Author Topic: Findgala hijack removal (Read 21280 times)

bilaxon · « **on:** April 05, 2011, 11:56:17 AM »

Hi,

I am having some major problems with a Findgala hijacker infection - it redirects all searches, blocks access to removal tools, downloads and windows updates, and practically any other help. There was a rogue antispyware infection that has been removed, but the McAfee antivirus got messed up and wouldn't run so I had to uninstall it.

so far I have been able to download Malwarebytes, SuperAntiSpyware, and HijackThis from another computer and run them in safemode, then rebooted into normal mode and ran them again.

this got rid of the rogue antispyware but the findgala redirect is still there

~~~~~~~~~~~~~~~~~~
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6279

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

4/5/2011 11:53:02 AM
mbam-log-2011-04-05 (11-53-02).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 288215
Time elapsed: 18 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
~~~~~~~~~~~~~~~~~~~
ComboFix 11-04-03.03 - Laxson 04/05/2011 12:36:47.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3839.2677 [GMT -4:00]
Running from: c:\users\Laxson\Desktop\user123.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-03-05 to 2011-04-05 )))))))))))))))))))))))))))))))
.
.
2011-04-05 16:39 . 2011-04-05 16:39   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-04-05 16:14 . 2011-04-05 16:14   --------   d-----w-   c:\users\Laxson\AppData\Local\Diagnostics
2011-04-05 13:10 . 2011-04-05 13:10   --------   d-----w-   c:\programdata\MFAData
2011-04-05 12:12 . 2011-04-05 12:13   --------   d-----w-   c:\program files\CCleaner
2011-04-05 12:12 . 2011-03-23 14:11   8424784   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{3C0479D1-E425-45D6-9A1B-6C9A9C8AC6D8}\mpengine.dll
2011-04-04 20:54 . 2011-04-05 12:26   --------   d-----w-   c:\users\Laxson\AppData\Roaming\HPAppData
2011-04-04 20:01 . 2011-04-04 20:01   --------   d-----w-   c:\users\Laxson\AppData\Local\Adobe
2011-04-04 19:41 . 2011-04-04 19:41   --------   d-----w-   c:\users\Laxson\AppData\Local\Apple
2011-04-04 19:31 . 2011-04-04 20:25   --------   d-----w-   c:\users\Laxson\AppData\Local\AOL
2011-04-04 19:27 . 2011-04-04 19:27   --------   d-----w-   c:\users\Laxson\AppData\Roaming\Malwarebytes
2011-04-04 19:27 . 2010-12-20 22:09   38224   ----a-w-   c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-04 19:27 . 2011-04-04 19:27   --------   d-----w-   c:\programdata\Malwarebytes
2011-04-04 19:27 . 2011-04-04 19:27   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2011-04-04 19:27 . 2010-12-20 22:08   24152   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-04-04 17:21 . 2011-04-04 17:21   --------   d-----w-   c:\users\Laxson\AppData\Roaming\SUPERAntiSpyware.com
2011-04-04 17:21 . 2011-04-04 17:21   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 22:11 . 2009-11-19 22:30   270720   ------w-   c:\windows\system32\MpSigStub.exe
2011-01-26 06:53 . 2011-02-09 17:29   982912   ----a-w-   c:\windows\system32\drivers\dxgkrnl.sys
2011-01-26 06:53 . 2011-02-09 17:29   265088   ----a-w-   c:\windows\system32\drivers\dxgmms1.sys
2011-01-26 06:31 . 2011-02-09 17:29   144384   ----a-w-   c:\windows\system32\cdd.dll
2011-01-07 08:07 . 2011-02-23 13:11   662528   ----a-w-   c:\windows\system32\XpsPrint.dll
2011-01-07 08:07 . 2011-02-23 13:11   475648   ----a-w-   c:\windows\system32\XpsGdiConverter.dll
2011-01-07 08:06 . 2011-02-09 17:28   46080   ----a-w-   c:\windows\system32\atmlib.dll
2011-01-07 07:31 . 2011-02-23 13:11   442880   ----a-w-   c:\windows\SysWow64\XpsPrint.dll
2011-01-07 07:31 . 2011-02-23 13:11   288256   ----a-w-   c:\windows\SysWow64\XpsGdiConverter.dll
2011-01-07 07:27 . 2011-02-09 17:28   34304   ----a-w-   c:\windows\SysWow64\atmlib.dll
2011-01-07 05:49 . 2011-02-09 17:28   366080   ----a-w-   c:\windows\system32\atmfd.dll
2011-01-07 05:33 . 2011-02-09 17:28   294400   ----a-w-   c:\windows\SysWow64\atmfd.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-04_18.36.43 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-04-02 12:31   32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-04-05 07:11   32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-04-02 12:31   32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-05 07:11   32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-04-02 12:31   16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-05 07:11   16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-09-08 03:17 . 2011-04-05 13:56   43744 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-04-05 13:56   46100 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-11-18 14:33 . 2011-04-05 13:56   15142 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1530017569-303028045-3225734056-1000_UserData.bin
- 2009-07-14 05:30 . 2011-03-31 17:41   86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2011-04-04 20:11   86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-11-18 14:28 . 2011-03-25 01:52   32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-18 14:28 . 2011-04-05 13:23   32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-18 14:28 . 2011-03-25 01:52   32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-18 14:28 . 2011-04-05 13:23   32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-03-25 01:52   16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-05 13:23   16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2011-04-05 12:35   80672 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-11-18 14:33 . 2011-04-05 16:14   16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-18 14:33 . 2011-04-02 13:03   16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-18 14:33 . 2011-04-05 16:14   16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-18 14:33 . 2011-04-02 13:03   16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-06-05 01:53 . 2011-04-05 07:01   49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2010-06-05 01:53 . 2010-09-30 02:01   49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-04-05 13:54 . 2011-04-05 13:54   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-04-04 18:22 . 2011-04-04 18:22   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-04-05 13:54 . 2011-04-05 13:54   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-04-04 18:22 . 2011-04-04 18:22   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-11-19 00:19 . 2011-04-05 15:13   319568 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 02:36 . 2011-04-04 20:33   628082 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-04-04 17:21   628082 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-04-04 17:21   108260 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-04-04 20:33   108260 c:\windows\system32\perfc009.dat
- 2009-07-14 05:30 . 2011-03-31 17:41   143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-04-04 20:11   143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2010-11-16 06:38   143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2011-04-04 20:11   143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:01 . 2011-04-05 13:54   311724 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-04-02 14:04   311724 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-11-18 15:12 . 2011-04-02 14:04   2151432 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-11-18 15:12 . 2011-04-05 13:54   2151432 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 02:34 . 2011-04-02 13:11   10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-04-05 15:41   10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-04-04 19:35 . 2011-04-04 19:35   20304384 c:\windows\Installer\40b11.msp
+ 2011-04-05 07:00 . 2011-04-05 07:00   20308992 c:\windows\Installer\24479b7.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-16 1668664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP KEYBOARDx"="c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2009-07-15 715264]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-15 98304]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-22 1314816]
"Buttons & OSDs control application gen3"="c:\program files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe" [2009-07-03 212992]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\hp\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
R1 SASDIFSV;SASDIFSV;c:\users\Laxson\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS

R1 SASKUTIL;SASKUTIL;c:\users\Laxson\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\DRIVERS\hidkmdf.sys

R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys

R3 ssrangdr;ssrangdr;c:\windows\system32\DRIVERS\ssrangdr.sys

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe

S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2009-07-09 21560]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [2010-05-20 101048]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2009-10-22 517632]
S3 ACPIService;Buttons and OSDs ACPI driver gen2;c:\windows\system32\DRIVERS\OSDACPI.SYS

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys

S3 NW1950;NextWindow 1950 Touch Screen;c:\windows\system32\DRIVERS\NW1950.sys

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys

.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-05 c:\windows\Tasks\HPCeeScheduleForLaxson.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 09:22]
.
2011-03-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- x86-64 -----------
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=crossfire&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-04-05 12:40:54
ComboFix-quarantined-files.txt 2011-04-05 16:40
ComboFix2.txt 2011-04-05 12:54
ComboFix3.txt 2011-04-04 18:38
.
Pre-Run: 443,348,893,696 bytes free
Post-Run: 443,056,381,952 bytes free
.
- - End Of File - - 3079833F0A1AAB38CABAF1590C3479CE

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:55:34 PM, on 4/5/2011
Platform: Unknown Windows (WinNT 6.01.3504)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe
C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\JAN2OSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
G:\Security\HiJackThis_v2.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=crossfire&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\IPSBHO.DLL (file missing)
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\coIEPlg.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [HP KEYBOARDx] "C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Buttons & OSDs control application gen3] c:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\coIEPlg.dll (file missing)
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: CalendarSynchService - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
O23 - Service: McciCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9163 bytes

bilaxon · « **Reply #1 on:** April 05, 2011, 12:53:11 PM »

sorry, this is on Windows 7 Home Premium, here is the SAS log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/05/2011 at 02:31 PM

Application Version : 4.50.1002

Core Rules Database Version : 6744
Trace Rules Database Version: 4568

Scan type : Complete Scan
Total Scan Time : 00:28:19

Memory items scanned : 765
Memory threats detected : 0
Registry items scanned : 13213
Registry threats detected : 0
File items scanned : 30204
File threats detected : 9

Adware.Tracking Cookie
C:\Users\Laxson\AppData\Roaming\Microsoft\Windows\Cookies\laxson@doubleclick[2].txt
C:\Users\Laxson\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Laxson\AppData\Roaming\Microsoft\Windows\Cookies\laxson@findgala[2].txt
C:\Users\Laxson\AppData\Roaming\Microsoft\Windows\Cookies\Low\laxson@atdmt[2].txt
C:\Users\Laxson\AppData\Roaming\Microsoft\Windows\Cookies\Low\laxson@kontera[2].txt
C:\Users\Laxson\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Laxson\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Laxson\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Laxson\AppData\Roaming\Microsoft\Windows\Cookies\Low\laxson@doubleclick[1].txt

SuperDave · « **Reply #2 on:** April 05, 2011, 01:23:43 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
****************************************************
Download OTL to your desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* When the window appears, underneath Output at the top change it to Minimal Output.
* Check the boxes beside LOP Check and Purity Check.
* Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy and pate the contents of these files, one at a time, into your next reply.

Note: You may need two or more posts to fit them all in.

bilaxon · « **Reply #3 on:** April 05, 2011, 02:30:38 PM »

Results of screen317's Security Check version 0.99.10
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Mozilla Firefox (3.6.10) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````

OTL logfile created on: 4/5/2011 4:21:22 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Laxson\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 77.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.91 Gb Total Space | 412.63 Gb Free Space | 91.11% Space Free | Partition Type: NTFS
Drive D: | 12.75 Gb Total Space | 2.29 Gb Free Space | 17.99% Space Free | Partition Type: NTFS
Drive E: | 338.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 1.88 Gb Total Space | 0.88 Gb Free Space | 46.85% Space Free | Partition Type: FAT

Computer Name: LAXSON-PC | User Name: Laxson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Laxson\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE (Hewlett-Packard)
PRC - C:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\JAN2OSD.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)

========== Modules (SafeList) ==========

MOD - C:\Users\Laxson\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)

========== Win32 Services (SafeList) ==========

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\hp\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (CalendarSynchService) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe (Hewlett-Packard)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (ssrangdr) -- C:\Windows\SysNative\drivers\ssrangdr.sys (SupportSoft Inc.)
DRV:64bit: - (hidkmdf) -- C:\Windows\SysNative\drivers\hidkmdf.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (NW1950) -- C:\Windows\SysNative\drivers\NW1950.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV:64bit: - (ACPIService) -- C:\Windows\SysNative\drivers\OSDACPI.SYS ()
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (rcmirror) -- C:\Windows\SysNative\drivers\rcmirror.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (SASDIFSV) -- C:\Users\Laxson\AppData\Local\Temp\SAS_SelfExtract\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Users\Laxson\AppData\Local\Temp\SAS_SelfExtract\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=crossfire&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=crossfire&pf=cndt
IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL L.L.C.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/27 21:03:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2010/11/23 07:05:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/04/05 13:10:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/04/05 13:10:28 | 000,000,000 | ---D | M]

[2011/04/05 13:10:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laxson\AppData\Roaming\Mozilla\Extensions
[2011/04/05 13:10:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laxson\AppData\Roaming\Mozilla\Firefox\Profiles\kmssm71e.default\extensions
[2011/04/05 13:10:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/11/23 07:05:52 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR

O1 HOSTS File: ([2011/04/04 14:36:39 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - File not found
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - File not found
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O4 - HKLM..\Run: [Buttons & OSDs control application gen3] c:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP KEYBOARDx] C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/22 06:49:26 | 000,648,360 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008/05/24 08:10:20 | 000,000,113 | -H-- | M] () - G:\autorun.inf -- [ FAT ]
O32 - AutoRun File - [2008/05/24 08:10:20 | 000,000,113 | ---- | M] () - G:\AUTORUN_.INF -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/05 13:10:33 | 000,000,000 | ---D | C] -- C:\Users\Laxson\AppData\Roaming\Mozilla
[2011/04/05 13:10:33 | 000,000,000 | ---D | C] -- C:\Users\Laxson\AppData\Local\Mozilla
[2011/04/05 13:10:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/04/05 13:10:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/04/05 12:35:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/04/05 12:14:53 | 000,000,000 | ---D | C] -- C:\Users\Laxson\AppData\Local\Diagnostics
[2011/04/05 09:10:09 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/04/05 08:25:39 | 000,000,000 | ---D | C] -- C:\Users\Laxson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security
[2011/04/05 08:12:57 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/04/04 16:54:49 | 000,000,000 | ---D | C] -- C:\Users\Laxson\AppData\Roaming\HPAppData
[2011/04/04 16:15:39 | 000,000,000 | ---D | C] -- C:\Users\Laxson\Desktop\AOL Saved PFC
[2011/04/04 16:09:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security
[2011/04/04 16:01:43 | 000,000,000 | ---D | C] -- C:\Users\Laxson\AppData\Local\Adobe
[2011/04/04 15:41:02 | 000,000,000 | ---D | C] -- C:\Users\Laxson\AppData\Local\Apple
[2011/04/04 15:31:23 | 000,000,000 | ---D | C] -- C:\Users\Laxson\AppData\Local\AOL
[2011/04/04 15:27:49 | 000,000,000 | ---D | C] -- C:\Users\Laxson\AppData\Roaming\Malwarebytes
[2011/04/04 15:27:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/04/04 15:27:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/04 15:27:37 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/04/04 15:27:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/04/04 14:38:06 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/04/04 14:31:02 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/04/04 14:31:02 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/04/04 14:31:02 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/04/04 14:30:59 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/04/04 14:27:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/04 13:21:36 | 000,000,000 | ---D | C] -- C:\Users\Laxson\AppData\Roaming\SUPERAntiSpyware.com
[2011/04/04 13:21:36 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/03/09 09:01:47 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/03/09 09:01:47 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011/03/09 09:01:47 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011/03/09 09:01:47 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011/03/09 09:01:45 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2011/03/09 09:01:45 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2011/03/09 09:01:45 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/03/09 09:01:45 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2011/03/09 09:01:45 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/03/09 09:01:45 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2011/03/09 09:01:44 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2011/03/09 09:01:44 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2011/03/09 09:01:43 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2011/03/09 09:01:43 | 002,690,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2011/03/09 09:01:43 | 001,034,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2011/03/09 09:01:42 | 001,097,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe

========== Files - Modified Within 30 Days ==========

[2011/04/05 15:52:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/05 14:57:37 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/05 14:57:37 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/05 13:10:29 | 000,001,925 | ---- | M] () -- C:\Users\Laxson\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/05 09:55:05 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLaxson.job
[2011/04/05 09:54:47 | 3019,300,864 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/04 16:33:57 | 000,732,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/04/04 16:33:57 | 000,628,082 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/04/04 16:33:57 | 000,108,260 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/04/04 16:15:39 | 000,000,002 | ---- | M] () -- C:\Windows\msoffice.ini
[2011/04/04 14:36:39 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/04/04 08:47:20 | 004,313,359 | R--- | M] () -- C:\Users\Laxson\Desktop\user123.exe
[2011/04/01 21:21:50 | 001,096,811 | ---- | M] () -- C:\Users\Laxson\Documents\CoconutMacaroons#1.pdf
[2011/04/01 14:26:53 | 000,101,329 | ---- | M] () -- C:\Users\Laxson\Documents\FwExcellentPhoto
[2011/04/01 10:40:47 | 002,624,000 | ---- | M] () -- C:\Users\Laxson\Documents\The_Best_Map_Ever_of_World_War_II.pps
[2011/03/31 13:40:47 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2011/03/29 16:12:02 | 004,325,851 | ---- | M] () -- C:\Users\Laxson\Documents\President_car.wmv
[2011/03/29 16:02:22 | 002,236,684 | ---- | M] () -- C:\Users\Laxson\Documents\GillespieUnitMarwithFeb2011news.pdf
[2011/03/29 11:32:08 | 000,019,856 | ---- | M] () -- C:\Users\Laxson\Documents\From
[2011/03/28 21:13:59 | 001,764,864 | ---- | M] () -- C:\Users\Laxson\Documents\Jessica_Cox_English-1.pps
[2011/03/28 08:04:56 | 004,154,880 | ---- | M] () -- C:\Users\Laxson\Documents\BlueTrain-Africa.pps
[2011/03/18 12:17:37 | 000,469,232 | ---- | M] () -- C:\Users\Laxson\Documents\Scan001.pdf

========== Files Created - No Company Name ==========

[2011/04/05 13:10:29 | 000,001,925 | ---- | C] () -- C:\Users\Laxson\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/05 12:35:16 | 004,313,359 | R--- | C] () -- C:\Users\Laxson\Desktop\user123.exe
[2011/04/05 03:11:52 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForLaxson.job
[2011/04/04 16:15:39 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2011/04/04 14:31:02 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/04/04 14:31:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/04/04 14:31:02 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/04/04 14:31:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/04/04 14:31:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/04/01 21:21:45 | 001,096,811 | ---- | C] () -- C:\Users\Laxson\Documents\CoconutMacaroons#1.pdf
[2011/04/01 14:26:52 | 000,101,329 | ---- | C] () -- C:\Users\Laxson\Documents\FwExcellentPhoto
[2011/04/01 10:40:36 | 002,624,000 | ---- | C] () -- C:\Users\Laxson\Documents\The_Best_Map_Ever_of_World_War_II.pps
[2011/03/29 16:11:41 | 004,325,851 | ---- | C] () -- C:\Users\Laxson\Documents\President_car.wmv
[2011/03/29 16:02:10 | 002,236,684 | ---- | C] () -- C:\Users\Laxson\Documents\GillespieUnitMarwithFeb2011news.pdf
[2011/03/29 11:32:08 | 000,019,856 | ---- | C] () -- C:\Users\Laxson\Documents\From
[2011/03/28 21:13:51 | 001,764,864 | ---- | C] () -- C:\Users\Laxson\Documents\Jessica_Cox_English-1.pps
[2011/03/28 08:04:35 | 004,154,880 | ---- | C] () -- C:\Users\Laxson\Documents\BlueTrain-Africa.pps
[2011/03/18 12:17:35 | 000,469,232 | ---- | C] () -- C:\Users\Laxson\Documents\Scan001.pdf
[2010/04/27 21:02:36 | 000,023,143 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/03/26 11:38:29 | 000,000,600 | ---- | C] () -- C:\Users\Laxson\AppData\Local\PUTTY.RND
[2009/11/23 12:50:50 | 000,208,187 | ---- | C] () -- C:\Windows\hpoins40.dat.temp
[2009/11/23 12:50:49 | 000,000,918 | ---- | C] () -- C:\Windows\hpomdl40.dat.temp
[2009/11/23 12:24:03 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/11/20 11:55:47 | 000,208,187 | ---- | C] () -- C:\Windows\hpoins40.dat
[2009/11/19 20:57:44 | 000,001,308 | ---- | C] () -- C:\Users\Laxson\AppData\Roaming\wklnhst.dat
[2009/11/18 10:41:19 | 000,024,644 | ---- | C] () -- C:\ProgramData\restorewl.ini
[2009/09/19 11:18:12 | 000,000,012 | ---- | C] () -- C:\ProgramData\GEN3BrightnessLevel.INI
[2009/09/07 23:02:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/15 20:50:42 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/05/22 06:04:30 | 000,000,918 | ---- | C] () -- C:\Windows\hpomdl40.dat
[2008/01/14 18:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2005/08/26 16:28:34 | 000,143,360 | ---- | C] () -- C:\Windows\unzip.exe
[2005/08/26 16:27:58 | 000,045,056 | ---- | C] () -- C:\Windows\devenum.exe

========== LOP Check ==========

[2009/11/18 10:41:19 | 000,000,000 | ---D | M] -- C:\Users\Laxson\AppData\Roaming\supportdotcom
[2010/01/05 15:14:54 | 000,000,000 | ---D | M] -- C:\Users\Laxson\AppData\Roaming\Template
[2009/11/26 12:06:37 | 000,000,000 | ---D | M] -- C:\Users\Laxson\AppData\Roaming\WinBatch
[2011/03/31 13:40:47 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2011/03/25 07:44:56 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 985 bytes -> C:\Users\Laxson\Documents\[Fwd_humor].eml:OECustomProperty
@Alternate Data Stream - 961 bytes -> C:\Users\Laxson\Documents\Whymenarebecomingrepublicans(oldbutfunny).eml:OECustomProperty
@Alternate Data Stream - 961 bytes -> C:\Users\Laxson\Documents\Fw_TrainofLife..Thisisabsolutelyawesome!!!.eml:OECustomProperty
@Alternate Data Stream - 937 bytes -> C:\Users\Laxson\Documents\Fw_Youthinkyouhavecomputerproblems_.eml:OECustomProperty
@Alternate Data Stream - 933 bytes -> C:\Users\Laxson\Documents\[kaivitifriends]ALITTLELIGHTRELIEF.eml:OECustomProperty
@Alternate Data Stream - 929 bytes -> C:\Users\Laxson\Documents\Fwd_AFRENCHPOEMwrittenbyanAmericanPatriot.eml:OECustomProperty
@Alternate Data Stream - 929 bytes -> C:\Users\Laxson\Documents\Fw_Info.eml:OECustomProperty
@Alternate Data Stream - 913 bytes -> C:\Users\Laxson\Documents\Fw_SOLDIER'SFUNERAL(TEXASSTYLE]].eml:OECustomProperty
@Alternate Data Stream - 905 bytes -> C:\Users\Laxson\Documents\Fwd_Fw_whatSenatorJohnGlennsaid.eml:OECustomProperty
@Alternate Data Stream - 905 bytes -> C:\Users\Laxson\Documents\Fwd_Fw_THEBRICK.eml:OECustomProperty
@Alternate Data Stream - 876 bytes -> C:\Users\Laxson\Documents\Fwd_AGELESSWISDOM.eml:OECustomProperty
@Alternate Data Stream - 865 bytes -> C:\Users\Laxson\Documents\Fw_Wishingyou.....eml:OECustomProperty
@Alternate Data Stream - 864 bytes -> C:\Users\Laxson\Documents\Beforeandafterpictures(goodones).eml:OECustomProperty
@Alternate Data Stream - 861 bytes -> C:\Users\Laxson\Documents\Fwd_Fw_CheckoutDrug.eml:OECustomProperty
@Alternate Data Stream - 837 bytes -> C:\Users\Laxson\Documents\Fw_APlotofGrass.eml:OECustomProperty
@Alternate Data Stream - 833 bytes -> C:\Users\Laxson\Documents\Fwd_Whatit'sallabout..eml:OECustomProperty
@Alternate Data Stream - 824 bytes -> C:\Users\Laxson\Documents\Fw_Thisisabsolutelyadorable.eml:OECustomProperty
@Alternate Data Stream - 820 bytes -> C:\Users\Laxson\Documents\Fwd_HAPPINESSFAIRY.eml:OECustomProperty
@Alternate Data Stream - 817 bytes -> C:\Users\Laxson\Documents\WeeklyCleaningSchedule.eml:OECustomProperty
@Alternate Data Stream - 817 bytes -> C:\Users\Laxson\Documents\Fw_GreatAnimalpix.eml:OECustomProperty
@Alternate Data Stream - 808 bytes -> C:\Users\Laxson\Documents\CherokeeWisdom...short...great!.eml:OECustomProperty
@Alternate Data Stream - 807 bytes -> C:\Users\Laxson\Documents\English.eml:OECustomProperty
@Alternate Data Stream - 805 bytes -> C:\Users\Laxson\Documents\Fw_Ilovethisone.eml:OECustomProperty
@Alternate Data Stream - 801 bytes -> C:\Users\Laxson\Documents\Fw_ReadittotheBottom.eml:OECustomProperty
@Alternate Data Stream - 773 bytes -> C:\Users\Laxson\Documents\FW_Thoughtthiswassuper.eml:OECustomProperty
@Alternate Data Stream - 773 bytes -> C:\Users\Laxson\Documents\[Fwd_Alzheimer'sTest].eml:OECustomProperty
@Alternate Data Stream - 741 bytes -> C:\Users\Laxson\Documents\Thebestdayofmylife.eml:OECustomProperty
@Alternate Data Stream - 736 bytes -> C:\Users\Laxson\Documents\Fwd_Fw_[Bulk]Fw_TheElf.eml:OECustomProperty
@Alternate Data Stream - 736 bytes -> C:\Users\Laxson\Documents\Fwd_Friendshipbracelet.eml:OECustomProperty
@Alternate Data Stream - 721 bytes -> C:\Users\Laxson\Documents\AirportWashroom.eml:OECustomProperty
@Alternate Data Stream - 720 bytes -> C:\Users\Laxson\Documents\Fwd_Virusalert.eml:OECustomProperty
@Alternate Data Stream - 689 bytes -> C:\Users\Laxson\Documents\Partydifferences.eml:OECustomProperty
@Alternate Data Stream - 4149 bytes -> C:\Users\Laxson\Documents\Fwd_Fw_Fw_OpticalIllusion.eml:OECustomProperty
@Alternate Data Stream - 3913 bytes -> C:\Users\Laxson\Documents\Fw_TheMediaisatitagain!fromJamesDobson.eml:OECustomProperty
@Alternate Data Stream - 3776 bytes -> C:\Users\Laxson\Documents\ProofofGlobalwarming.eml:OECustomProperty
@Alternate Data Stream - 3761 bytes -> C:\Users\Laxson\Documents\Fw_FW_INMEMORIAM.eml:OECustomProperty
@Alternate Data Stream - 3581 bytes -> C:\Users\Laxson\Documents\WorkOutandfeelbetter-Hasmusic.eml:OECustomProperty
@Alternate Data Stream - 3552 bytes -> C:\Users\Laxson\Documents\Fwd_readthisassoonasyouchecke-mail.eml:OECustomProperty
@Alternate Data Stream - 3129 bytes -> C:\Users\Laxson\Documents\Fw_AReportfromGrandpa_Grandma.eml:OECustomProperty
@Alternate Data Stream - 2657 bytes -> C:\Users\Laxson\Documents\Fw_Fwd_GrandmaFaith'sWebsite_OldAge.eml:OECustomProperty
@Alternate Data Stream - 2457 bytes -> C:\Users\Laxson\Documents\4086-Wmlrml;[eDED]download;33944955.eml:OECustomProperty
@Alternate Data Stream - 2355 bytes -> C:\Users\Laxson\Documents\Fw_OneoftheNicestE-mails.....eml:OECustomProperty
@Alternate Data Stream - 2205 bytes -> C:\Users\Laxson\Documents\Fw_WordsfromMayaAngelou.eml:OECustomProperty
@Alternate Data Stream - 2196 bytes -> C:\Users\Laxson\Documents\Theemptychair.eml:OECustomProperty
@Alternate Data Stream - 2161 bytes -> C:\Users\Laxson\Documents\Fw_JohnCleese'sLettertoAmerica.eml:OECustomProperty
@Alternate Data Stream - 1972 bytes -> C:\Users\Laxson\Documents\Fwd_Fw_.eml:OECustomProperty
@Alternate Data Stream - 1893 bytes -> C:\Users\Laxson\Documents\Fw_ENGAGEMENTPHOTO.eml:OECustomProperty
@Alternate Data Stream - 1886 bytes -> C:\Users\Laxson\Documents\Fwd_Fw_Somethingtothinkabout.eml:OECustomProperty
@Alternate Data Stream - 1829 bytes -> C:\Users\Laxson\Documents\TheWeatheredOldBarn.eml:OECustomProperty
@Alternate Data Stream - 1764 bytes -> C:\Users\Laxson\Documents\Fwd_FW_CHURCHCHUCKLES.eml:OECustomProperty
@Alternate Data Stream - 1757 bytes -> C:\Users\Laxson\Documents\Donotdelete(PHOTOS!)pleasescrolldownandlookatthepictures.em l:OECustomProperty
@Alternate Data Stream - 1741 bytes -> C:\Users\Laxson\Documents\27603-Wmlrml;[eDED]download;32902765.eml:OECustomProperty
@Alternate Data Stream - 1709 bytes -> C:\Users\Laxson\Documents\Fw_Puppiesforsale-willyousendthisback__.eml:OECustomProperty
@Alternate Data Stream - 1665 bytes -> C:\Users\Laxson\Documents\Fw_FW_Amazing!.eml:OECustomProperty
@Alternate Data Stream - 1645 bytes -> C:\Users\Laxson\Documents\Fwd_FW_Hunting_.eml:OECustomProperty
@Alternate Data Stream - 1645 bytes -> C:\Users\Laxson\Documents\Fw_DenzelWashington.eml:OECustomProperty
@Alternate Data Stream - 1629 bytes -> C:\Users\Laxson\Documents\Fwd_DilemaoftheTerroristWar.eml:OECustomProperty
@Alternate Data Stream - 1617 bytes -> C:\Users\Laxson\Documents\Fw_(nosubject).eml:OECustomProperty
@Alternate Data Stream - 1613 bytes -> C:\Users\Laxson\Documents\Fw_ReactiveSneezing(amustread!).eml:OECustomProperty
@Alternate Data Stream - 1513 bytes -> C:\Users\Laxson\Documents\Fw_checkoutyourcounty_city....eml:OECustomProperty
@Alternate Data Stream - 1512 bytes -> C:\Users\Laxson\Documents\FW_SMACK.eml:OECustomProperty
@Alternate Data Stream - 1492 bytes -> C:\Users\Laxson\Documents\Fwd_FW_Questions.eml:OECustomProperty
@Alternate Data Stream - 1469 bytes -> C:\Users\Laxson\Documents\FW_OppositeofJaneFonda.eml:OECustomProperty
@Alternate Data Stream - 1468 bytes -> C:\Users\Laxson\Documents\Fwd_Fw_birthdayparty.eml:OECustomProperty
@Alternate Data Stream - 1461 bytes -> C:\Users\Laxson\Documents\Fw_NAILINTHEFENCE.eml:OECustomProperty
@Alternate Data Stream - 1433 bytes -> C:\Users\Laxson\Documents\Fwd_Fw_Happy4thofJuly!.......................eml:OECustomProperty
@Alternate Data Stream - 143 bytes -> C:\Users\Laxson\Documents\Fwd_Fw_WhyMichellecamehome.eml:OECustomProperty
@Alternate Data Stream - 1428 bytes -> C:\Users\Laxson\Documents\Fwd_FW_NoSubject.eml:OECustomProperty
@Alternate Data Stream - 1381 bytes -> C:\Users\Laxson\Documents\Fw_SomethingDifferent.eml:OECustomProperty
@Alternate Data Stream - 1365 bytes -> C:\Users\Laxson\Documents\Fwd_RemarkableObituary.eml:OECustomProperty
@Alternate Data Stream - 1365 bytes -> C:\Users\Laxson\Documents\Fw_Fw_.eml:OECustomProperty
@Alternate Data Stream - 1361 bytes -> C:\Users\Laxson\Documents\Fw_SugarBabies.eml:OECustomProperty
@Alternate Data Stream - 1356 bytes -> C:\Users\Laxson\Documents\Fwd_Fw_Absolutelyamustread.eml:OECustomProperty
@Alternate Data Stream - 1335 bytes -> C:\Users\Laxson\Documents\Fw_CreditCardFraud.eml:OECustomProperty
@Alternate Data Stream - 1333 bytes -> C:\Users\Laxson\Documents\Fw_Frommyhousetoyours.eml:OECustomProperty
@Alternate Data Stream - 1329 bytes -> C:\Users\Laxson\Documents\FW_G.R.I.T.S.....GirlsRaisedintheSouth.eml:OECustomProperty
@Alternate Data Stream - 1297 bytes -> C:\Users\Laxson\Documents\Fwd_Fw_Fw_FootprintsAnewversion_^..^_].eml:OECustomProperty
@Alternate Data Stream - 1293 bytes -> C:\Users\Laxson\Documents\Fwd_Fw_EDITORIAL.eml:OECustomProperty
@Alternate Data Stream - 1265 bytes -> C:\Users\Laxson\Documents\Fwd_ThisissuchasweetstorythatIhavetoshare!.eml:OECustomProperty
@Alternate Data Stream - 1258 bytes -> C:\Users\Laxson\Documents\4Candles.eml:OECustomProperty
@Alternate Data Stream - 1205 bytes -> C:\Users\Laxson\Documents\FW_TheBrick.eml:OECustomProperty
@Alternate Data Stream - 1181 bytes -> C:\Users\Laxson\Documents\Fw_KidsintheFifties.eml:OECustomProperty
@Alternate Data Stream - 1137 bytes -> C:\Users\Laxson\Documents\ATT00121.eml:OECustomProperty
@Alternate Data Stream - 1117 bytes -> C:\Users\Laxson\Documents\oisreallyresponsible_(NewOrleans)ByRev.JesseLeePeterson].eml:OECustomProperty
@Alternate Data Stream - 1117 bytes -> C:\Users\Laxson\Documents\Fw_[Fwd_Fw_Friends....Smilesarein!!!!Enjoy!!!!].eml:OECustomProperty
@Alternate Data Stream - 1049 bytes -> C:\Users\Laxson\Documents\Re_[kaivitifriends]FORALLTHEMUMSANDGRANDMUMSOUTTHERE.eml:OECustomProperty
@Alternate Data Stream - 1049 bytes -> C:\Users\Laxson\Documents\Fw_TheLord'sPrayer.eml:OECustomProperty
@Alternate Data Stream - 1037 bytes -> C:\Users\Laxson\Documents\Fw_PrayerRequest.eml:OECustomProperty
@Alternate Data Stream - 1033 bytes -> C:\Users\Laxson\Documents\Fw_John3_16,AbsolutelyBeautiful].eml:OECustomProperty
@Alternate Data Stream - 1009 bytes -> C:\Users\Laxson\Documents\Fwd_Fw_1905.eml:OECustomProperty

< End of report >

OTL Extras logfile created on: 4/5/2011 4:21:22 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Laxson\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 77.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.91 Gb Total Space | 412.63 Gb Free Space | 91.11% Space Free | Partition Type: NTFS
Drive D: | 12.75 Gb Total Space | 2.29 Gb Free Space | 17.99% Space Free | Partition Type: NTFS
Drive E: | 338.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 1.88 Gb Total Space | 0.88 Gb Free Space | 46.85% Space Free | Partition Type: FAT

Computer Name: LAXSON-PC | User Name: Laxson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Virtual Earth 3D (Beta)
"{7371196E-FA5B-43AE-1AE2-875E98869B47}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88882852-5C7D-A48B-15F3-8D13CABDA7A3}" = ATI Catalyst Install Manager
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{B2DAB009-8236-48A0-AD7F-E940F5AB1578}" = HP Photosmart Plus B209a-m All-in-One Driver Software 14.0 Rel. 6
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ATT-RC" = ATT-RC Self Support Tool
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP TouchSmart Webcam
"{0284181F-355D-C4E1-B483-41992C48490E}" = CCC Help German
"{04D66C1E-E5E2-483C-8715-916C42703924}" = HP TouchSmart Calendar
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{07FF3AA8-0BC6-8861-F27F-2ED442F5C03E}" = CCC Help English
"{13A5A060-F2EF-449C-AD0E-293C459271FF}" = HP TouchSmart Netflix
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{14A4957E-46DB-4821-528D-8381B4376FE2}" = CCC Help Korean
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1AFC20E3-35B0-4916-9809-F6C46A92A695}" = HP TouchSmart Weather
"{1F959C31-3C22-404B-8284-534A416119B0}" = Buttons & OSDs control application gen3
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{22139F5D-9405-455A-BDEB-658B1A4E4861}" = Catalyst Control Center - Branding
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{297C2073-4ED9-4AD7-B4DA-EA2565568379}" = HP TouchSmart Link
"{2DBE7159-9081-4DDB-B8DB-31692A41008F}" = HP TouchSmart Notes
"{2E4BEAC4-FB73-9657-A5B2-42F508AF98FE}" = CCC Help Finnish
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP TouchSmart Movie Themes
"{36B90A24-CE03-79C6-3DEE-1EFEE456377F}" = Catalyst Control Center Graphics Full Existing
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3B18BAAA-1734-8CA1-1A04-B68A06A1F9C9}" = Catalyst Control Center Graphics Full New
"{3E450CF1-F8C4-C8D6-29D1-87AD090E8F2A}" = Catalyst Control Center InstallProxy
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{424CECC6-CEB1-4A5F-9A42-ADE64F035DEB}" = HP TouchSmart
"{4377068C-A88F-53F7-EDAF-DBD7990AEB93}" = CCC Help Swedish
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{4907BDCE-4DF2-350C-24B2-9C509F004F1D}" = CCC Help Chinese Traditional
"{4EDD5F10-3961-48C2-ACD9-63D5C125EA8F}" = HP TouchSmart Clock
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5B0D4B33-FB4C-CB95-38D3-66F4B942661E}" = CCC Help Japanese
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{628690B9-A523-B37A-E001-D8E4581D573D}" = Catalyst Control Center Localization All
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AC35F19-C3DF-6455-C9E2-1E77BA42D3BC}" = Catalyst Control Center Graphics Previews Vista
"{6D1A44ED-3D15-9BB3-43AE-91A077AE9212}" = CCC Help Chinese Standard
"{717CC8F7-D8EF-4339-AC51-A501DC9EC7B6}" = HP TouchSmart Tutorials
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{83907548-56BB-D892-1CAC-2F5EC0939B37}" = CCC Help Czech
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ABB6A99-E2D5-47E4-905A-2FD4657D235E}" = HP TouchSmart RSS
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9062CED6-AECC-E6C6-E6A0-A654CE167554}" = CCC Help Portuguese
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{97E32194-C626-92E1-9AB9-64AA00CC7380}" = CCC Help Russian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A58E9FA7-23E7-4D87-AD5B-E8331821B84B}" = HP TouchSmart Canvas
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AE566093-655C-416B-8D25-4B4D85887978}" = HP TouchSmart RecipeBox
"{AE8C4181-26D7-4E92-A6EF-81BB2A8E0230}" = HP TouchSmart Twitter
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP TouchSmart Music/Photo/Video
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}" = HP Support Assistant
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE9CE924-DD9E-3A0D-EA16-9931D21FB3F5}" = CCC Help Turkish
"{C285CFAB-889A-47C9-2959-A9B71B5E0BFB}" = CCC Help Hungarian
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C88256B0-1182-C1B2-FE22-C1BAC6BB0E83}" = CCC Help Norwegian
"{CA1A637B-5BFD-A325-BC4B-15D3D10B861C}" = Catalyst Control Center Core Implementation
"{CACBE764-2E09-5D88-E496-78F7B1E9FFAE}" = CCC Help Greek
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CDC8DBA8-37FF-4C82-84FF-DEBEDF93BEC4}" = PS_AIO_06_B209a-m_SW_Min
"{CEF9A199-8652-B2A0-8C82-5491CB57AC3A}" = CCC Help French
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D781BE32-516F-957C-C080-8365111CAC18}" = CCC Help Danish
"{DC2841DC-5ADC-8FDD-C3FD-5FD223426F38}" = CCC Help Polish
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DFD6EBE3-F0DA-4E24-9202-37AF8D20888B}" = HP TouchSmart Browser
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E617721F-B66C-4D5A-AA2A-B2D60820CDC3}" = B209a-m
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EB04773A-005D-3A2E-43C2-CEDE2645F1C3}" = ccc-core-static
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F1F24DF6-37BB-9905-9EB4-5C1E4D32B664}" = Catalyst Control Center Graphics Light
"{F20A4D6F-88ED-32BA-0C6D-BD6A692EFF29}" = CCC Help Italian
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F5AC7E52-BDF6-9948-73CD-BCE3C23632F3}" = CCC Help Dutch
"{F6FA1416-ABCF-3559-1ACA-CEAADD6AF3E8}" = CCC Help Thai
"{F86145F7-BF40-33F0-F07B-D10BE04F98AA}" = CCC Help Spanish
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0
"AOL Toolbar" = AOL Toolbar
"ATT-RC" = ATT-RC Self Support Tool
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Keyboard_is1" = HP Desktop Keyboard
"HP Photo Creations" = HP Photo Creations
"HP Remote Solution" = HP Remote Solution
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP TouchSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP TouchSmart Movie Themes
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP TouchSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"HuluDesktop" = Hulu Desktop

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/11/2010 7:14:44 AM | Computer Name = Laxson-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 7/11/2010 7:14:44 AM | Computer Name = Laxson-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 7/11/2010 7:14:48 AM | Computer Name = Laxson-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 7/11/2010 7:14:48 AM | Computer Name = Laxson-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 7/11/2010 7:14:48 AM | Computer Name = Laxson-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 7/11/2010 7:14:48 AM | Computer Name = Laxson-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 7/25/2010 1:59:34 PM | Computer Name = Laxson-PC | Source = MsiInstaller | ID = 11704
Description =

Error - 9/27/2010 11:15:14 AM | Computer Name = Laxson-PC | Source = Application Hang | ID

SuperDave · « **Reply #4 on:** April 06, 2011, 04:48:12 PM »

The Security check shows that you have no anti-virus program on your computer. Please choose one from the list below and install it.

Looking over your log it seems you don't have any antivirus software.

Before we continue download and install a free antivirus.

Remember to only install one antivirus!

1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
4-a) Microsoft Security Essentials for Windows XP
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
********************************************
Please go to Jotti's malware scan
(If more than one file needs scanned they must be done separately and links posted for each one)

* Copy the file path in the below Code box:

Code: [Select]

C:\Windows\devenum.exe

* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
********************************************************
* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code: [Select]

:OTL
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -  File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} -  File not found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
:COMMANDS
[resethosts]
[purity]
[emptytemp]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.

bilaxon · « **Reply #5 on:** April 07, 2011, 10:11:20 AM »

- I installed, updated and ran Avira Antivir, which found nothing

Jotti's - http://virusscan.jotti.org/en/scanresult/a6f41866377068e5137e249609629f034
baa8a14/3a18b112ad455383e6fb5c33e8f65cc13eac2db7

- OTL
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aol.com\objects\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\gopher\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79eac9e4-baf9-11ce-8c82-00aa004ba90b}\ not found.
File {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A9007C0-4076-11D3-8789-0000F8105754}\ not found.
File {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\symres\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA1061FE-6C41-421f-9344-69640C9732AB}\ not found.
File {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\symres\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA1061FE-6C41-421f-9344-69640C9732AB}\ deleted successfully.
File {AA1061FE-6C41-421f-9344-69640C9732AB} - File not found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Laxson
->Temp folder emptied: 80711923 bytes
->Temporary Internet Files folder emptied: 21980192 bytes
->FireFox cache emptied: 45054662 bytes
->Flash cache emptied: 142901 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12580 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 141.00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 04072011_111143

Files\Folders moved on Reboot...
C:\Users\Laxson\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

SuperDave · « **Reply #6 on:** April 07, 2011, 01:01:48 PM »

Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

link # 1
Link # 2
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

bilaxon · « **Reply #7 on:** April 07, 2011, 02:21:11 PM »

ComboFix 11-04-03.03 - Laxson 04/07/2011 15:25:23.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3839.3041 [GMT -4:00]
Running from: c:\users\Laxson\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-03-07 to 2011-04-07 )))))))))))))))))))))))))))))))
.
.
2011-04-07 19:27 . 2011-04-07 19:27   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-04-07 15:11 . 2011-04-07 15:11   --------   d-----w-   C:\_OTL
2011-04-07 13:52 . 2011-04-07 13:52   --------   d-----w-   c:\users\Laxson\AppData\Roaming\Avira
2011-04-07 13:19 . 2011-04-07 13:19   --------   d-----w-   c:\programdata\Avira
2011-04-07 13:19 . 2011-04-07 13:19   --------   d-----w-   c:\program files (x86)\Avira
2011-04-07 13:19 . 2011-03-04 18:37   116568   ----a-w-   c:\windows\system32\drivers\avipbb.sys
2011-04-07 13:19 . 2011-03-04 18:37   83120   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
2011-04-05 17:10 . 2011-04-05 17:10   --------   d-----w-   c:\users\Laxson\AppData\Local\Mozilla
2011-04-05 16:42 . 2009-10-10 03:17   14336   ----a-w-   c:\windows\system32\drivers\sffp_sd.sys
2011-04-05 16:14 . 2011-04-05 16:14   --------   d-----w-   c:\users\Laxson\AppData\Local\Diagnostics
2011-04-05 15:42 . 2011-01-17 06:17   197120   ----a-w-   c:\windows\system32\d3d10_1.dll
2011-04-05 15:42 . 2011-01-17 05:38   161792   ----a-w-   c:\windows\SysWow64\d3d10_1.dll
2011-04-05 13:10 . 2011-04-05 13:10   --------   d-----w-   c:\programdata\MFAData
2011-04-05 12:12 . 2011-04-05 12:13   --------   d-----w-   c:\program files\CCleaner
2011-04-05 12:12 . 2011-03-23 14:11   8424784   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{3C0479D1-E425-45D6-9A1B-6C9A9C8AC6D8}\mpengine.dll
2011-04-04 20:54 . 2011-04-05 12:26   --------   d-----w-   c:\users\Laxson\AppData\Roaming\HPAppData
2011-04-04 20:01 . 2011-04-04 20:01   --------   d-----w-   c:\users\Laxson\AppData\Local\Adobe
2011-04-04 19:41 . 2011-04-04 19:41   --------   d-----w-   c:\users\Laxson\AppData\Local\Apple
2011-04-04 19:31 . 2011-04-04 20:25   --------   d-----w-   c:\users\Laxson\AppData\Local\AOL
2011-04-04 19:27 . 2011-04-04 19:27   --------   d-----w-   c:\users\Laxson\AppData\Roaming\Malwarebytes
2011-04-04 19:27 . 2010-12-20 22:09   38224   ----a-w-   c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-04 19:27 . 2011-04-04 19:27   --------   d-----w-   c:\programdata\Malwarebytes
2011-04-04 19:27 . 2011-04-04 19:27   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2011-04-04 19:27 . 2010-12-20 22:08   24152   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-04-04 17:21 . 2011-04-04 17:21   --------   d-----w-   c:\users\Laxson\AppData\Roaming\SUPERAntiSpyware.com
2011-04-04 17:21 . 2011-04-04 17:21   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 22:11 . 2009-11-19 22:30   270720   ------w-   c:\windows\system32\MpSigStub.exe
2011-01-26 06:53 . 2011-02-09 17:29   982912   ----a-w-   c:\windows\system32\drivers\dxgkrnl.sys
2011-01-26 06:53 . 2011-02-09 17:29   265088   ----a-w-   c:\windows\system32\drivers\dxgmms1.sys
2011-01-26 06:31 . 2011-02-09 17:29   144384   ----a-w-   c:\windows\system32\cdd.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-04_18.36.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-04-07 16:46   32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-04-02 12:31   32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-04-02 12:31   32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-07 16:46   32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-04-02 12:31   16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-07 16:46   16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-09-08 03:17 . 2011-04-07 15:16   45110 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-04-07 15:16   46406 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-11-18 14:33 . 2011-04-07 15:16   15602 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1530017569-303028045-3225734056-1000_UserData.bin
- 2009-07-14 05:30 . 2011-03-31 17:41   86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2011-04-06 16:09   86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-04-05 16:42 . 2009-10-10 03:17   14336 c:\windows\system32\DriverStore\FileRepository\sffdisk.inf_amd64_neutral_2790a2fc3fcffde4\sffp_sd.sys
+ 2009-07-14 00:01 . 2009-07-14 00:01   13824 c:\windows\system32\DriverStore\FileRepository\sffdisk.inf_amd64_neutral_2790a2fc3fcffde4\sffp_mmc.sys
+ 2009-07-14 00:01 . 2009-07-14 00:01   14336 c:\windows\system32\DriverStore\FileRepository\sffdisk.inf_amd64_neutral_2790a2fc3fcffde4\sffdisk.sys
- 2009-11-18 14:28 . 2011-03-25 01:52   32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-18 14:28 . 2011-04-06 16:10   32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-03-25 01:52   16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-06 16:10   16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2011-04-07 16:18   80352 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 04:46 . 2011-03-28 11:45   80352 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-11-18 14:33 . 2011-04-07 19:14   16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-18 14:33 . 2011-04-02 13:03   16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-18 14:33 . 2011-04-02 13:03   16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-18 14:33 . 2011-04-07 19:14   16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-06-05 01:53 . 2010-09-30 02:01   49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-06-05 01:53 . 2011-04-05 07:01   49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2011-04-04 18:22 . 2011-04-04 18:22   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-04-07 15:14 . 2011-04-07 15:14   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-04-04 18:22 . 2011-04-04 18:22   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-04-07 15:14 . 2011-04-07 15:14   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-11-19 00:19 . 2011-04-07 19:11   324994 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 02:36 . 2011-04-04 17:21   628082 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-04-04 20:33   628082 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-04-04 17:21   108260 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-04-04 20:33   108260 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:30 . 2011-04-06 16:09   143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-03-31 17:41   143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2010-11-16 06:38   143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2011-04-06 16:09   143360 c:\windows\system32\DriverStore\infstor.dat
+ 2011-04-05 16:42 . 2009-10-10 02:41   109056 c:\windows\system32\DriverStore\FileRepository\sdbus.inf_amd64_neutral_788ac264b4f52f85\sdbus.sys
+ 2009-07-14 05:31 . 2011-04-06 16:09   399360 c:\windows\system32\DriverStore\drvindex.dat
- 2009-07-14 05:31 . 2010-09-30 12:36   399360 c:\windows\system32\DriverStore\drvindex.dat
- 2009-07-14 05:01 . 2011-04-02 14:04   311724 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-04-07 15:13   311724 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-12 16:16 . 2009-07-12 16:16   223232 c:\windows\Installer\4844019.msi
+ 2009-07-14 04:45 . 2011-04-07 15:17   3801083 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-03-25 11:47   3801083 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-11-18 15:12 . 2011-04-02 14:04   2151432 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-11-18 15:12 . 2011-04-07 15:13   2151432 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 02:34 . 2011-04-07 16:27   10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2011-04-02 13:11   10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-04-04 19:35 . 2011-04-04 19:35   20304384 c:\windows\Installer\40b11.msp
+ 2011-04-05 07:00 . 2011-04-05 07:00   20308992 c:\windows\Installer\24479b7.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-16 1668664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP KEYBOARDx"="c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2009-07-15 715264]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-15 98304]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-22 1314816]
"Buttons & OSDs control application gen3"="c:\program files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe" [2009-07-03 212992]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\hp\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
R1 SASDIFSV;SASDIFSV;c:\users\Laxson\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS

R1 SASKUTIL;SASKUTIL;c:\users\Laxson\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\DRIVERS\hidkmdf.sys

R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys

R3 ssrangdr;ssrangdr;c:\windows\system32\DRIVERS\ssrangdr.sys

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-03-04 135336]
S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2009-07-09 21560]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [2010-05-20 101048]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2009-10-22 517632]
S3 ACPIService;Buttons and OSDs ACPI driver gen2;c:\windows\system32\DRIVERS\OSDACPI.SYS

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys

S3 NW1950;NextWindow 1950 Touch Screen;c:\windows\system32\DRIVERS\NW1950.sys

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys

.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-05 c:\windows\Tasks\HPCeeScheduleForLaxson.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 09:22]
.
2011-03-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- x86-64 -----------
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=crossfire&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
FF - ProfilePath - c:\users\Laxson\AppData\Roaming\Mozilla\Firefox\Profiles\kmssm71e.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files (x86)\McAfee\SiteAdvisor
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-04-07 15:29:43
ComboFix-quarantined-files.txt 2011-04-07 19:29
ComboFix2.txt 2011-04-05 16:40
ComboFix3.txt 2011-04-05 12:54
ComboFix4.txt 2011-04-04 18:38
.
Pre-Run: 442,866,192,384 bytes free
Post-Run: 442,578,735,104 bytes free
.
- - End Of File - - 5DBC8736576EE229FF0F1198B7C6D538

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 4:18:33 PM, on 4/7/2011
Platform: Unknown Windows (WinNT 6.01.3504)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe
C:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\JAN2OSD.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Users\Laxson\Desktop\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=crossfire&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [HP KEYBOARDx] "C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Buttons & OSDs control application gen3] c:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: CalendarSynchService - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
O23 - Service: McciCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9130 bytes

SuperDave · « **Reply #8 on:** April 07, 2011, 04:37:34 PM »

Any change in the re-directs?

Please download Rooter and Save it to your desktop.

Double click it to start the tool.Vista and Windows7 run as administrator.
Click Scan.
Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.

bilaxon · « **Reply #9 on:** April 08, 2011, 09:29:20 AM »

Rooter seems to be stalling... I've tried a couple of times to run it and it just sits with the "Please wait..." for several hours, task manager shows it to be active but not using any CPU %

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows 7 Home Edition (6.1.7600)
[32_bits] - AMD64 Family 16 Model 6 Stepping 2, AuthenticAMD
.
[wscsvc] (Security Center) RUNNING (state:4)
.
C:\Rooter$\Rooter_2.txt - (08/04/2011 | 11:27.42)

~~~~~~~~~~~~~~~~~~~~~~~~~
the redirects don't seem to be ...redirecting, but it acts like the DNS is totally hosed - I am running Firefox in Safemode and I can go to google and run searches and whatnot, but I can not open various pages like www.aol.com, www.microsoft.com, www.mcafee.com or even www.yahoo.com, and even the pages like www.google.com seem to take forever to load

everything works fine for those sites on every other computer in the house

SuperDave · « **Reply #10 on:** April 08, 2011, 11:52:39 AM »

Please navigate to Start>Run and type cmd

in the window that pops up type ipconfig /flushdns

******************************
Please download the Sophos Anti-Rootkit Scanner and save it to your desktop.

You will need to enter your name, e-mail address and location in order to access the download page.

Once you have downloaded the file, double click the sarsfx icon
Review the licence agreement and click on the Accept button
The scanner will prompt you to extract the files to C:\SOPHTEMP - DO NOT change this location, simply click the Install button
Once the files have been extracted; using Windows Explorer, navigate to C:\SOPHTEMP and double click on the blue shield icon called sargui
Ensure that there are checkmarks next to Running processes, Windows registry and Local hard drives, then click Start scan
Allow the program to scan your computer - please be patient as it may take some time
Once the scan has completed a window will pop-up with the results of the scan - click OK to this
In the main window, you will see each of the entries found by the scan (if any)

If the scanner generated any warning messages, please click on each warning and copy and paste the text of it into this thread for me to review
Once you have posted any warning messages here, you can close the scanner and wait for me to get back to you

If you have not had any warnings, any entries which can be cleaned up by the scanner will have a box with a green checkmark in it next to the entry
To clean up these entries click on the Clean up checked items button
If you accidentally check a file NOT recommended for clean up, you will get a warning message and if necessary can re-select the entries you want to clean up
Once you have cleaned the selected files, you will be prompted to re-boot your computer - please do so
When you have re-booted, please post a fresh HijackThis log into this thread and tell me how your computer is running now

bilaxon · « **Reply #11 on:** April 08, 2011, 03:08:09 PM »

the Sophos scan would not let me check the "Running Processes" item - it was grayed out (but I will try to run it again after another reboot)

it found two hidden items:

Area:   Local hard drives
Description:   Unknown hidden file
Location:   C:\ProgramData\Microsoft\RAC\Temp\sql4C9A.tmp
Removable:   Yes (but clean up not recommended for this file)
Notes:   (no more detail available)
Area:   Local hard drives
Description:   Unknown hidden file
Location:   C:\ProgramData\Microsoft\RAC\Temp\sql4CCA.tmp
Removable:   Yes (but clean up not recommended for this file)
Notes:   (no more detail availab

SuperDave · « **Reply #12 on:** April 08, 2011, 07:35:10 PM »

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

bilaxon · « **Reply #13 on:** April 09, 2011, 08:13:15 AM »

I had a lot of problems trying to get ESET to install and run - redownloaded it twice and reinstalled it three times before I could get it to run all the way through without stopping at an "unknown error"

when it finally DID run all the way thorugh, it said it found no threats, and gave no option to export a log file

here is a current HijackThis report:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:09:39 AM, on 4/9/2011
Platform: Unknown Windows (WinNT 6.01.3504)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\JAN2OSD.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Laxson\Desktop\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=crossfire&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [HP KEYBOARDx] "C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Buttons & OSDs control application gen3] c:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: CalendarSynchService - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
O23 - Service: McciCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9183 bytes

SuperDave · « **Reply #14 on:** April 09, 2011, 08:27:55 AM »

Ok. If there are no other issues, it's time for some cleanup.

To uninstall ComboFix

Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
In the field, type in ComboFix /uninstall

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

Then, press Enter, or click OK.
This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

************************************************
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

Click the CleanUp button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
*************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
************************************************
Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
**************************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

bilaxon · « **Reply #15 on:** April 09, 2011, 09:19:35 AM »

I am still having the same major problems with blocked access to common websites, removal tools, some downloads and windows updates, whatever findgala did to screw up the DNS resolution is still in there...

i can ping some web addresses but not others - its extremely frustrating

it still will not allow access to www.aol.com, www.microsoft.com, www.yahoo.com etc...

i have tried some experiments with pinging these sites and their ip addresses and it literally blocks all of them and just times out, where as other sites that I CAN access work just fine (avg 26ms round trip time)

SuperDave · « **Reply #16 on:** April 09, 2011, 12:16:48 PM »

Please run Notepad (start > All Programs > Accessories >
Notepad) and copy and paste the text in the code box into a new file:

Code: [Select]

@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0

•Go to the File menu at the top of the Notepad and select Save as.

•Select save in: desktop

•Fill in File name: test.bat

•Save as type: All file types (*.*)

•Click save.

•Close the Notepad.

•Locate and double-click test.bat on the desktop.

•A notepad opens, copy and paste the content it (log1.txt) to your reply.
****************************************************************
Go Start>Run ("Start search" in Vista), type in:
cmd
Click OK (hit Enter in Vista).

At Command Prompt, paste this:
ipconfig /all>c:\ipconfig_all.txt&notepad c:\ipconfig_all.txt&exit
Hit Enter.

Copy and paste what you see in Notepad into a Reply here.

bilaxon · « **Reply #17 on:** April 11, 2011, 06:22:35 AM »

Windows IP Configuration

Host Name . . . . . . . . . . . . : Laxson-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : dqstarter.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : dqstarter.local
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 90-E6-BA-32-DF-F8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5cc:588c:8575:547f%21(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.106(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, April 09, 2011 11:05:43 AM
Lease Expires . . . . . . . . . . : Tuesday, April 19, 2011 8:00:40 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 361817786
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-46-AB-0E-90-E6-BA-32-DF-F8
DNS Servers . . . . . . . . . . . : 192.168.1.1
Primary WINS Server . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : 802.11n Wireless LAN Card
Physical Address. . . . . . . . . : 00-26-82-21-D4-AA
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.gateway.2wire.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.dqstarter.local:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : dqstarter.local
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.93.103
     74.125.93.147
     74.125.93.106
     74.125.93.104
     74.125.93.105
     74.125.93.99

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 69.147.125.65
     72.30.2.43
     98.137.149.56
     209.191.122.70
     67.195.160.76

Pinging google.com [74.125.93.103] with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 74.125.93.103:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Pinging yahoo.com [69.147.125.65] with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 69.147.125.65:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

===========================================================================
Interface List
21...90 e6 ba 32 df f8 ......Realtek PCIe GBE Family Controller
11...00 26 82 21 d4 aa ......802.11n Wireless LAN Card
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.106 20
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.106 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.106 276
192.168.1.106 255.255.255.255 On-link 192.168.1.106 276
192.168.1.255 255.255.255.255 On-link 192.168.1.106 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.106 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.106 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
21 276 fe80::/64 On-link
21 276 fe80::5cc:588c:8575:547f/128
On-link
1 306 ff00::/8 On-link
21 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

Windows IP Configuration

Host Name . . . . . . . . . . . . : Laxson-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : dqstarter.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : dqstarter.local
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 90-E6-BA-32-DF-F8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5cc:588c:8575:547f%21(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.106(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, April 09, 2011 11:05:43 AM
Lease Expires . . . . . . . . . . : Tuesday, April 19, 2011 8:00:41 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 361817786
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-46-AB-0E-90-E6-BA-32-DF-F8
DNS Servers . . . . . . . . . . . : 192.168.1.1
Primary WINS Server . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : 802.11n Wireless LAN Card
Physical Address. . . . . . . . . : 00-26-82-21-D4-AA
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.gateway.2wire.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.dqstarter.local:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : dqstarter.local
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

bilaxon · « **Reply #18 on:** April 11, 2011, 07:04:13 AM »

i ran that batch file a few more times (i added aol.com in there) and got a different result for yahoo once:

Name: aol.com
Addresses: 64.12.79.57
     205.188.100.58
     207.200.74.38

Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.93.106
     74.125.93.105
     74.125.93.103
     74.125.93.147
     74.125.93.104
     74.125.93.99

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 69.147.125.65
     72.30.2.43
     98.137.149.56
     209.191.122.70
     67.195.160.76

Pinging aol.com [205.188.100.58] with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 205.188.100.58:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Pinging google.com [74.125.93.106] with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 74.125.93.106:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Pinging yahoo.com [69.147.125.65] with 32 bytes of data:
Reply from 69.147.125.65: bytes=32 time=34ms TTL=56
Reply from 69.147.125.65: bytes=32 time=33ms TTL=56

Ping statistics for 69.147.125.65:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 33ms, Maximum = 34ms, Average = 33ms

SuperDave · « **Reply #19 on:** April 11, 2011, 12:34:39 PM »

How are you connected to the modem? Hardwire or wireless? Do you try re-setting the modem?

bilaxon · « **Reply #20 on:** April 11, 2011, 01:49:30 PM »

its hardwired to the cable modem through a router

no other computer has any problems with any of these sites - or any other problems connecting to the internet at all.

bypassing the router and connecting directly to the modem makes no difference

I have tried using the netsh command to reset the TCPIP stack, reinstalled the NIC driver, and practically everything else that i can think of - it just will not connect to some sites at all, strangely though it will intermittently connect to yahoo or google - i got this on my last test:

Name: aol.com
Addresses: 207.200.74.38
     64.12.79.57
     205.188.100.58

Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.93.104
     74.125.93.147
     74.125.93.99
     74.125.93.105
     74.125.93.103
     74.125.93.106

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 67.195.160.76
     69.147.125.65
     72.30.2.43
     98.137.149.56
     209.191.122.70

Pinging aol.com [207.200.74.38] with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 207.200.74.38:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Pinging google.com [74.125.93.104] with 32 bytes of data:
Reply from 74.125.93.104: bytes=32 time=44ms TTL=54
Reply from 74.125.93.104: bytes=32 time=41ms TTL=54

Ping statistics for 74.125.93.104:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 41ms, Maximum = 44ms, Average = 42ms

Pinging yahoo.com [67.195.160.76] with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 67.195.160.76:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

SuperDave · « **Reply #21 on:** April 12, 2011, 07:56:45 PM »

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory..

Computer Hope Forum

News:

Author Topic: Findgala hijack removal (Read 21280 times)

bilaxon

bilaxon

SuperDave

bilaxon

SuperDave

bilaxon

SuperDave

bilaxon

SuperDave

bilaxon

SuperDave

bilaxon

SuperDave

bilaxon

SuperDave

bilaxon

SuperDave

bilaxon

bilaxon

SuperDave

bilaxon

SuperDave