just wondering if anyone has any ideas about these issues. Thanks.
     
  5. axagirl

    axagirl Thread Starter

    Joined:
    Mar 7, 2006
    Messages:
    145
    Additional info: Windows Defender has 4 messages in its history since all this happened. It says the threat is "unknown" and that the action done was "permit." No one has permitted anything to my knowledge. One of the "resources" states:

    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL

    Otherwise, the computer has been working fine since the actions I took above.

    Anyone know if this is something that's a problem? Thanks.
     
  6. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,451
    First Name:
    Derek
    * Run Kaspersky online virus scan Kaspersky Online Scanner.

    After the updates have downloaded, click on the "Scan Settings" button.
    select the (b)"Spyware, Adware, Dialers and other potentially dangerous programs" for the scan.
    Under "Please select a target to scan", click "My Computer".
    When the scan is finished, Save the results from the scan!

    Note: Kavscan is a scanner only & won't fix anything but will normally find the most infected files so it's report gives us a good place to work from

    If that won't run then
    Run an online antivirus check from one of the following sites

    http://www.eset.com/online-scanner
    http://www.pandasoftware.com/activescan/
    http://www.bitdefender.com/scan8/ie.html
     
  7. axagirl

    axagirl Thread Starter

    Joined:
    Mar 7, 2006
    Messages:
    145
    Thanks! Sorry this is taking so long. First the Kavscan didn't work b/c I was using Google Chrome. Then it wouldn't work b/c I didn't run Mozilla as an administrator. Then (I assume) it didn't work b/c Norton AV was also running on this laptop, so I just followed the instructions on my other thread for running Norton removal. Now I'm going to disconnect AVG and try this again!
     
  8. axagirl

    axagirl Thread Starter

    Joined:
    Mar 7, 2006
    Messages:
    145
    Now, once again the "viruses, worms, Trojans, and rootkits" box is checked, but grayed out, and it still won't let me select that box. I'm going to try to run it while I wait for further advice.
     
  9. axagirl

    axagirl Thread Starter

    Joined:
    Mar 7, 2006
    Messages:
    145
    The scan has run for an hour and a half, but is only 16% complete. Also, whenever I began to run the Kavscan, a message came up saying the site had an incomplete signature (at least I think that was the wording) and asked if I wanted to run it anyway.
     
  10. axagirl

    axagirl Thread Starter

    Joined:
    Mar 7, 2006
    Messages:
    145
    OK...the scan finally finished, and it said no threats were found. Any further advice? Thanks!
     
  11. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,451
    First Name:
    Derek
    Download OTScanIt.exe to your Desktop
    • Close any open browsers.
    • If your Real protection or Antivirus intervenes with OTScanIt, allow it to run.
    • Double-click on OTS.exe to start the program.
    • Now on the toolbar at the top select "Scan all users" then click the Run Scan button
    • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
    • When the scan is complete Notepad will open with the report file loaded in it.
    • Save that notepad file
    If the log is too large to post, use the Reply button, scroll down to the attachments section and attach the notepad file here.
     
  12. axagirl

    axagirl Thread Starter

    Joined:
    Mar 7, 2006
    Messages:
    145
    OK...here's the Notepad report. I'll see if it'll copy here.

    Code:
    OTS logfile created on: 5/5/2010 11:58:42 AM - Run 1
    OTS by OldTimer - Version 3.1.31.0     Folder = C:\Users\Barry and Diana\Desktop
    64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18904)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 41.00% Memory free
    4.00 Gb Paging File | 2.00 Gb Available in Paging File | 54.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 139.27 Gb Total Space | 78.96 Gb Free Space | 56.69% Space Free | Partition Type: NTFS
    Drive D: | 9.77 Gb Total Space | 2.23 Gb Free Space | 22.83% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
     
    Computer Name: BARRYANDDIANA
    Current User Name: Barry and Diana
    Logged in as Administrator.
     
    Current Boot Mode: Normal
    Scan Mode: All users
    Include 64bit Scans
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
     
    [Processes - Safe List]
    ots.exe -> C:\Users\Barry and Diana\Desktop\OTS.exe -> [2010/05/05 11:57:56 | 000,640,000 | ---- | M] (OldTimer Tools)
    avgtray.exe -> C:\Program Files (x86)\AVG\AVG9\avgtray.exe -> [2010/04/22 09:58:02 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.)
    realsched.exe -> C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe -> [2010/03/14 19:44:23 | 000,202,256 | ---- | M] (RealNetworks, Inc.)
    avgwdsvc.exe -> C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -> [2010/03/13 10:03:56 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.)
    teatimer.exe -> C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe -> [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.)
    onenotem.exe -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE -> [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation)
    sdwinsec.exe -> C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -> [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.)
    vsnp2uvc.exe -> C:\Windows\vsnp2uvc.exe -> [2008/08/01 20:10:54 | 000,675,840 | ---- | M] (Sonix)
    searchprotection.exe -> C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe -> [2007/06/08 10:59:38 | 000,224,248 | ---- | M] (Yahoo! Inc.)
    clsched.exe -> C:\Program Files (x86)\Hp\QuickPlay\Kernel\TV\CLSched.exe -> [2007/03/28 20:45:38 | 000,118,877 | ---- | M] ()
    clcapsvc.exe -> C:\Program Files (x86)\Hp\QuickPlay\Kernel\TV\CLCapSvc.exe -> [2007/03/28 20:45:34 | 000,270,431 | ---- | M] ()
    bluetoothheadsetproxy.exe -> C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe -> [2006/12/20 13:32:56 | 000,014,640 | ---- | M] (Broadcom Corporation.)
     
    [Modules - Safe List]
    ots.exe -> C:\Users\Barry and Diana\Desktop\OTS.exe -> [2010/05/05 11:57:56 | 000,640,000 | ---- | M] (OldTimer Tools)
    rpchromebrowserrecordhelper.dll -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll -> [2010/03/14 19:46:07 | 000,040,960 | ---- | M] ()
    comdlg32.dll -> C:\Windows\SysWOW64\comdlg32.dll -> [2008/01/19 03:33:58 | 000,450,048 | ---- | M] (Microsoft Corporation)
    msscript.ocx -> C:\Windows\SysWOW64\msscript.ocx -> [2008/01/19 03:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation)
    comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll -> [2008/01/19 03:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation)
    msvcp71.dll -> C:\Windows\SysWOW64\msvcp71.dll -> [2003/03/18 20:14:52 | 000,499,712 | ---- | M] (Microsoft Corporation)
    msvcr71.dll -> C:\Windows\SysWOW64\msvcr71.dll -> [2003/02/21 04:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation)
     
    [Win32 Services - Safe List]
    64bit-(WinDefend)  [Auto | Running] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2008/01/19 04:06:50 | 000,383,544 | ---- | M] (Microsoft Corporation)
    64bit-(UmRdpService)  [On_Demand | Stopped] -> C:\Windows\SysNative\umrdp.dll -> [2008/01/19 04:04:21 | 000,252,928 | ---- | M] ()
    64bit-(CscService)  [Auto | Running] -> C:\Windows\SysNative\cscsvc.dll -> [2008/01/19 04:01:11 | 000,598,016 | ---- | M] ()
    64bit-(AppMgmt)  [On_Demand | Stopped] -> C:\Windows\SysNative\appmgmts.dll -> [2008/01/19 04:00:52 | 000,195,584 | ---- | M] ()
    64bit-(wbengine)  [On_Demand | Stopped] -> C:\Windows\SysNative\wbengine.exe -> [2008/01/19 04:00:43 | 001,147,904 | ---- | M] ()
    64bit-(Fax)  [On_Demand | Stopped] -> C:\Windows\SysNative\fxssvc.exe -> [2008/01/19 04:00:17 | 000,689,152 | ---- | M] ()
    64bit-(BthServ)  [Auto | Running] -> C:\Windows\SysNative\bthserv.dll -> [2006/11/02 07:16:35 | 000,051,200 | ---- | M] ()
    64bit-(XAudioService)  [Auto | Running] -> C:\Windows\SysNative\DRIVERS\xaudio64.exe -> [2006/08/05 05:48:30 | 000,410,624 | ---- | M] ()
    (avg9wd) AVG Free WatchDog [Auto | Running] -> C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -> [2010/03/13 10:03:56 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.)
    (SBSDWSCService) SBSD Security Center Service [Auto | Running] -> C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -> [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.)
    (clr_optimization_v2.0.50727_64) Microsoft .NET Framework NGEN v2.0.50727_X64 [On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -> [2008/07/27 14:01:49 | 000,093,184 | ---- | M] (Microsoft Corporation)
    (Vongo Service) Vongo Service [On_Demand | Stopped] -> C:\Program Files (x86)\Vongo\VongoService.exe -> [2007/03/29 13:59:42 | 000,176,128 | ---- | M] (Starz Entertainment Group LLC)
    (CLSched) CyberLink Task Scheduler (CTS) [Auto | Running] -> C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLSched.exe -> [2007/03/28 20:45:38 | 000,118,877 | ---- | M] ()
    (CLCapSvc) CyberLink Background Capture Service (CBCS) [Auto | Running] -> C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -> [2007/03/28 20:45:34 | 000,270,431 | ---- | M] ()
    (MSDTC) Distributed Transaction Coordinator [Unknown | Stopped] -> C:\Windows\SysWOW64\Msdtc -> [2006/11/02 09:34:14 | 000,000,000 | ---D | M]
    (vds) Virtual Disk [On_Demand | Stopped] -> C:\Windows\SysWOW64\wbem\vds.mof -> [2006/11/02 02:35:15 | 000,060,994 | ---- | M] ()
    (VSS) Volume Shadow Copy [On_Demand | Stopped] -> C:\Windows\SysWOW64\wbem\vss.mof -> [2006/11/02 02:35:15 | 000,055,846 | ---- | M] ()
    (IDriverT) InstallDriver Table Manager [On_Demand | Stopped] -> C:\Program Files (x86)\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> [2004/10/22 06:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation)
     
    [Driver Services - Safe List]
    64bit-(AvgTdiA) AVG Free Network Redirector x64 [Kernel | System | Running] -> C:\Windows\SysNative\Drivers\avgtdia.sys -> [2010/04/22 09:57:56 | 000,317,520 | ---- | M] ()
    64bit-(AvgMfx64) AVG On-access Scanner Minifilter Driver x64 [File_System | System | Running] -> C:\Windows\SysNative\Drivers\avgmfx64.sys -> [2010/03/13 10:04:04 | 000,035,464 | ---- | M] ()
    64bit-(AvgLdx64) AVG AVI Loader Driver x64 [Kernel | System | Running] -> C:\Windows\SysNative\Drivers\avgldx64.sys -> [2010/03/13 10:02:48 | 000,269,320 | ---- | M] ()
    64bit-(SNP2UVC) USB2.0 PC Camera (SNP2UVC) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\snp2uvc.sys -> [2009/06/09 17:16:06 | 003,557,376 | ---- | M] ()
    64bit-(BTHPORT) Bluetooth Port Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\BTHport.sys -> [2008/04/28 22:10:55 | 000,276,480 | ---- | M] ()
    64bit-(BTHUSB) Bluetooth Radio USB Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\BTHUSB.sys -> [2008/04/28 22:10:51 | 000,034,304 | ---- | M] ()
    64bit-(fvevol) BitLocker Drive Encryption Filter Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\DRIVERS\fvevol.sys -> [2008/01/19 04:10:43 | 000,161,848 | ---- | M] ()
    64bit-(BthPan) Bluetooth Device (Personal Area Network) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\bthpan.sys -> [2008/01/19 02:34:19 | 000,115,712 | ---- | M] ()
    64bit-(usbvideo) USB Video Device (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\usbvideo.sys -> [2008/01/19 02:34:14 | 000,168,704 | ---- | M] ()
    64bit-(RFCOMM) Bluetooth Device (RFCOMM Protocol TDI) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\rfcomm.sys -> [2008/01/19 02:34:13 | 000,062,976 | ---- | M] ()
    64bit-(BthEnum) Bluetooth Enumerator Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\BthEnum.sys -> [2008/01/19 02:34:13 | 000,023,040 | ---- | M] ()
    64bit-(sdbus) sdbus [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\sdbus.sys -> [2008/01/19 02:02:55 | 000,111,104 | ---- | M] ()
    64bit-(CmBatt) Microsoft ACPI Control Method Battery Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\CmBatt.sys -> [2008/01/19 02:02:42 | 000,017,792 | ---- | M] ()
    64bit-(CSC) Offline Files Driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\csc.sys -> [2008/01/19 01:55:40 | 000,460,800 | ---- | M] ()
    64bit-(HdAudAddService) Microsoft UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\CHDART64.sys -> [2007/02/22 12:25:40 | 000,189,440 | ---- | M] ()
    64bit-(PxHlpa64) PxHlpa64 [Kernel | Boot | Running] -> C:\Windows\SysNative\Drivers\PxHlpa64.sys -> [2007/02/02 06:00:00 | 000,052,856 | ---- | M] ()
    64bit-(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\SynTP.sys -> [2007/01/12 23:59:08 | 000,297,272 | ---- | M] ()
    64bit-(BCM43XX) Broadcom 802.11 Network Adapter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\bcmwl664.sys -> [2007/01/03 11:43:12 | 000,640,512 | ---- | M] ()
    64bit-(BCM43XV) Broadcom Extensible 802.11 Network Adapter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\bcmwl664.sys -> [2007/01/03 11:43:12 | 000,640,512 | ---- | M] ()
    64bit-(btwavdt) Bluetooth AVDT [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\btwavdt.sys -> [2007/01/02 06:45:42 | 000,095,536 | ---- | M] ()
    64bit-(btwaudio) Bluetooth Audio Device Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\btwaudio.sys -> [2007/01/02 06:45:42 | 000,086,832 | ---- | M] ()
    64bit-(btwrchid) btwrchid [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\btwrchid.sys -> [2007/01/02 06:45:42 | 000,020,016 | ---- | M] ()
    64bit-(eabfiltr) eabfiltr [Kernel | System | Running] -> C:\Windows\SysNative\DRIVERS\eabfiltr64.sys -> [2006/11/30 13:26:06 | 000,012,800 | ---- | M] ()
    64bit-(rismxdp) Ricoh xD-Picture Card Driver [Kernel | Auto | Running] -> C:\Windows\SysNative\DRIVERS\rixdpx64.sys -> [2006/11/18 09:07:48 | 000,055,296 | ---- | M] ()
    64bit-(rimmptsk) rimmptsk [Kernel | Auto | Running] -> C:\Windows\SysNative\DRIVERS\rimmpx64.sys -> [2006/11/17 13:49:52 | 000,052,224 | ---- | M] ()
    64bit-(rimsptsk) rimsptsk [Kernel | Auto | Running] -> C:\Windows\SysNative\DRIVERS\rimspx64.sys -> [2006/11/15 21:59:52 | 000,053,760 | ---- | M] ()
    64bit-(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -> [2006/10/18 23:33:34 | 001,513,472 | ---- | M] ()
    64bit-(CAXHWAZL) CAXHWAZL [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -> [2006/10/18 23:31:12 | 000,296,448 | ---- | M] ()
    64bit-(winachsf) winachsf [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -> [2006/10/18 23:30:10 | 000,731,648 | ---- | M] ()
    64bit-(NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\nvm60x64.sys -> [2006/10/09 22:09:03 | 000,742,696 | ---- | M] ()
    64bit-(HSFHWAZL) HSFHWAZL [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -> [2006/09/18 17:38:12 | 000,286,720 | ---- | M] ()
    64bit-(XAudio) XAudio [Kernel | Auto | Running] -> C:\Windows\SysNative\DRIVERS\xaudio64.sys -> [2006/08/05 05:42:48 | 000,009,728 | ---- | M] ()
    64bit-(HBtnKey) HBtnKey [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\cpqbttn64.sys -> [2006/06/28 12:40:00 | 000,012,672 | ---- | M] ()
    64bit-(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -> [2006/06/20 02:27:24 | 000,017,024 | ---- | M] ()
    (mpsdrv) Windows Firewall Authorization Driver [Kernel | On_Demand | Running] -> C:\Windows\SysWOW64\wbem\mpsdrv.mof -> [2007/08/14 21:44:43 | 000,001,088 | ---- | M] ()
    (CSC) Offline Files Driver [Kernel | System | Running] -> C:\Windows\CSC -> [2007/04/21 08:17:15 | 000,000,000 | ---D | M]
    (Tcpip) TCP/IP Protocol Driver [Kernel | Boot | Running] -> C:\Windows\SysWOW64\wbem\tcpip.mof -> [2006/09/18 17:36:40 | 000,003,066 | ---- | M] ()
    (mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> C:\Windows\SysWOW64\mdmxsdk.dll -> [2006/06/20 02:26:50 | 000,094,208 | ---- | M] (Conexant)
    (SNP2UVC) USB2.0 PC Camera (SNP2UVC) [Kernel | On_Demand | Running] -> C:\Windows\snp2uvc.ini -> [2006/05/19 15:39:58 | 000,015,497 | ---- | M] ()
     
    [Registry - Safe List]
    < 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
    HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop -> 
    < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
    HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.yahoo.com/ -> 
    HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com -> 
    HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm -> 
    HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com -> 
    HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.yahoo.com/ -> 
    HKEY_LOCAL_MACHINE\: Search\\"CustomSearch" -> http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html -> 
    < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
    HKEY_USERS\.DEFAULT\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll [AVG Security Toolbar BHO] -> [2009/11/25 14:01:54 | 001,230,080 | ---- | M] ()
    HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
    < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
    HKEY_USERS\S-1-5-18\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll [AVG Security Toolbar BHO] -> [2009/11/25 14:01:54 | 001,230,080 | ---- | M] ()
    HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
    < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
    < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
    < Internet Explorer Settings [HKEY_USERS\S-1-5-21-2202879018-2374627474-3343927548-1000\] > -> -> 
    HKEY_USERS\S-1-5-21-2202879018-2374627474-3343927548-1000\: Main\\"Search Page" -> http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com -> 
    HKEY_USERS\S-1-5-21-2202879018-2374627474-3343927548-1000\: Main\\"Start Page" -> http://www.yahoo.com/ -> 
    HKEY_USERS\S-1-5-21-2202879018-2374627474-3343927548-1000\: SearchURL\\"" -> http://search.alot.com/web?q=&pr=auto&client_id=6BB7F2E001C9D0C21CF7806D&src_id=11161&camp_id=508&tb_version=2.4.3.405 -> 
    HKEY_USERS\S-1-5-21-2202879018-2374627474-3343927548-1000\: "ProxyEnable" -> 0 -> 
    < FireFox Settings [Prefs.js] > -> C:\Users\Barry and Diana\AppData\Roaming\Mozilla\FireFox\Profiles\p4y5xelg.default\prefs.js -> 
    browser.search.defaultenginename -> "Yahoo! Search" ->
    browser.search.defaulturl -> "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" ->
    browser.search.selectedEngine -> "Yahoo! Search" ->
    browser.startup.homepage -> "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official" ->
    < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
    HKLM\software\mozilla\Firefox\Extensions ->  -> 
    HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71} -> C:\Program Files (x86)\AVG\AVG9\Firefox [C:\PROGRAM FILES (X86)\AVG\AVG9\FIREFOX] -> [2010/04/22 11:28:28 | 000,000,000 | ---D | M]
    HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\[email protected] [C:\PROGRAM FILES (X86)\AVG\AVG9\TOOLBAR\FIREFOX\[email protected]] -> [2009/11/14 18:15:16 | 000,000,000 | ---D | M]
    HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT] -> [2010/03/14 19:46:08 | 000,000,000 | ---D | M]
    HKLM\software\mozilla\Mozilla Firefox 2.0\extensions ->  -> 
    HKLM\software\mozilla\Mozilla Firefox 2.0\extensions\\Components -> C:\Program Files (x86)\Mozilla Firefox\components [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2010/05/04 10:24:02 | 000,000,000 | ---D | M]
    HKLM\software\mozilla\Mozilla Firefox 2.0\extensions\\Plugins -> C:\Program Files (x86)\Mozilla Firefox\plugins [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS] -> [2010/03/14 19:46:23 | 000,000,000 | ---D | M]
    < FireFox Extensions [User Folders] > -> 
      -> C:\Users\Barry and Diana\AppData\Roaming\Mozilla\Firefox\Profiles\p4y5xelg.default\extensions -> [2010/05/04 10:36:14 | 000,000,000 | ---D | M]
    Microsoft .NET Framework Assistant   -> C:\Users\Barry and Diana\AppData\Roaming\Mozilla\Firefox\Profiles\p4y5xelg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2009/10/29 11:06:30 | 000,000,000 | ---D | M]
    Google Toolbar for Firefox   -> C:\Users\Barry and Diana\AppData\Roaming\Mozilla\Firefox\Profiles\p4y5xelg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}(74) -> [2010/04/03 13:41:39 | 000,000,000 | ---D | M]
    < FireFox SearchPlugins [User Folders] > -> 
     MySpace.xml -> C:\Users\Barry and Diana\AppData\Roaming\Mozilla\Firefox\Profiles\p4y5xelg.default\searchplugins\MySpace.xml -> [2008/12/12 14:23:54 | 000,002,158 | ---- | M] ()
    < FireFox Extensions [Program Folders] > -> 
      -> C:\Program Files (x86)\Mozilla Firefox\extensions -> [2010/05/04 11:32:27 | 000,000,000 | ---D | M]
    Google Toolbar for Firefox   -> C:\Program Files (x86)\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} -> [2008/05/04 01:56:13 | 000,000,000 | ---D | M]
      -> C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] -> [2008/05/04 01:55:54 | 000,000,000 | ---D | M]
      -> C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] -> [2008/11/08 11:41:37 | 000,000,000 | ---D | M]
    Hosts file not found -> -> 
    < 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
    {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar Helper] -> [2010/02/03 00:03:29 | 000,373,872 | ---- | M] (Google Inc.)
    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg64.dll [Google Toolbar Notifier BHO] -> [2010/02/03 00:10:30 | 000,319,984 | ---- | M] (Google Inc.)
    < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
    {02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [&Yahoo! Toolbar Helper] -> [2007/09/05 17:48:58 | 000,816,400 | ---- | M] (Yahoo! Inc.)
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/23 00:08:42 | 000,062,080 | ---- | M] (Adobe Systems Incorporated)
    {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} [HKLM] -> C:\Program Files (x86)\alot\bin\alot.dll [ALOT Toolbar BHO] -> File not found
    {1E8A6170-7264-4D0F-BEAE-D42A53123C75} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    {3049C3E9-B461-4BC5-8870-4C09146192CA} [HKLM] -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> [2010/03/14 19:46:07 | 000,341,600 | ---- | M] (RealPlayer)
    {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files (x86)\AVG\AVG8\avgssie.dll [AVG Safe Search] -> File not found
    {53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
    {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> C:\Program Files (x86)\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 16:33:52 | 000,198,136 | ---- | M] (Yahoo! Inc.)
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files (x86)\Java\jre1.6.0\bin\ssv.dll [SSVHelper Class] -> [2007/04/21 10:02:00 | 000,501,384 | ---- | M] (Sun Microsystems, Inc.)
    {A3BC75A2-1F87-4686-AA43-5347D756017C} [HKLM] -> C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll [AVG Security Toolbar BHO] -> [2009/11/25 14:01:54 | 001,230,080 | ---- | M] ()
    {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar Helper] -> [2010/02/03 00:03:10 | 000,279,664 | ---- | M] (Google Inc.)
    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [Google Toolbar Notifier BHO] -> [2010/02/03 00:10:30 | 000,812,528 | ---- | M] (Google Inc.)
    < 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar] -> [2010/02/03 00:03:29 | 000,373,872 | ---- | M] (Google Inc.)
    "Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/02/03 00:03:10 | 000,279,664 | ---- | M] (Google Inc.)
    "{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7}" [HKLM] -> C:\Program Files (x86)\alot\bin\alot.dll [ALOT Toolbar] -> File not found
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll [AVG Security Toolbar] -> [2009/11/25 14:01:54 | 001,230,080 | ---- | M] ()
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> [2007/09/05 17:48:58 | 000,816,400 | ---- | M] (Yahoo! Inc.)
    "Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2202879018-2374627474-3343927548-1000\] > -> HKEY_USERS\S-1-5-21-2202879018-2374627474-3343927548-1000\Software\Microsoft\Internet Explorer\Toolbar\ -> 
    64bit-WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar] -> [2010/02/03 00:03:29 | 000,373,872 | ---- | M] (Google Inc.)
    WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/02/03 00:03:10 | 000,279,664 | ---- | M] (Google Inc.)
    WebBrowser\\"{A057A204-BACC-4D26-9990-79A187E2698E}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    < 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
    "HP Health Check Scheduler" -> C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe] -> [2008/10/09 07:58:56 | 000,075,008 | ---- | M] (Hewlett-Packard)
    "NvCplDaemon" -> C:\Windows\SysNative\NvCpl.DLL [RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup] -> [2007/01/14 01:40:00 | 009,797,120 | ---- | M] ()
    "NvMediaCenter" -> C:\Windows\SysNative\NvMcTray.DLL [RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit] -> [2007/01/14 01:40:00 | 000,073,728 | ---- | M] ()
    "NvSvc" -> C:\Windows\SysNative\nvsvc64.DLL [RUNDLL32.EXE C:\Windows\system32\nvsvc64.dll,nvsvcStart] -> [2007/01/14 01:40:00 | 000,057,344 | ---- | M] ()
    "snp2uvc" -> C:\Windows\vsnp2uvc.exe [C:\Windows\vsnp2uvc.exe] -> [2008/08/01 20:10:54 | 000,675,840 | ---- | M] (Sonix)
    "Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe [%ProgramFiles%\Windows Defender\MSASCui.exe -hide] -> [2008/01/19 04:07:02 | 001,584,184 | ---- | M] (Microsoft Corporation)
    < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
    "Adobe Reader Speed Launcher" -> C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe ["C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> [2008/10/15 02:04:34 | 000,039,792 | ---- | M] (Adobe Systems Incorporated)
    "AVG9_TRAY" -> C:\Program Files (x86)\AVG\AVG9\avgtray.exe [C:\PROGRA~2\AVG\AVG9\avgtray.exe] -> [2010/04/22 09:58:02 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.)
    "HP Health Check Scheduler" -> c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe] -> [2008/10/09 07:58:56 | 000,075,008 | ---- | M] (Hewlett-Packard)
    "TkBellExe" -> C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe ["C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe"  -osboot] -> [2010/03/14 19:44:23 | 000,202,256 | ---- | M] (RealNetworks, Inc.)
    < RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 
    "Launcher" -> C:\Windows\SMINST\Launcher.exe [%WINDIR%\SMINST\launcher.exe] -> [2006/11/07 20:39:18 | 000,044,128 | ---- | M] (soft thinks)
    "Malwarebytes' Anti-Malware" -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe ["C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent] -> [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation)
    < Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
    "MySpaceIM" -> C:\Program Files (x86)\MySpace\IM\MySpaceIM.exe [C:\Program Files (x86)\MySpace\IM\MySpaceIM.exe] -> File not found
    < Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
    "MySpaceIM" -> C:\Program Files (x86)\MySpace\IM\MySpaceIM.exe [C:\Program Files (x86)\MySpace\IM\MySpaceIM.exe] -> File not found
    < Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
    "Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> [2008/01/19 03:33:30 | 001,233,920 | ---- | M] (Microsoft Corporation)
    "WindowsWelcomeCenter" -> C:\Windows\SysWow64\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2008/01/19 03:36:02 | 002,153,472 | ---- | M] (Microsoft Corporation)
    < Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
    "Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> [2008/01/19 03:33:30 | 001,233,920 | ---- | M] (Microsoft Corporation)
    "WindowsWelcomeCenter" -> C:\Windows\SysWow64\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2008/01/19 03:36:02 | 002,153,472 | ---- | M] (Microsoft Corporation)
    < Run [HKEY_USERS\S-1-5-21-2202879018-2374627474-3343927548-1000\] > -> HKEY_USERS\S-1-5-21-2202879018-2374627474-3343927548-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
    "SpybotSD TeaTimer" -> C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe] -> [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.)
    "swg" -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ["C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"] -> [2009/02/21 11:03:29 | 000,039,408 | ---- | M] (Google Inc.)
    "WMPNSCFG" -> C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe] -> File not found
    "YSearchProtection" -> C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe [C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe] -> [2007/06/08 10:59:38 | 000,224,248 | ---- | M] (Yahoo! Inc.)
    < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoActiveDesktop" ->  [1] -> File not found
    < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
    \\"ConsentPromptBehaviorAdmin" ->  [0] -> File not found
    \\"EnableLUA" ->  [0] -> File not found
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
    < 64bit-Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
    {CCA281CA-C863-46ef-9331-5C8D4460577F}:C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [HKLM] -> C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [Button: @btrez.dll,-4015] -> [2006/10/26 19:28:50 | 000,005,601 | ---- | M] ()
    {CCA281CA-C863-46ef-9331-5C8D4460577F}:C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [HKLM] -> C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [Menu: @btrez.dll,-12650] -> [2006/10/26 19:28:50 | 000,005,601 | ---- | M] ()
    < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} [HKLM] -> C:\Program Files (x86)\Java\jre1.6.0\bin\ssv.dll [Menu: Sun Java Console] -> [2007/04/21 10:02:00 | 000,501,384 | ---- | M] (Sun Microsystems, Inc.)
    {2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2009/02/26 19:45:52 | 000,603,040 | ---- | M] (Microsoft Corporation)
    {2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2009/02/26 19:45:52 | 000,603,040 | ---- | M] (Microsoft Corporation)
    {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> C:\Program Files (x86)\Yahoo!\Common\yiesrvc.dll [Button: Yahoo! Services] -> [2006/10/31 16:33:52 | 000,198,136 | ---- | M] (Yahoo! Inc.)
    {CCA281CA-C863-46ef-9331-5C8D4460577F}:C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [HKLM] -> C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [Button: Send To Bluetooth] -> [2006/10/26 19:28:50 | 000,005,601 | ---- | M] ()
    {CCA281CA-C863-46ef-9331-5C8D4460577F}:C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [HKLM] -> C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [Menu: Send to &Bluetooth Device...] -> [2006/10/26 19:28:50 | 000,005,601 | ---- | M] ()
    {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
    < 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
    "" -> http://
    < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
    "" -> http://
    < 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7001 domain(s) found. -> 
    < 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
    < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7001 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
    < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7001 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
    < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7001 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
    < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
    < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
    < Trusted Sites Domains [HKEY_USERS\S-1-5-21-2202879018-2374627474-3343927548-1000\] > -> HKEY_USERS\S-1-5-21-2202879018-2374627474-3343927548-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\S-1-5-21-2202879018-2374627474-3343927548-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7001 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2202879018-2374627474-3343927548-1000\] > -> HKEY_USERS\S-1-5-21-2202879018-2374627474-3343927548-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\S-1-5-21-2202879018-2374627474-3343927548-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
    < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
    {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} [HKLM] -> C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll [Installation Support] -> 
    {49232000-16E4-426C-A231-62846947304B} [HKLM] -> https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab [SysData Class] -> 
    {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} [HKLM] -> http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab [GMNRev Class] -> 
    {8100D56A-5661-482C-BEE8-AFECE305D968} [HKLM] -> http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab [Facebook Photo Uploader 5 Control] -> 
    {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab [Java Plug-in 1.6.0] -> 
    {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab [Reg Error: Key error.] -> 
    {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab [Java Plug-in 1.6.0] -> 
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab [Java Plug-in 1.6.0] -> 
    < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
    DhcpNameServer -> 209.18.47.61 209.18.47.62 -> 
    < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
    {A7D96788-74DB-414B-831C-B99B3DF95ECD}\\DhcpNameServer -> 209.18.47.61 209.18.47.62   (Broadcom 802.11a/b/g WLAN) -> 
    IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
    "MaxScriptStatements" -> Reg Error: Invalid data type.
    "Use My Stylesheet" -> Reg Error: Invalid data type.
    < 64bit-AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
    64bit-*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
    avgrssta.dll -> C:\Windows\SysNative\avgrssta.dll -> [2010/03/13 10:04:04 | 000,012,976 | ---- | M] ()
    *MultiFile Done* -> -> 
    < 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
    64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
    explorer.exe -> C:\Windows\explorer.exe -> [2008/10/29 02:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> -> 
    < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
    *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
    explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> -> 
    < Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
    {8FA30D23-AEB0-4958-85B0-75A46499AE59} -> lport=6004 | profile=private | protocol=17 | dir=in | action=allow | name=microsoft office outlook | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
    < Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
    {068F0BD6-7B0E-438E-9E47-2029B227F551} -> profile=public | dir=in | action=allow | name=avgupd.exe | app=c:\program files (x86)\avg\avg8\avgupd.exe | 
    {185835CE-99FF-4534-A0E5-1B5E15074B8C} -> profile=private | dir=in | action=allow | name=avgnsa.exe | app=c:\program files (x86)\avg\avg9\avgnsa.exe | 
    {1EF881D3-AB9C-433C-93C3-B57E7375C22B} -> profile=public | protocol=17 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
    {24AEE4C8-21D8-4355-986C-C4B7E591FF10} -> dir=in | action=allow | name=quick play | app=c:\program files (x86)\hp\quickplay\qp.exe | 
    {2FA44839-7685-4B26-9408-D18CEBDFE0ED} -> dir=in | action=allow | name=myspaceim | app=c:\program files (x86)\myspace\im\myspaceim.exe | 
    {3ACD4DF9-A81C-4CA0-BC49-6AC02D288A75} -> profile=public | protocol=17 | dir=in | action=allow | name=yahoo! ft server | app=c:\program files (x86)\yahoo!\messenger\yserver.exe | 
    {409ADC6D-BC1C-49D4-A181-0499C20B7BE9} -> profile=public | protocol=17 | dir=in | action=allow | name=yahoo! messenger | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
    {61AF1129-6179-43B1-BD4E-2FF882F311BB} -> profile=public | protocol=6 | dir=in | action=allow | name=norton removal tool | app=c:\users\barry and diana\appdata\local\temp\7zsb7ca.tmp\symnrt.exe | 
    {7716C6C4-D3C2-4D8A-B897-06CDC8C95F4C} -> profile=public | protocol=6 | dir=in | action=allow | name=yahoo! ft server | app=c:\program files (x86)\yahoo!\messenger\yserver.exe | 
    {8B29F285-0E33-4FF2-B84C-4DE6F0A930E0} -> profile=private | protocol=6 | dir=in | action=allow | name=norton removal tool | app=c:\users\barry and diana\appdata\local\temp\7zs281a.tmp\symnrt.exe | 
    {9DE5E60F-A766-4581-9DA9-55E7A5A39A96} -> profile=public | protocol=6 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
    {BBA3DFF8-1CCE-4B4F-9935-B26A96EBD9E0} -> dir=in | action=allow | name=quick play resident program | app=c:\program files (x86)\hp\quickplay\qpservice.exe | 
    {BE09D85A-74D2-4C1C-B245-173DB8DD0397} -> profile=private | protocol=17 | dir=in | action=allow | name=norton removal tool | app=c:\users\barry and diana\appdata\local\temp\7zs281a.tmp\symnrt.exe | 
    {D6FF2512-3AC8-4337-AA51-A4BC24BBAAF6} -> profile=public | protocol=6 | dir=in | action=allow | name=yahoo! messenger | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
    {E24328FB-C15D-4508-A0FA-999EB864B8A3} -> profile=public | protocol=17 | dir=in | action=allow | name=norton removal tool | app=c:\users\barry and diana\appdata\local\temp\7zsb7ca.tmp\symnrt.exe | 
    TCP Query User{662F1000-EAEA-469D-B1DE-1D1D1BCB3A17}C:\program files (x86)\hp games\wheel of fortune\wheel of fortune.exe -> profile=public | protocol=6 | dir=in | action=allow | name=wheel of fortune | app=c:\program files (x86)\hp games\wheel of fortune\wheel of fortune.exe | 
    TCP Query User{B2C657D5-F467-4758-9D84-926E25056E48}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe -> profile=private | protocol=6 | dir=in | action=block | name=yahoo! messenger | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
    UDP Query User{D80F8D96-C299-4A74-B341-82FF49E089CD}C:\program files (x86)\hp games\wheel of fortune\wheel of fortune.exe -> profile=public | protocol=17 | dir=in | action=allow | name=wheel of fortune | app=c:\program files (x86)\hp games\wheel of fortune\wheel of fortune.exe | 
    UDP Query User{F39E125D-1D2E-4AEE-BFAB-05BF5EAAE655}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe -> profile=private | protocol=17 | dir=in | action=block | name=yahoo! messenger | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
    < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
    < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
    "AutoRun" -> 1 -> 
    "DisplayName" -> CD-ROM Driver -> 
    "ImagePath" -> C:\Windows\SysNative\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/01/19 02:29:04 | 000,079,872 | ---- | M] ()
    < Drives with AutoRun files > ->  -> 
    D:\AUTOMODE [@echo off | IF EXIST C:\ST_RP\MANUALMODE ECHO MANUAL BATCH MODE ALREADY SET ! | IF NOT EXIST C:\ST_RP\MANUALMODE ECHO SET TO MANUAL BATCH EXECUTION ! | IF NOT EXIST C:\ST_RP\MANUALMODE IF EXIST C:\ST_RP\AUTOMODE DEL C:\ST_RP\AUTOMODE /F > NUL | IF NOT EXIST C:\ST_RP\MANUALMODE COPY C:\ST_RP\SET_AUTO_MODE.CMD C:\ST_RP\MANUALMODE > NUL | ECHO. | ] -> D:\AUTOMODE [ NTFS ] -> [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] ()
    < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
    < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
    64bit-comfile [open] -> "%1" %* -> File not found
    64bit-exefile [open] -> "%1" %* -> File not found
    comfile [open] -> "%1" %* -> 
    exefile [open] -> "%1" %* -> 
    < 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
    .com [@ = comfile] -> "%1" %* -> 
    .exe [@ = exefile] -> "%1" %* -> 
    < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
    .com [@ = comfile] -> "%1" %* -> 
    .exe [@ = exefile] -> "%1" %* -> 
     
     
    [Files/Folders - Created Within 30 Days]
     OTS.exe -> C:\Users\Barry and Diana\Desktop\OTS.exe -> [2010/05/05 11:57:53 | 000,640,000 | ---- | C] (OldTimer Tools)
     Norton_Removal_Tool.exe -> C:\Users\Barry and Diana\Desktop\Norton_Removal_Tool.exe -> [2010/05/04 11:29:05 | 000,854,064 | ---- | C] (Symantec Corporation)
     Sun -> C:\Windows\Sun -> [2010/05/04 10:21:35 | 000,000,000 | ---D | C]
     Trend Micro -> C:\Program Files (x86)\Trend Micro -> [2010/04/22 12:28:03 | 000,000,000 | ---D | C]
     HJTsetup.exe -> C:\Users\Barry and Diana\Desktop\HJTsetup.exe -> [2010/04/22 12:27:50 | 000,812,344 | ---- | C] (Trend Micro Inc.)
     AVG8 -> C:\Users\Barry and Diana\AppData\Roaming\AVG8 -> [2010/04/21 13:50:51 | 000,000,000 | ---D | C]
     SWF Studio -> C:\Program Files (x86)\Common Files\SWF Studio -> [2010/04/21 13:29:48 | 000,000,000 | ---D | C]
     Config.Msi -> C:\Config.Msi -> [2010/04/15 03:12:31 | 000,000,000 | -HSD | C]
     vbscript.dll -> C:\Windows\SysWow64\vbscript.dll -> [2010/04/14 07:23:55 | 000,420,352 | ---- | C] (Microsoft Corporation)
     l3codeca.acm -> C:\Windows\SysWow64\l3codeca.acm -> [2010/04/14 07:23:40 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS)
     cabview.dll -> C:\Windows\SysWow64\cabview.dll -> [2010/04/14 07:21:17 | 000,098,304 | ---- | C] (Microsoft Corporation)
     wintrust.dll -> C:\Windows\SysWow64\wintrust.dll -> [2010/04/14 07:21:12 | 000,171,520 | ---- | C] (Microsoft Corporation)
     
    [Files/Folders - Modified Within 30 Days]
     ntuser.dat -> C:\Users\Barry and Diana\ntuser.dat -> [2010/05/05 11:58:35 | 007,602,176 | -HS- | M] ()
     OTS.exe -> C:\Users\Barry and Diana\Desktop\OTS.exe -> [2010/05/05 11:57:56 | 000,640,000 | ---- | M] (OldTimer Tools)
     7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2010/05/05 11:37:37 | 000,003,168 | -H-- | M] ()
     7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2010/05/05 11:37:37 | 000,003,168 | -H-- | M] ()
     GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2010/05/05 11:29:00 | 000,000,898 | ---- | M] ()
     incavi.avm -> C:\Windows\SysNative\drivers\Avg\incavi.avm -> [2010/05/05 09:09:52 | 059,590,935 | ---- | M] ()
     GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2010/05/05 00:29:00 | 000,000,894 | ---- | M] ()
     User_Feed_Synchronization-{49483BE6-4234-4767-9DC1-FE066E7CB619}.job -> C:\Windows\tasks\User_Feed_Synchronization-{49483BE6-4234-4767-9DC1-FE066E7CB619}.job -> [2010/05/04 19:57:59 | 000,000,438 | -H-- | M] ()
     nvModes.dat -> C:\Users\Barry and Diana\AppData\Roaming\nvModes.dat -> [2010/05/04 19:37:27 | 000,033,321 | ---- | M] ()
     nvModes.001 -> C:\Users\Barry and Diana\AppData\Roaming\nvModes.001 -> [2010/05/04 19:37:27 | 000,033,321 | ---- | M] ()
     bootstat.dat -> C:\Windows\bootstat.dat -> [2010/05/04 19:37:11 | 000,067,584 | --S- | M] ()
     PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2010/05/04 11:37:28 | 000,690,960 | ---- | M] ()
     perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2010/05/04 11:37:28 | 000,595,684 | ---- | M] ()
     perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2010/05/04 11:37:28 | 000,101,350 | ---- | M] ()
     hpqp.ini -> C:\Users\Public\Documents\hpqp.ini -> [2010/05/04 11:32:34 | 000,000,152 | ---- | M] ()
     SA.DAT -> C:\Windows\tasks\SA.DAT -> [2010/05/04 11:31:38 | 000,000,006 | -H-- | M] ()
     hiberfil.sys -> C:\hiberfil.sys -> [2010/05/04 11:31:26 | 2078,916,608 | -HS- | M] ()
     bthservsdp.dat -> C:\Windows\bthservsdp.dat -> [2010/05/04 11:30:23 | 000,000,012 | ---- | M] ()
     ntuser.dat{29a92851-3eb8-11df-b45f-001a6b7de373}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Barry and Diana\ntuser.dat{29a92851-3eb8-11df-b45f-001a6b7de373}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/04 11:30:19 | 000,524,288 | -HS- | M] ()
     ntuser.dat{29a92851-3eb8-11df-b45f-001a6b7de373}.TM.blf -> C:\Users\Barry and Diana\ntuser.dat{29a92851-3eb8-11df-b45f-001a6b7de373}.TM.blf -> [2010/05/04 11:30:19 | 000,065,536 | -HS- | M] ()
     IconCache.db -> C:\Users\Barry and Diana\AppData\Local\IconCache.db -> [2010/05/04 11:30:17 | 003,525,703 | -H-- | M] ()
     Norton_Removal_Tool.exe -> C:\Users\Barry and Diana\Desktop\Norton_Removal_Tool.exe -> [2010/05/04 11:29:03 | 000,854,064 | ---- | M] (Symantec Corporation)
     FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2010/05/02 15:05:41 | 000,445,152 | ---- | M] ()
     mbamswissarmy.sys -> C:\Windows\SysWow64\drivers\mbamswissarmy.sys -> [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation)
     mbam.sys -> C:\Windows\SysNative\drivers\mbam.sys -> [2010/04/29 15:39:28 | 000,024,664 | ---- | M] ()
     Google Chrome.lnk -> C:\Users\Public\Desktop\Google Chrome.lnk -> [2010/04/29 03:30:00 | 000,002,025 | ---- | M] ()
     HPCeeScheduleForBarry and Diana.job -> C:\Windows\tasks\HPCeeScheduleForBarry and Diana.job -> [2010/04/28 03:25:59 | 000,000,374 | ---- | M] ()
     request.gzip -> C:\Windows\SysWow64\request.gzip -> [2010/04/25 14:47:11 | 000,001,130 | ---- | M] ()
     responseBody.xml -> C:\Windows\SysWow64\responseBody.xml -> [2010/04/25 14:47:11 | 000,000,134 | ---- | M] ()
     requestBody.xml -> C:\Windows\SysWow64\requestBody.xml -> [2010/04/25 14:47:10 | 000,002,650 | ---- | M] ()
     Resident Shield report April 23 2010.csv -> C:\Users\Barry and Diana\Documents\Resident Shield report April 23 2010.csv -> [2010/04/23 11:14:16 | 000,013,412 | ---- | M] ()
     hosts.20100428-165731.backup -> C:\Windows\SysNative\drivers\etc\hosts.20100428-165731.backup -> [2010/04/23 07:52:59 | 000,392,729 | R--- | M] ()
     HijackThis.lnk -> C:\Users\Barry and Diana\Desktop\HijackThis.lnk -> [2010/04/22 12:28:04 | 000,001,928 | ---- | M] ()
     HJTsetup.exe -> C:\Users\Barry and Diana\Desktop\HJTsetup.exe -> [2010/04/22 12:27:49 | 000,812,344 | ---- | M] (Trend Micro Inc.)
     avgtdia.sys -> C:\Windows\SysNative\drivers\avgtdia.sys -> [2010/04/22 09:57:56 | 000,317,520 | ---- | M] ()
     hosts.20100423-075259.backup -> C:\Windows\SysNative\drivers\etc\hosts.20100423-075259.backup -> [2010/04/20 13:02:09 | 000,391,971 | R--- | M] ()
     Letter to Bill Shreve of Rotary 2.doc -> C:\Users\Barry and Diana\Documents\Letter to Bill Shreve of Rotary 2.doc -> [2010/04/16 15:13:13 | 000,029,696 | ---- | M] ()
     Spybot - Search & Destroy.lnk -> C:\Users\Barry and Diana\Desktop\Spybot - Search & Destroy.lnk -> [2010/04/08 12:10:58 | 000,001,097 | ---- | M] ()
     
    [Files - No Company Name]
     IconCache.db -> C:\Users\Barry and Diana\AppData\Local\IconCache.db -> [2010/04/28 03:22:02 | 003,525,703 | -H-- | C] ()
     HPCeeScheduleForBarry and Diana.job -> C:\Windows\tasks\HPCeeScheduleForBarry and Diana.job -> [2010/04/25 14:46:41 | 000,000,374 | ---- | C] ()
     Resident Shield report April 23 2010.csv -> C:\Users\Barry and Diana\Documents\Resident Shield report April 23 2010.csv -> [2010/04/23 11:12:31 | 000,013,412 | ---- | C] ()
     hiberfil.sys -> C:\hiberfil.sys -> [2010/04/22 23:34:21 | 2078,916,608 | -HS- | C] ()
     HijackThis.lnk -> C:\Users\Barry and Diana\Desktop\HijackThis.lnk -> [2010/04/22 12:28:04 | 000,001,928 | ---- | C] ()
     responseBody.xml -> C:\Windows\SysWow64\responseBody.xml -> [2010/04/18 14:30:12 | 000,000,134 | ---- | C] ()
     requestBody.xml -> C:\Windows\SysWow64\requestBody.xml -> [2010/04/18 14:30:11 | 000,002,650 | ---- | C] ()
     request.gzip -> C:\Windows\SysWow64\request.gzip -> [2010/04/18 14:30:11 | 000,001,130 | ---- | C] ()
     mbam.sys -> C:\Windows\SysNative\drivers\mbam.sys -> [2010/04/17 09:00:28 | 000,024,664 | ---- | C] ()
     Letter to Bill Shreve of Rotary 2.doc -> C:\Users\Barry and Diana\Documents\Letter to Bill Shreve of Rotary 2.doc -> [2010/04/16 15:13:11 | 000,029,696 | ---- | C] ()
     ntoskrnl.exe -> C:\Windows\SysNative\ntoskrnl.exe -> [2010/04/14 07:24:01 | 004,690,832 | ---- | C] ()
     vbscript.dll -> C:\Windows\SysNative\vbscript.dll -> [2010/04/14 07:23:55 | 000,612,864 | ---- | C] ()
     l3codeca.acm -> C:\Windows\SysNative\l3codeca.acm -> [2010/04/14 07:23:40 | 000,072,192 | ---- | C] ()
     cabview.dll -> C:\Windows\SysNative\cabview.dll -> [2010/04/14 07:21:17 | 000,104,960 | ---- | C] ()
     wintrust.dll -> C:\Windows\SysNative\wintrust.dll -> [2010/04/14 07:21:12 | 000,218,112 | ---- | C] ()
     Spybot - Search & Destroy.lnk -> C:\Users\Barry and Diana\Desktop\Spybot - Search & Destroy.lnk -> [2010/04/08 12:10:58 | 000,001,097 | ---- | C] ()
     hptcpmon.ini -> C:\Windows\SysWow64\hptcpmon.ini -> [2009/01/19 13:31:41 | 000,003,399 | R--- | C] ()
     agissi.dll -> C:\Windows\SysWow64\agissi.dll -> [2009/01/19 13:31:21 | 000,749,568 | R--- | C] ()
     zhhp_res.dll -> C:\Windows\SysWow64\zhhp_res.dll -> [2009/01/19 13:31:13 | 011,194,368 | R--- | C] ()
     vshp2600.dll -> C:\Windows\SysWow64\vshp2600.dll -> [2009/01/19 13:31:12 | 000,114,688 | R--- | C] ()
     hpntwksetup.ini -> C:\Windows\hpntwksetup.ini -> [2009/01/19 13:30:04 | 000,000,579 | ---- | C] ()
     msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2008/09/14 21:10:41 | 000,368,640 | ---- | C] ()
     tcpmon.ini -> C:\Windows\SysWow64\tcpmon.ini -> [2008/09/14 21:09:34 | 000,060,124 | ---- | C] ()
     px.ini -> C:\Windows\SysWow64\px.ini -> [2007/02/27 16:43:02 | 000,000,000 | ---- | C] ()
     CddbPlaylist2Roxio.dll -> C:\Windows\SysWow64\CddbPlaylist2Roxio.dll -> [2006/12/14 02:01:36 | 000,520,192 | ---- | C] ()
     CddbFileTaggerRoxio.dll -> C:\Windows\SysWow64\CddbFileTaggerRoxio.dll -> [2006/12/14 02:01:36 | 000,204,800 | ---- | C] ()
     GlobalUserInterface.CompositeFont -> C:\Windows\Fonts\GlobalUserInterface.CompositeFont -> [2006/11/02 11:06:34 | 000,030,808 | ---- | C] ()
     GlobalSerif.CompositeFont -> C:\Windows\Fonts\GlobalSerif.CompositeFont -> [2006/11/02 11:06:34 | 000,029,779 | ---- | C] ()
     GlobalSansSerif.CompositeFont -> C:\Windows\Fonts\GlobalSansSerif.CompositeFont -> [2006/11/02 11:06:34 | 000,026,489 | ---- | C] ()
     GlobalMonospace.CompositeFont -> C:\Windows\Fonts\GlobalMonospace.CompositeFont -> [2006/11/02 11:06:34 | 000,026,040 | ---- | C] ()
     snp2uvc.ini -> C:\Windows\snp2uvc.ini -> [2006/05/19 15:39:58 | 000,015,497 | ---- | C] ()
    < End of report >
    
     
  13. axagirl

    axagirl Thread Starter

    Joined:
    Mar 7, 2006
    Messages:
    145
    Since it looks like it didn't all get printed, I'll try to attach it.
     

    Attached Files:

    • OTS.Txt
      File size:
      109.9 KB
      Views:
      3
  14. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,451
    First Name:
    Derek
    nothing showing in teh OT log

    what problems exactly are you having now
     
  15. axagirl

    axagirl Thread Starter

    Joined:
    Mar 7, 2006
    Messages:
    145
    We've had no more problems since the April 21 date when the virus/worm infected the computer. I shut it down, booted in Safe Mode, ran AVG, MWB, and Spybot. The record of what was found is in the Resident Shield log I posted. There was a problem with a pop-up message about DEP when IE was opened for a day or so, but I reset IE to default settings and that stopped. I also changed the settings in the Resident Shield so that it stopped reporting each tracking cookie that showed up.

    I was mainly concerned b/c I didn't understand why the Windows Defender "History" had messages about "unknown" threats that were "permitted" when neither my husband nor I was aware of "permitting" anything.

    I've been keeping a close eye on everything since the problem occurred, running MWB and Spybot frequently. Yesterday, as per your advice, I ran the Kapersky, then today, the OTS; also removed the Norton AV from the computer as I was advised to do in a separate thread concerning my own laptop.

    Do you think I should mark this thread "solved"?

    Thank you SO much for all of your help!
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/918439

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice