Windows MSREMOVAL Done, but still having issues

View previous topic View next topic Go down

Windows MSREMOVAL Done, but still having issues

Post by bhuz80 on Sat 09 Apr 2011, 7:05 am

First I appreciate all the help that all of you provide, and can never say thank you enough. This morning I contracted the MSREMOVAL virus, and used the malwarebytes removal, and it worked, but I think something is still infecting my computer, as my desktop files, and wallpaper haven't come back. If anyone can help or has any suggestions I'd greatly appreciate it. Thank you.

bhuz80

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2011-04-09
Operating System : windows vista

View user profile

Back to top Go down

Re: Windows MSREMOVAL Done, but still having issues

Post by Belahzur on Sat 09 Apr 2011, 8:07 am

Hello.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Windows MSREMOVAL Done, but still having issues

Post by bhuz80 on Sat 09 Apr 2011, 8:45 am

OTL logfile created on: 4/8/2011 5:28:04 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\owner\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.21 Gb Total Space | 243.12 Gb Free Space | 84.65% Space Free | Partition Type: NTFS
Drive D: | 10.88 Gb Total Space | 1.82 Gb Free Space | 16.70% Space Free | Partition Type: NTFS

Computer Name: BRETT | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/08 17:27:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Downloads\OTL.exe
PRC - [2011/03/24 20:28:17 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/23 21:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.0.2.1\ccSvcHst.exe
PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/03/10 22:32:26 | 000,648,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/10/20 20:50:12 | 000,995,528 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
PRC - [2009/10/20 20:50:10 | 000,711,248 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
PRC - [2009/06/04 18:41:22 | 000,451,904 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2009/05/19 01:23:16 | 000,049,968 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/24 19:09:36 | 000,169,296 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
PRC - [2009/03/03 04:46:13 | 000,341,256 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2009/02/12 18:52:44 | 000,161,104 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\platformdependent\ProToolbarComm.exe
PRC - [2008/11/06 13:33:00 | 000,041,264 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2008/10/06 12:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008/08/14 07:08:59 | 000,181,584 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


========== Modules (SafeList) ==========

MOD - [2011/04/08 17:27:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Downloads\OTL.exe
MOD - [2011/03/24 18:41:57 | 000,413,112 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.0.2.1\asOEHook.dll
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2009/07/12 03:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\5.0.2.1\Microsoft.VC90.CRT\msvcr90.dll
MOD - [2009/07/12 03:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\5.0.2.1\Microsoft.VC90.CRT\msvcp90.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Norton Internet Security)
SRV - [2010/11/23 21:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\5.0.2.1\ccSvcHst.exe -- (N360)
SRV - [2009/10/20 20:50:10 | 000,711,248 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV - [2009/09/03 21:07:28 | 000,497,008 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV - [2009/09/03 20:51:40 | 000,677,128 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV - [2009/06/04 18:41:22 | 000,451,904 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2009/03/03 04:46:13 | 000,341,256 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2008/10/06 12:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/08/14 07:08:59 | 000,181,584 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe -- (Security Activity Dashboard Service)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - [2011/04/08 17:04:34 | 000,126,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/08 01:00:00 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20110408.002\navex15.sys -- (NAVEX15)
DRV - [2011/04/08 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/04/08 01:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20110408.002\naveng.sys -- (NAVENG)
DRV - [2011/03/14 14:58:33 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20110407.001\IDSvix86.sys -- (IDSVix86)
DRV - [2011/02/25 17:59:12 | 000,800,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20110309.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/12/01 00:23:59 | 000,330,360 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0500020.001\SYMTDIV.SYS -- (SYMTDIV)
DRV - [2010/11/22 23:08:31 | 000,509,560 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\system32\drivers\N360\0500020.001\SRTSP.SYS -- (SRTSP)
DRV - [2010/11/22 23:08:31 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0500020.001\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/11/17 21:59:55 | 000,652,336 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0500020.001\SYMEFA.SYS -- (SymEFA)
DRV - [2010/11/15 20:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0500020.001\Ironx86.SYS -- (SymIRON)
DRV - [2010/10/20 21:28:36 | 000,340,016 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0500020.001\SYMDS.SYS -- (SymDS)
DRV - [2010/02/17 20:17:38 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/12/04 12:39:06 | 000,230,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2009/12/04 12:38:18 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2009/12/04 12:05:06 | 001,322,680 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vsapint.sys -- (vsapint)
DRV - [2009/04/11 01:06:26 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009/04/02 19:08:54 | 000,050,192 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2009/04/02 19:08:52 | 000,050,192 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2009/04/02 19:08:48 | 000,153,104 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2009/03/03 19:12:44 | 000,080,400 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2009/03/03 19:12:40 | 000,256,528 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmwfp.sys -- (tmwfp)
DRV - [2009/03/03 19:12:40 | 000,145,424 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmlwf.sys -- (tmlwf)
DRV - [2008/06/29 10:52:26 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/06/10 14:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/06/05 12:58:42 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/04/27 14:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/01/20 22:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008/01/20 22:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2007/10/17 19:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 20:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {22181a4d-af90-4ca3-a569-faed9118d6bc}:1.2.0.1073
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5


FF - HKLM\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension [2010/01/21 21:21:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\IPSFFPlgn\ [2011/04/08 17:06:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\coFFPlgn\ [2011/04/08 17:04:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/24 20:28:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/24 20:28:20 | 000,000,000 | ---D | M]

[2010/11/20 18:14:06 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Extensions
[2009/05/31 19:57:06 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/04/08 17:13:42 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\rf4bhe3t.default\extensions
[2010/11/20 20:58:22 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\rf4bhe3t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/08 17:27:00 | 000,002,469 | ---- | M] () -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\rf4bhe3t.default\searchplugins\safesearch.xml
[2010/11/21 19:58:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/26 21:53:33 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/09/21 10:43:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/21 19:58:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/01/21 21:21:39 | 000,000,000 | ---D | M] (Trend Micro Toolbar) -- C:\PROGRAM FILES\TREND MICRO\TRENDSECURE\TISPROTOOLBAR\FIREFOXEXTENSION
[2011/04/08 17:04:02 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\COFFPLGN
[2011/04/08 17:06:35 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\IPSFFPLGN
[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.0.2.1\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.0.2.1\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.0.2.1\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} [You must be registered and logged in to see this link.] (Cisco SSL VPN Relay Loader)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.2 167.206.254.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2010e7b2-d34f-11df-8e96-001f167c653a}\Shell\AutoRun\command - "" = F:\slacker.synclauncher.exe
O33 - MountPoints2\{2010e7b2-d34f-11df-8e96-001f167c653a}\Shell\slacker\command - "" = F:\slacker.synclauncher.exe
O33 - MountPoints2\{21f04b74-411b-11de-98fb-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{21f04b74-411b-11de-98fb-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.EXE
O33 - MountPoints2\{3ed70ffd-5aa9-11de-813b-001f167c653a}\Shell\AutoRun\command - "" = G:\BACKUP\RESTORE\driver.exe
O33 - MountPoints2\{3ed70ffd-5aa9-11de-813b-001f167c653a}\Shell\open\command - "" = G:\BACKUP\RESTORE\driver.exe
O33 - MountPoints2\{456bb210-e976-11de-bc09-001f167c653a}\Shell\AutoRun\command - "" = F:\Setup_FlipShare.exe
O33 - MountPoints2\{456bb210-e976-11de-bc09-001f167c653a}\Shell\Setup FlipShare\command - "" = F:\Setup_FlipShare.exe
O33 - MountPoints2\{8387587e-9a70-11df-a53e-001f167c653a}\Shell\AutoRun\command - "" = G:\slacker.synclauncher.exe
O33 - MountPoints2\{8387587e-9a70-11df-a53e-001f167c653a}\Shell\slacker\command - "" = G:\slacker.synclauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/08 17:07:40 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\Symantec
[2011/04/08 17:04:34 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/04/08 17:04:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/04/08 17:04:34 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/04/08 17:04:18 | 000,652,336 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500020.001\SymEFA.sys
[2011/04/08 17:04:18 | 000,340,016 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500020.001\SymDS.sys
[2011/04/08 17:04:18 | 000,330,360 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500020.001\symtdiv.sys
[2011/04/08 17:04:18 | 000,295,032 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500020.001\symnets.sys
[2011/04/08 17:04:18 | 000,050,168 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500020.001\srtspx.sys
[2011/04/08 17:04:17 | 000,509,560 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500020.001\srtsp.sys
[2011/04/08 17:04:17 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500020.001\Ironx86.sys
[2011/04/08 17:04:13 | 000,106,928 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2011/04/08 17:04:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360
[2011/04/08 17:04:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0500020.001
[2011/04/08 17:04:02 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2011/04/08 17:04:02 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2011/04/08 17:03:48 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/04/08 17:00:29 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2011/04/08 16:26:51 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2011/04/08 14:22:09 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Malwarebytes
[2011/04/08 14:21:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/08 14:21:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/04/08 14:21:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/08 14:21:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/08 14:13:41 | 006,449,984 | ---- | C] (SurfRight B.V.) -- C:\Users\owner\Documents\HitmanPro35.exe
[2011/04/08 12:19:00 | 000,000,000 | ---D | C] -- C:\ProgramData\bDo06511cGgLi06511
[2011/03/22 20:48:04 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/03/22 20:48:03 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/03/13 13:31:07 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\Buster
[2011/03/10 15:26:56 | 000,000,000 | ---D | C] -- C:\Program Files\directx
[2011/03/09 22:43:20 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/03/09 22:43:20 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/03/09 22:43:20 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/03/09 22:43:20 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2010/08/25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

========== Files - Modified Within 30 Days ==========

[2011/04/08 17:22:10 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/08 17:22:09 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/08 17:07:32 | 000,000,841 | ---- | M] () -- C:\Users\owner\Desktop\Norton Installation Files.lnk
[2011/04/08 17:06:03 | 002,273,830 | ---- | M] () -- C:\Windows\System32\drivers\N360\0500020.001\Cat.DB
[2011/04/08 17:04:34 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/04/08 17:04:34 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/04/08 17:04:34 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/04/08 17:04:24 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2011/04/08 16:53:04 | 000,000,284 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2011/04/08 16:52:23 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/08 16:52:23 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/08 16:52:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/08 16:52:08 | 3149,078,528 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/08 16:46:23 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/04/08 16:34:43 | 000,249,344 | -H-- | M] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/08 16:26:51 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2011/04/08 15:29:42 | 000,007,728 | ---- | M] () -- C:\Users\owner\AppData\Local\d3d9caps.dat
[2011/04/08 14:21:40 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/08 14:13:44 | 006,449,984 | ---- | M] (SurfRight B.V.) -- C:\Users\owner\Documents\HitmanPro35.exe
[2011/04/08 12:31:54 | 000,000,328 | ---- | M] () -- C:\ProgramData\40230664
[2011/04/08 12:17:12 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{81DF0410-A309-445F-ABE2-78B65F0F3C8A}.job
[2011/04/02 14:36:10 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForowner.job
[2011/03/24 22:20:17 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\0500020.001\isolate.ini
[2011/03/23 13:31:08 | 000,608,644 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/23 13:31:08 | 000,106,114 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/15 22:15:01 | 005,511,168 | -H-- | M] () -- C:\Users\owner\Documents\Glee - Get it right (full song + lyrics).mp3
[2011/03/15 22:13:23 | 025,404,654 | -H-- | M] () -- C:\Users\owner\Documents\Glee - Get it right (full song + lyrics).mp4
[2011/03/10 15:31:48 | 000,320,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/04/08 17:05:22 | 002,273,830 | ---- | C] () -- C:\Windows\System32\drivers\N360\0500020.001\Cat.DB
[2011/04/08 17:04:34 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/04/08 17:04:34 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/04/08 17:04:24 | 000,002,129 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2011/04/08 17:04:05 | 000,007,877 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500020.001\symnetv.cat
[2011/04/08 17:04:05 | 000,007,528 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500020.001\iron.cat
[2011/04/08 17:04:05 | 000,007,458 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500020.001\SymNet.cat
[2011/04/08 17:04:05 | 000,007,456 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500020.001\SymEFA.cat
[2011/04/08 17:04:05 | 000,007,454 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500020.001\srtspx.cat
[2011/04/08 17:04:05 | 000,007,450 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500020.001\SymDS.cat
[2011/04/08 17:04:05 | 000,007,450 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500020.001\srtsp.cat
[2011/04/08 17:04:05 | 000,003,374 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500020.001\SymEFA.inf
[2011/04/08 17:04:05 | 000,002,792 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500020.001\SymDS.inf
[2011/04/08 17:04:05 | 000,001,474 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500020.001\SymNetV.inf
[2011/04/08 17:04:05 | 000,001,446 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500020.001\SymNet.inf
[2011/04/08 17:04:05 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500020.001\srtspx.inf
[2011/04/08 17:04:05 | 000,001,383 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500020.001\srtsp.inf
[2011/04/08 17:04:05 | 000,000,742 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500020.001\Iron.inf
[2011/04/08 17:04:05 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\0500020.001\isolate.ini
[2011/04/08 17:00:29 | 000,000,841 | ---- | C] () -- C:\Users\owner\Desktop\Norton Installation Files.lnk
[2011/04/08 15:31:23 | 3149,078,528 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/08 14:21:40 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/08 12:31:54 | 000,000,328 | ---- | C] () -- C:\ProgramData\40230664
[2011/03/15 22:14:31 | 005,511,168 | -H-- | C] () -- C:\Users\owner\Documents\Glee - Get it right (full song + lyrics).mp3
[2011/03/15 22:13:21 | 025,404,654 | -H-- | C] () -- C:\Users\owner\Documents\Glee - Get it right (full song + lyrics).mp4
[2010/11/21 17:50:54 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2009/09/17 17:26:02 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/17 17:26:01 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/19 19:18:46 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/06/14 20:18:09 | 000,000,198 | -H-- | C] () -- C:\Users\owner\AppData\Roaming\wklnhst.dat
[2009/05/25 00:36:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/05/24 14:46:59 | 000,249,344 | -H-- | C] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/24 14:23:40 | 000,007,728 | ---- | C] () -- C:\Users\owner\AppData\Local\d3d9caps.dat
[2009/04/22 10:30:04 | 000,000,284 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2008/10/23 05:56:12 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/06 16:29:46 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1518.dll
[2008/07/06 16:14:06 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/06/29 10:52:14 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/02/19 02:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,320,072 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,608,644 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,106,114 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 05:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

< End of report >

bhuz80

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2011-04-09
Operating System : windows vista

View user profile

Back to top Go down

Re: Windows MSREMOVAL Done, but still having issues

Post by bhuz80 on Sat 09 Apr 2011, 8:46 am

OTL Extras logfile created on: 4/8/2011 5:28:04 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\owner\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.21 Gb Total Space | 243.12 Gb Free Space | 84.65% Space Free | Partition Type: NTFS
Drive D: | 10.88 Gb Total Space | 1.82 Gb Free Space | 16.70% Space Free | Partition Type: NTFS

Computer Name: BRETT | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{156C07E9-2E8D-4052-B148-8608FB350CB9}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{2D15B18B-A78A-40D3-9DCE-F11683C27295}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{3053D97C-241E-4AC5-9170-CB3FF8399023}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{3FA20132-ADC0-41B8-B627-E197734163A7}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{6488101D-70EA-4629-8042-C5282E5D84F6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{65C8DAC8-45A1-4166-9861-EC3141411376}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{83766235-776A-44E7-A9D3-8B63EA8C4A18}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8A7B20BC-B835-489B-AC3E-ABAC9E49E76C}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{952185E7-41AC-4C08-B30B-40E0372067E7}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{AD41AC96-2700-4014-AA4D-1F415F0E5E1E}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{B6C9E6C6-8994-4AC6-90CC-8BF1917082AE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BC1A7BB1-6CC4-4F0A-A1EE-D2871AD68718}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{DE097E99-4B3F-48C0-A1EA-B921E11D8FD3}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{EB8CCFCC-BD21-4CE1-A252-7EAB2EEA361D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"TCP Query User{387515B8-9C1F-4888-85C5-E16FF7D189E7}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{A7932412-F345-4918-BF10-8CB5B271D613}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{E453663B-C970-4BC1-8A15-4DDBC935B5BC}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{8D164CFA-F6B5-46EC-949A-1B9D43839B13}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{DBB875E5-06AC-42D9-95BA-C70984C86BD7}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{DFA35D2D-3901-435B-8D5D-1C1FBB9960AC}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0D3F9802-689F-9B6D-8E44-B55971F0CCBB}" = FlipShare
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.5
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 22
"{2E190C8E-682A-409D-9329-539E24C9D1C1}" = Opera 10.63
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40A594D0-1490-4979-9382-D2B764F949C6}" = BlackBerry® Media Sync
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40E12A55-C504-4223-AFAC-7672DBF1ACDE}" = Trend Micro Internet Security Pro
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security Pro
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{846DDADA-0239-4B67-A6B1-33658863793B}" = HPTCSSetup
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96384578-C6A2-4EC6-92CD-B62A60713040}" = Microsoft Live Search Toolbar
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}" = HP User Guides 0118
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM Toolbar" = AIM Toolbar
"AIM_6" = AIM 6
"Any Video Converter_is1" = Any Video Converter 3.0.1
"BlackBerry_{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HitmanPro35" = Hitman Pro 3.5
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"N360" = Norton 360
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.1.7
"WildTangent hp Master Uninstall" = My HP Games
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Smilebox" = Smilebox

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

bhuz80

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2011-04-09
Operating System : windows vista

View user profile

Back to top Go down

Re: Windows MSREMOVAL Done, but still having issues

Post by Belahzur on Sun 10 Apr 2011, 5:33 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Windows MSREMOVAL Done, but still having issues

Post by bhuz80 on Sun 10 Apr 2011, 11:50 am

Malwarebytes' Anti-Malware 1.50.1.1100
[You must be registered and logged in to see this link.]

Database version: 6319

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

4/9/2011 8:49:37 PM
mbam-log-2011-04-09 (20-49-37).txt

Scan type: Quick scan
Objects scanned: 158829
Time elapsed: 11 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

bhuz80

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2011-04-09
Operating System : windows vista

View user profile

Back to top Go down

Re: Windows MSREMOVAL Done, but still having issues

Post by Belahzur on Mon 11 Apr 2011, 1:07 am

Hello.

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com


Rename ComboFix.exe to commy.exe before you save it to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Windows MSREMOVAL Done, but still having issues

Post by bhuz80 on Mon 11 Apr 2011, 5:29 am

ComboFix 11-04-09.01 - owner 04/10/2011 13:56:41.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3002.2212 [GMT -4:00]
Running from: c:\users\owner\Documents\commy.exe
AV: Trend Micro Internet Security Pro *Disabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
SP: Trend Micro Internet Security Pro *Disabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\service
c:\windows\system32\service\01012011_TIS17_SfFniAU.log
c:\windows\system32\service\01022011_TIS17_SfFniAU.log
c:\windows\system32\service\01032010_TIS17_SfFniAU.log
c:\windows\system32\service\01072009_TIS17_SfFniAU.log
c:\windows\system32\service\01072010_TIS17_SfFniAU.log
c:\windows\system32\service\01082010_TIS17_SfFniAU.log
c:\windows\system32\service\01092009_TIS17_SfFniAU.log
c:\windows\system32\service\01092010_TIS17_SfFniAU.log
c:\windows\system32\service\01102009_TIS17_SfFniAU.log
c:\windows\system32\service\01102010_TIS17_SfFniAU.log
c:\windows\system32\service\01112009_TIS17_SfFniAU.log
c:\windows\system32\service\02012011_TIS17_SfFniAU.log
c:\windows\system32\service\02022010_TIS17_SfFniAU.log
c:\windows\system32\service\02022011_TIS17_SfFniAU.log
c:\windows\system32\service\02032011_TIS17_SfFniAU.log
c:\windows\system32\service\02042011_TIS17_SfFniAU.log
c:\windows\system32\service\02062010_TIS17_SfFniAU.log
c:\windows\system32\service\02072009_TIS17_SfFniAU.log
c:\windows\system32\service\02082009_TIS17_SfFniAU.log
c:\windows\system32\service\02092009_TIS17_SfFniAU.log
c:\windows\system32\service\02092010_TIS17_SfFniAU.log
c:\windows\system32\service\02102009_TIS17_SfFniAU.log
c:\windows\system32\service\02112010_TIS17_SfFniAU.log
c:\windows\system32\service\02122010_TIS17_SfFniAU.log
c:\windows\system32\service\03032010_TIS17_SfFniAU.log
c:\windows\system32\service\03032011_TIS17_SfFniAU.log
c:\windows\system32\service\03062010_TIS17_SfFniAU.log
c:\windows\system32\service\03072009_TIS17_SfFniAU.log
c:\windows\system32\service\03072010_TIS17_SfFniAU.log
c:\windows\system32\service\03082009_TIS17_SfFniAU.log
c:\windows\system32\service\03092009_TIS17_SfFniAU.log
c:\windows\system32\service\03092010_TIS17_SfFniAU.log
c:\windows\system32\service\03102009_TIS17_SfFniAU.log
c:\windows\system32\service\03102010_TIS17_SfFniAU.log
c:\windows\system32\service\03112009_TIS17_SfFniAU.log
c:\windows\system32\service\03122009_TIS17_SfFniAU.log
c:\windows\system32\service\04012010_TIS17_SfFniAU.log
c:\windows\system32\service\04012011_TIS17_SfFniAU.log
c:\windows\system32\service\04052010_TIS17_SfFniAU.log
c:\windows\system32\service\04062009_TIS17_SfFniAU.log
c:\windows\system32\service\04062010_TIS17_SfFniAU.log
c:\windows\system32\service\04082009_TIS17_SfFniAU.log
c:\windows\system32\service\04092009_TIS17_SfFniAU.log
c:\windows\system32\service\04092010_TIS17_SfFniAU.log
c:\windows\system32\service\04102009_TIS17_SfFniAU.log
c:\windows\system32\service\04112010_TIS17_SfFniAU.log
c:\windows\system32\service\04122009_TIS17_SfFniAU.log
c:\windows\system32\service\04122010_TIS17_SfFniAU.log
c:\windows\system32\service\05012011_TIS17_SfFniAU.log
c:\windows\system32\service\05032010_TIS17_SfFniAU.log
c:\windows\system32\service\05042010_TIS17_SfFniAU.log
c:\windows\system32\service\05062009_TIS17_SfFniAU.log
c:\windows\system32\service\05072010_TIS17_SfFniAU.log
c:\windows\system32\service\05082009_TIS17_SfFniAU.log
c:\windows\system32\service\05092010_TIS17_SfFniAU.log
c:\windows\system32\service\05112009_TIS17_SfFniAU.log
c:\windows\system32\service\06012010_TIS17_SfFniAU.log
c:\windows\system32\service\06012011_TIS17_SfFniAU.log
c:\windows\system32\service\06022010_TIS17_SfFniAU.log
c:\windows\system32\service\06042011_TIS17_SfFniAU.log
c:\windows\system32\service\06062010_TIS17_SfFniAU.log
c:\windows\system32\service\06072009_TIS17_SfFniAU.log
c:\windows\system32\service\06082010_TIS17_SfFniAU.log
c:\windows\system32\service\06092009_TIS17_SfFniAU.log
c:\windows\system32\service\06102010_TIS17_SfFniAU.log
c:\windows\system32\service\06112009_TIS17_SfFniAU.log
c:\windows\system32\service\06122010_TIS17_SfFniAU.log
c:\windows\system32\service\07012011_TIS17_SfFniAU.log
c:\windows\system32\service\07022011_TIS17_SfFniAU.log
c:\windows\system32\service\07042011_TIS17_SfFniAU.log
c:\windows\system32\service\07052010_TIS17_SfFniAU.log
c:\windows\system32\service\07062009_TIS17_SfFniAU.log
c:\windows\system32\service\07062010_TIS17_SfFniAU.log
c:\windows\system32\service\07072009_TIS17_SfFniAU.log
c:\windows\system32\service\07082009_TIS17_SfFniAU.log
c:\windows\system32\service\07082010_TIS17_SfFniAU.log
c:\windows\system32\service\07092009_TIS17_SfFniAU.log
c:\windows\system32\service\07092010_TIS17_SfFniAU.log
c:\windows\system32\service\07102009_TIS17_SfFniAU.log
c:\windows\system32\service\07112009_TIS17_SfFniAU.log
c:\windows\system32\service\07112010_TIS17_SfFniAU.log
c:\windows\system32\service\07122010_TIS17_SfFniAU.log
c:\windows\system32\service\08032010_TIS17_SfFniAU.log
c:\windows\system32\service\08032011_TIS17_SfFniAU.log
c:\windows\system32\service\08042010_TIS17_SfFniAU.log
c:\windows\system32\service\08042011_TIS17_SfFniAU.log
c:\windows\system32\service\08052010_TIS17_SfFniAU.log
c:\windows\system32\service\08062009_TIS17_SfFniAU.log
c:\windows\system32\service\08072009_TIS17_SfFniAU.log
c:\windows\system32\service\08082009_TIS17_SfFniAU.log
c:\windows\system32\service\08082010_TIS17_SfFniAU.log
c:\windows\system32\service\08092009_TIS17_SfFniAU.log
c:\windows\system32\service\08112010_TIS17_SfFniAU.log
c:\windows\system32\service\08122010_TIS17_SfFniAU.log
c:\windows\system32\service\09012011_TIS17_SfFniAU.log
c:\windows\system32\service\09032011_TIS17_SfFniAU.log
c:\windows\system32\service\09042010_TIS17_SfFniAU.log
c:\windows\system32\service\09062009_TIS17_SfFniAU.log
c:\windows\system32\service\09062010_TIS17_SfFniAU.log
c:\windows\system32\service\09082009_TIS17_SfFniAU.log
c:\windows\system32\service\09082010_TIS17_SfFniAU.log
c:\windows\system32\service\09102009_TIS17_SfFniAU.log
c:\windows\system32\service\09102010_TIS17_SfFniAU.log
c:\windows\system32\service\09122009_TIS17_SfFniAU.log
c:\windows\system32\service\10022010_TIS17_SfFniAU.log
c:\windows\system32\service\10022011_TIS17_SfFniAU.log
c:\windows\system32\service\10032010_TIS17_SfFniAU.log
c:\windows\system32\service\10032011_TIS17_SfFniAU.log
c:\windows\system32\service\10062009_TIS17_SfFniAU.log
c:\windows\system32\service\10062010_TIS17_SfFniAU.log
c:\windows\system32\service\10072009_TIS17_SfFniAU.log
c:\windows\system32\service\10072010_TIS17_SfFniAU.log
c:\windows\system32\service\10082009_TIS17_SfFniAU.log
c:\windows\system32\service\10082010_TIS17_SfFniAU.log
c:\windows\system32\service\10112009_TIS17_SfFniAU.log
c:\windows\system32\service\10122009_TIS17_SfFniAU.log
c:\windows\system32\service\10122010_TIS17_SfFniAU.log
c:\windows\system32\service\11012011_TIS17_SfFniAU.log
c:\windows\system32\service\11022010_TIS17_SfFniAU.log
c:\windows\system32\service\11022011_TIS17_SfFniAU.log
c:\windows\system32\service\11032010_TIS17_SfFniAU.log
c:\windows\system32\service\11032011_TIS17_SfFniAU.log
c:\windows\system32\service\11042010_TIS17_SfFniAU.log
c:\windows\system32\service\11062009_TIS17_SfFniAU.log
c:\windows\system32\service\11072009_TIS17_SfFniAU.log
c:\windows\system32\service\11072010_TIS17_SfFniAU.log
c:\windows\system32\service\11082009_TIS17_SfFniAU.log
c:\windows\system32\service\11092010_TIS17_SfFniAU.log
c:\windows\system32\service\11102009_TIS17_SfFniAU.log
c:\windows\system32\service\11112009_TIS17_SfFniAU.log
c:\windows\system32\service\11122009_TIS17_SfFniAU.log
c:\windows\system32\service\11122010_TIS17_SfFniAU.log
c:\windows\system32\service\12012011_TIS17_SfFniAU.log
c:\windows\system32\service\12022010_TIS17_SfFniAU.log
c:\windows\system32\service\12022011_TIS17_SfFniAU.log
c:\windows\system32\service\12032010_TIS17_SfFniAU.log
c:\windows\system32\service\12052010_TIS17_SfFniAU.log
c:\windows\system32\service\12062009_TIS17_SfFniAU.log
c:\windows\system32\service\12072009_TIS17_SfFniAU.log
c:\windows\system32\service\12082009_TIS17_SfFniAU.log
c:\windows\system32\service\12102009_TIS17_SfFniAU.log
c:\windows\system32\service\12112009_TIS17_SfFniAU.log
c:\windows\system32\service\12112010_TIS17_SfFniAU.log
c:\windows\system32\service\12122009_TIS17_SfFniAU.log
c:\windows\system32\service\12122010_TIS17_SfFniAU.log
c:\windows\system32\service\13012010_TIS17_SfFniAU.log
c:\windows\system32\service\13012011_TIS17_SfFniAU.log
c:\windows\system32\service\13042010_TIS17_SfFniAU.log
c:\windows\system32\service\13062010_TIS17_SfFniAU.log
c:\windows\system32\service\13072009_TIS17_SfFniAU.log
c:\windows\system32\service\13072010_TIS17_SfFniAU.log
c:\windows\system32\service\13082010_TIS17_SfFniAU.log
c:\windows\system32\service\13112010_TIS17_SfFniAU.log
c:\windows\system32\service\14012010_TIS17_SfFniAU.log
c:\windows\system32\service\14042010_TIS17_SfFniAU.log
c:\windows\system32\service\14062009_TIS17_SfFniAU.log
c:\windows\system32\service\14072009_TIS17_SfFniAU.log
c:\windows\system32\service\14072010_TIS17_SfFniAU.log
c:\windows\system32\service\14082010_TIS17_SfFniAU.log
c:\windows\system32\service\14092009_TIS17_SfFniAU.log
c:\windows\system32\service\14092010_TIS17_SfFniAU.log
c:\windows\system32\service\14102009_TIS17_SfFniAU.log
c:\windows\system32\service\14112009_TIS17_SfFniAU.log
c:\windows\system32\service\14122010_TIS17_SfFniAU.log
c:\windows\system32\service\15012010_TIS17_SfFniAU.log
c:\windows\system32\service\15022010_TIS17_SfFniAU.log
c:\windows\system32\service\15032010_TIS17_SfFniAU.log
c:\windows\system32\service\15042010_TIS17_SfFniAU.log
c:\windows\system32\service\15062009_TIS17_SfFniAU.log
c:\windows\system32\service\15072010_TIS17_SfFniAU.log
c:\windows\system32\service\15092009_TIS17_SfFniAU.log
c:\windows\system32\service\15122009_TIS17_SfFniAU.log
c:\windows\system32\service\16012011_TIS17_SfFniAU.log
c:\windows\system32\service\16022010_TIS17_SfFniAU.log
c:\windows\system32\service\16022011_TIS17_SfFniAU.log
c:\windows\system32\service\16032011_TIS17_SfFniAU.log
c:\windows\system32\service\16062009_TIS17_SfFniAU.log
c:\windows\system32\service\16062010_TIS17_SfFniAU.log
c:\windows\system32\service\16072010_TIS17_SfFniAU.log
c:\windows\system32\service\16092010_TIS17_SfFniAU.log
c:\windows\system32\service\16102009_TIS17_SfFniAU.log
c:\windows\system32\service\16112010_TIS17_SfFniAU.log
c:\windows\system32\service\16122009_TIS17_SfFniAU.log
c:\windows\system32\service\17012011_TIS17_SfFniAU.log
c:\windows\system32\service\17032011_TIS17_SfFniAU.log
c:\windows\system32\service\17052010_TIS17_SfFniAU.log
c:\windows\system32\service\17062009_TIS17_SfFniAU.log
c:\windows\system32\service\17062010_TIS17_SfFniAU.log
c:\windows\system32\service\17072009_TIS17_SfFniAU.log
c:\windows\system32\service\17072010_TIS17_SfFniAU.log
c:\windows\system32\service\17092009_TIS17_SfFniAU.log
c:\windows\system32\service\17122010_TIS17_SfFniAU.log
c:\windows\system32\service\18012010_TIS17_SfFniAU.log
c:\windows\system32\service\18022010_TIS17_SfFniAU.log
c:\windows\system32\service\18022011_TIS17_SfFniAU.log
c:\windows\system32\service\18032010_TIS17_SfFniAU.log
c:\windows\system32\service\18052010_TIS17_SfFniAU.log
c:\windows\system32\service\18062009_TIS17_SfFniAU.log
c:\windows\system32\service\18062010_TIS17_SfFniAU.log
c:\windows\system32\service\18072009_TIS17_SfFniAU.log
c:\windows\system32\service\18092010_TIS17_SfFniAU.log
c:\windows\system32\service\18112010_TIS17_SfFniAU.log
c:\windows\system32\service\18122009_TIS17_SfFniAU.log
c:\windows\system32\service\18122010_TIS17_SfFniAU.log
c:\windows\system32\service\19012011_TIS17_SfFniAU.log
c:\windows\system32\service\19022010_TIS17_SfFniAU.log
c:\windows\system32\service\19032010_TIS17_SfFniAU.log
c:\windows\system32\service\19032011_TIS17_SfFniAU.log
c:\windows\system32\service\19042010_TIS17_SfFniAU.log
c:\windows\system32\service\19052010_TIS17_SfFniAU.log
c:\windows\system32\service\19062009_TIS17_SfFniAU.log
c:\windows\system32\service\19062010_TIS17_SfFniAU.log
c:\windows\system32\service\19072009_TIS17_SfFniAU.log
c:\windows\system32\service\19072010_TIS17_SfFniAU.log
c:\windows\system32\service\19082009_TIS17_SfFniAU.log
c:\windows\system32\service\19092010_TIS17_SfFniAU.log
c:\windows\system32\service\19112009_TIS17_SfFniAU.log
c:\windows\system32\service\19112010_TIS17_SfFniAU.log
c:\windows\system32\service\20022011_TIS17_SfFniAU.log
c:\windows\system32\service\20032010_TIS17_SfFniAU.log
c:\windows\system32\service\20032011_TIS17_SfFniAU.log
c:\windows\system32\service\20062009_TIS17_SfFniAU.log
c:\windows\system32\service\20072010_TIS17_SfFniAU.log
c:\windows\system32\service\20082009_TIS17_SfFniAU.log
c:\windows\system32\service\20082010_TIS17_SfFniAU.log
c:\windows\system32\service\20092010_TIS17_SfFniAU.log
c:\windows\system32\service\20102009_TIS17_SfFniAU.log
c:\windows\system32\service\20112010_TIS17_SfFniAU.log
c:\windows\system32\service\20122010_TIS17_SfFniAU.log
c:\windows\system32\service\21012010_TIS17_SfFniAU.log
c:\windows\system32\service\21032010_TIS17_SfFniAU.log
c:\windows\system32\service\21032011_TIS17_SfFniAU.log
c:\windows\system32\service\21042010_TIS17_SfFniAU.log
c:\windows\system32\service\21062009_TIS17_SfFniAU.log
c:\windows\system32\service\21072009_TIS17_SfFniAU.log
c:\windows\system32\service\21072010_TIS17_SfFniAU.log
c:\windows\system32\service\21092009_TIS17_SfFniAU.log
c:\windows\system32\service\21092010_TIS17_SfFniAU.log
c:\windows\system32\service\21122009_TIS17_SfFniAU.log
c:\windows\system32\service\21122010_TIS17_SfFniAU.log
c:\windows\system32\service\22012010_TIS17_SfFniAU.log
c:\windows\system32\service\22022011_TIS17_SfFniAU.log
c:\windows\system32\service\22032010_TIS17_SfFniAU.log
c:\windows\system32\service\22032011_TIS17_SfFniAU.log
c:\windows\system32\service\22042010_TIS17_SfFniAU.log
c:\windows\system32\service\22062009_TIS17_SfFniAU.log
c:\windows\system32\service\22072009_TIS17_SfFniAU.log
c:\windows\system32\service\22082009_TIS17_SfFniAU.log
c:\windows\system32\service\22092010_TIS17_SfFniAU.log
c:\windows\system32\service\22102009_TIS17_SfFniAU.log
c:\windows\system32\service\22102010_TIS17_SfFniAU.log
c:\windows\system32\service\22112009_TIS17_SfFniAU.log
c:\windows\system32\service\22122010_TIS17_SfFniAU.log
c:\windows\system32\service\23012010_TIS17_SfFniAU.log
c:\windows\system32\service\23012011_TIS17_SfFniAU.log
c:\windows\system32\service\23032011_TIS17_SfFniAU.log
c:\windows\system32\service\23052010_TIS17_SfFniAU.log
c:\windows\system32\service\23062009_TIS17_SfFniAU.log
c:\windows\system32\service\23062010_TIS17_SfFniAU.log
c:\windows\system32\service\23072009_TIS17_SfFniAU.log
c:\windows\system32\service\23092009_TIS17_SfFniAU.log
c:\windows\system32\service\23102009_TIS17_SfFniAU.log
c:\windows\system32\service\23112009_TIS17_SfFniAU.log
c:\windows\system32\service\23122009_TIS17_SfFniAU.log
c:\windows\system32\service\24012010_TIS17_SfFniAU.log
c:\windows\system32\service\24022010_TIS17_SfFniAU.log
c:\windows\system32\service\24022011_TIS17_SfFniAU.log
c:\windows\system32\service\24052010_TIS17_SfFniAU.log
c:\windows\system32\service\24062009_TIS17_SfFniAU.log
c:\windows\system32\service\24072009_TIS17_SfFniAU.log
c:\windows\system32\service\24072010_TIS17_SfFniAU.log
c:\windows\system32\service\24082010_TIS17_SfFniAU.log
c:\windows\system32\service\24092009_TIS17_SfFniAU.log
c:\windows\system32\service\24092010_TIS17_SfFniAU.log
c:\windows\system32\service\24102009_TIS17_SfFniAU.log
c:\windows\system32\service\24102010_TIS17_SfFniAU.log
c:\windows\system32\service\24112009_TIS17_SfFniAU.log
c:\windows\system32\service\24112010_TIS17_SfFniAU.log
c:\windows\system32\service\24122009_TIS17_SfFniAU.log
c:\windows\system32\service\24122010_TIS17_SfFniAU.log
c:\windows\system32\service\25012011_TIS17_SfFniAU.log
c:\windows\system32\service\25022011_TIS17_SfFniAU.log
c:\windows\system32\service\25032010_TIS17_SfFniAU.log
c:\windows\system32\service\25032011_TIS17_SfFniAU.log
c:\windows\system32\service\25052009_TIS17_SfFniAU.log
c:\windows\system32\service\25052010_TIS17_SfFniAU.log
c:\windows\system32\service\25062009_TIS17_SfFniAU.log
c:\windows\system32\service\25072009_TIS17_SfFniAU.log
c:\windows\system32\service\25072010_TIS17_SfFniAU.log
c:\windows\system32\service\25082009_TIS17_SfFniAU.log
c:\windows\system32\service\25102009_TIS17_SfFniAU.log
c:\windows\system32\service\25102010_TIS17_SfFniAU.log
c:\windows\system32\service\25112010_TIS17_SfFniAU.log
c:\windows\system32\service\25122009_TIS17_SfFniAU.log
c:\windows\system32\service\25122010_TIS17_SfFniAU.log
c:\windows\system32\service\26012010_TIS17_SfFniAU.log
c:\windows\system32\service\26012011_TIS17_SfFniAU.log
c:\windows\system32\service\26022010_TIS17_SfFniAU.log
c:\windows\system32\service\26022011_TIS17_SfFniAU.log
c:\windows\system32\service\26032011_TIS17_SfFniAU.log
c:\windows\system32\service\26042010_TIS17_SfFniAU.log
c:\windows\system32\service\26072009_TIS17_SfFniAU.log
c:\windows\system32\service\26082010_TIS17_SfFniAU.log
c:\windows\system32\service\26102009_TIS17_SfFniAU.log
c:\windows\system32\service\26112009_TIS17_SfFniAU.log
c:\windows\system32\service\26112010_TIS17_SfFniAU.log
c:\windows\system32\service\27012010_TIS17_SfFniAU.log
c:\windows\system32\service\27022011_TIS17_SfFniAU.log
c:\windows\system32\service\27042010_TIS17_SfFniAU.log
c:\windows\system32\service\27052009_TIS17_SfFniAU.log
c:\windows\system32\service\27062009_TIS17_SfFniAU.log
c:\windows\system32\service\27062010_TIS17_SfFniAU.log
c:\windows\system32\service\27072009_TIS17_SfFniAU.log
c:\windows\system32\service\27072010_TIS17_SfFniAU.log
c:\windows\system32\service\27082009_TIS17_SfFniAU.log
c:\windows\system32\service\27092009_TIS17_SfFniAU.log
c:\windows\system32\service\27102009_TIS17_SfFniAU.log
c:\windows\system32\service\27112010_TIS17_SfFniAU.log
c:\windows\system32\service\28012011_TIS17_SfFniAU.log
c:\windows\system32\service\28022011_TIS17_SfFniAU.log
c:\windows\system32\service\28032010_TIS17_SfFniAU.log
c:\windows\system32\service\28032011_TIS17_SfFniAU.log
c:\windows\system32\service\28062009_TIS17_SfFniAU.log
c:\windows\system32\service\28062010_TIS17_SfFniAU.log
c:\windows\system32\service\28082010_TIS17_SfFniAU.log
c:\windows\system32\service\28092009_TIS17_SfFniAU.log
c:\windows\system32\service\28092010_TIS17_SfFniAU.log
c:\windows\system32\service\28102010_TIS17_SfFniAU.log
c:\windows\system32\service\28122010_TIS17_SfFniAU.log
c:\windows\system32\service\29012010_TIS17_SfFniAU.log
c:\windows\system32\service\29042010_TIS17_SfFniAU.log
c:\windows\system32\service\29062009_TIS17_SfFniAU.log
c:\windows\system32\service\29072009_TIS17_SfFniAU.log
c:\windows\system32\service\29072010_TIS17_SfFniAU.log
c:\windows\system32\service\29082010_TIS17_SfFniAU.log
c:\windows\system32\service\29092009_TIS17_SfFniAU.log
c:\windows\system32\service\29092010_TIS17_SfFniAU.log
c:\windows\system32\service\29102009_TIS17_SfFniAU.log
c:\windows\system32\service\29102010_TIS17_SfFniAU.log
c:\windows\system32\service\29112009_TIS17_SfFniAU.log
c:\windows\system32\service\29112010_TIS17_SfFniAU.log
c:\windows\system32\service\29122009_TIS17_SfFniAU.log
c:\windows\system32\service\30052009_TIS17_SfFniAU.log
c:\windows\system32\service\30062009_TIS17_SfFniAU.log
c:\windows\system32\service\30062010_TIS17_SfFniAU.log
c:\windows\system32\service\30072009_TIS17_SfFniAU.log
c:\windows\system32\service\30072010_TIS17_SfFniAU.log
c:\windows\system32\service\30092009_TIS17_SfFniAU.log
c:\windows\system32\service\30112009_TIS17_SfFniAU.log
c:\windows\system32\service\30112010_TIS17_SfFniAU.log
c:\windows\system32\service\30122009_TIS17_SfFniAU.log
c:\windows\system32\service\30122010_TIS17_SfFniAU.log
c:\windows\system32\service\31012010_TIS17_SfFniAU.log
c:\windows\system32\service\31052009_TIS17_SfFniAU.log
c:\windows\system32\service\31072009_TIS17_SfFniAU.log
c:\windows\system32\service\31072010_TIS17_SfFniAU.log
c:\windows\system32\service\31082009_TIS17_SfFniAU.log
c:\windows\system32\service\31082010_TIS17_SfFniAU.log
c:\windows\system32\service\31102010_TIS17_SfFniAU.log
c:\windows\system32\service\31122009_TIS17_SfFniAU.log
c:\windows\system32\service\31122010_TIS17_SfFniAU.log
.
Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2011-03-10 to 2011-04-10 )))))))))))))))))))))))))))))))
.
.
2011-04-10 18:12 . 2011-04-10 18:13 -------- d-----w- c:\users\owner\AppData\Local\temp
2011-04-10 18:12 . 2011-04-10 18:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-10 17:33 . 2011-04-10 17:33 -------- d-----w- c:\windows\system32\drivers\NST
2011-04-10 17:33 . 2011-04-10 17:33 -------- d-----w- c:\program files\Norton Safe Web Lite
2011-04-10 00:23 . 2011-04-10 00:23 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2011-04-08 21:03 . 2011-04-10 17:36 -------- d-----w- c:\program files\NortonInstaller
2011-04-08 20:26 . 2011-04-09 13:52 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-04-08 18:22 . 2011-04-08 18:22 -------- d-----w- c:\users\owner\AppData\Roaming\Malwarebytes
2011-04-08 18:21 . 2011-04-08 18:21 -------- d-----w- c:\programdata\Malwarebytes
2011-04-08 18:21 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-08 18:21 . 2011-04-08 18:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-08 16:28 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AEE54D8A-47A7-4501-B66A-F46B4C26E9A3}\mpengine.dll
2011-04-08 16:19 . 2011-04-08 19:16 -------- d-----w- c:\programdata\bDo06511cGgLi06511
2011-03-23 00:48 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-23 00:48 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-23 00:48 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-09 13:44 . 2010-11-21 21:50 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-02-02 22:11 . 2010-08-09 19:39 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:37 . 2011-02-10 01:42 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-10 01:42 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-10 01:42 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-10 01:42 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08 . 2011-02-10 01:42 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-10 01:42 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07 . 2011-02-10 01:42 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-10 01:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-10 01:42 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-10 01:42 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-10 01:42 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-10 01:42 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-10 01:42 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-10 01:42 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-10 01:42 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-10 01:42 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-10 01:42 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-10 01:42 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-10 01:42 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-10 01:42 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-10 01:42 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-10 01:42 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-10 01:42 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-10 01:42 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-10 01:42 683008 ----a-w- c:\windows\system32\d2d1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-09-30 972080]
"Sidebar"="c:\program files\Windows Sidebar\Sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-10-21 995528]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2009-05-19 05:23 49968 ----a-w- c:\program files\AIM6\aim6.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-06-09 17:16 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE]
2008-08-14 17:44 497008 ----a-w- c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-12-24 22:55 222504 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
2008-06-14 01:11 210216 ------w- c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
2008-10-07 03:42 210216 ------w- c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-05 136176]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [x]
R2 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [2009-09-04 497008]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2009-09-04 677128]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-04-11 19968]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2009-03-03 145424]
S2 NSL;Norton Safe Web Lite;c:\program files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe [2010-11-24 130000]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
S2 Security Activity Dashboard Service;Security Activity Dashboard Service;c:\program files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe [2008-08-14 181584]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2009-04-02 50192]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2009-12-04 36368]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2009-03-03 256528]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-29 112128]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-20 20:14]
.
2011-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-20 20:14]
.
2011-04-02 c:\windows\Tasks\HPCeeScheduleForowner.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-23 18:34]
.
2011-04-10 c:\windows\Tasks\User_Feed_Synchronization-{81DF0410-A309-445F-ABE2-78B65F0F3C8A}.job
- c:\windows\system32\msfeedssync.exe [2011-02-10 04:47]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
IE: &AIM Toolbar Search - c:\programdata\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\rf4bhe3t.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Trend Micro Toolbar: {22181a4d-af90-4ca3-a569-faed9118d6bc} - c:\program files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Norton Safe Web Lite Toolbar: {203FB6B2-2E1E-4474-863B-4C483ECCE78E} - c:\programdata\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.6\coFFNST
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
MSConfigStartUp-Google Update - c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-04-10 14:13
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NSL]
"ImagePath"="\"c:\program files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files\Norton Safe Web Lite\Engine\1.2.0.6\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-04-10 14:16:58
ComboFix-quarantined-files.txt 2011-04-10 18:16
.
Pre-Run: 262,311,669,760 bytes free
Post-Run: 262,503,215,104 bytes free
.
- - End Of File - - FA67D3D43CC774E87BB4DE58ED5408E6

bhuz80

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2011-04-09
Operating System : windows vista

View user profile

Back to top Go down

Re: Windows MSREMOVAL Done, but still having issues

Post by Belahzur on Mon 11 Apr 2011, 6:31 am

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Windows MSREMOVAL Done, but still having issues

Post by bhuz80 on Mon 11 Apr 2011, 7:05 am

Everytime I try to run it, I get an error message from Windows Internet Explorer saying it's stopped working.

bhuz80

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2011-04-09
Operating System : windows vista

View user profile

Back to top Go down

Re: Windows MSREMOVAL Done, but still having issues

Post by bhuz80 on Mon 11 Apr 2011, 11:14 am

I was able to do it through Opera....It's been about 3 hours so far.

bhuz80

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2011-04-09
Operating System : windows vista

View user profile

Back to top Go down

Re: Windows MSREMOVAL Done, but still having issues

Post by bhuz80 on Mon 11 Apr 2011, 11:31 am

It didn't produce a logfile for some reason.

it had 13 threats inlcuding.

Java/TrojanDownloader.OpenStream.NBF trojan
win32/bamital.dz.trojan

i had to download the scan as it wouldn't run in IE

bhuz80

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2011-04-09
Operating System : windows vista

View user profile

Back to top Go down

Re: Windows MSREMOVAL Done, but still having issues

Post by Sponsored content Today at 2:58 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum