Jump to content

Build Theme!
  •  
  • Infected?

Welcome Guest to What the Tech - Register now for FREE

We specialize in the removal of malicious software (malware), but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn. Explore our message boards, or register now to post messages of your own. Please Start Here. Register today (registration removes advertising)

Create an Account Login to Account


Photo

My internet ONLY works in Safe Mode [Solved]


  • This topic is locked This topic is locked
57 replies to this topic

#1 christal91

christal91

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 17 May 2012 - 04:43 PM

So a couple of nights ago I was watching a video on the internet and once it was over I tried getting on facebook but internet connection wasn't working! I tried restarting the modem and my computer but nothing. The little monitor on the task bar keeps a yellow ! sign on it and says "Identifying Network....No Internet Access" even though all my lights were showing on the modem like they were suppose to. However when I boot it in Safe mode w/ netoworking, it works perfectly. I called my service provider, ATT, and I ran through every troubleshooting and she says its probably a virus on my laptop and I think it is too because I have another laptop that I use strictly for work and the internet works perfect on there. I didn't run an OTL because I'm not sure if it would work the same in Safe mode. Also, I'm not sure if this is related but the same time I started having internet problems, my Norton firewall started acting up. I get a little red X on my norton icon in the task bar and it says AT RISK, so I clicked, fixed now, and it says can't fix, error with my Smart Firewall. But that only shows sometimes when I boot up in regular mode and other times it says Secure. Any help is greatly appreciated **Update: The internet is right now working in regular mode but not letting me access Norton. The norton icon isn't even in my taskbar anymore???

Edited by christal91, 19 May 2012 - 10:09 PM.


#2 mrp

mrp

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPip
  • 992 posts

Posted 20 May 2012 - 07:30 AM

Hello and welcome to What the Tech.

My name is Michael and I will be helping you with your computer problems.

Be aware that I am currently in training, which means that my replies must first be approved by one of my teachers. This may cause a slight delay in my responses, but keep in mind that this process is only to ensure you are receiving advice of the utmost accuracy.

Please keep the following points in mind:
  • Malware research is often a time consuming process and sometimes multiple tools/methods will have to be employed before an infection is completely dealt with. Please be patient during the process of removal.
  • Read my instructions carefully before carrying them out. Also, consider printing out any instructions in case you lose your Internet connection.
  • If you have any questions, please ask before carrying out a fix. Clearing up any confusion beforehand will save time in the long run. That said, I will try to post instructions as clearly and concisely as possible.
  • Please reply to this thread. Do not start a new topic, and do not request help on other forums during the course of the cleaning process.
  • If you do not reply after three (3) days, your thread will be closed.
IMPORTANT NOTE: Please do not delete anything unless instructed to.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

I will be back as soon as possible with a response.

#3 christal91

christal91

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 20 May 2012 - 09:04 AM

Thanks so much Michael for working with me! :)

#4 mrp

mrp

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPip
  • 992 posts

Posted 20 May 2012 - 01:13 PM

  • OTL

    Download OTL to your desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /rp /s
    DRIVES
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

[*]aswMBR

Please download aswMBR and save it to your desktop.

  • Double click aswMBR.exe to start the tool.
  • When prompted to download virus definitions, please do so.
  • Click Scan. Note: Do NOT attempt any Fix yet.
  • When the scan completes, click Save log, save it to your desktop and post it in your next reply.
  • There should also be another file that is created on your desktop named MBR.dat. Please right-click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
[/list]

#5 christal91

christal91

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 20 May 2012 - 05:50 PM

OTL.txt

OTL logfile created on: 5/20/2012 5:28:18 PM - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Christal\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 40.25% Memory free
5.86 Gb Paging File | 4.05 Gb Available in Paging File | 69.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.51 Gb Total Space | 220.22 Gb Free Space | 77.13% Space Free | Partition Type: NTFS
Drive D: | 12.38 Gb Total Space | 2.07 Gb Free Space | 16.73% Space Free | Partition Type: NTFS

Computer Name: CHRISTAL-PC | User Name: Christal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/20 17:25:49 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Christal\Downloads\OTL(1).exe
PRC - [2012/05/12 13:04:41 | 000,154,992 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\instca.exe
PRC - [2012/05/03 01:57:08 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/03/27 18:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccsvchst.exe
PRC - [2012/02/03 21:55:59 | 000,050,544 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\symerr.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/06/01 17:57:16 | 000,561,984 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
PRC - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/06/03 16:17:26 | 000,965,872 | ---- | M] (AT&T Inc.) -- C:\Users\Christal\AppData\Local\ATT Connect\Participant\pull.exe
PRC - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe
PRC - [2005/07/15 16:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/03 01:57:08 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/06/03 16:01:58 | 000,031,744 | ---- | M] () -- C:\Users\Christal\AppData\Local\ATT Connect\Participant\IwRegVC90.dll
MOD - [2002/12/06 21:15:18 | 000,418,304 | ---- | M] () -- C:\Users\Christal\AppData\Local\ATT Connect\Participant\exchndl.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/05/04 13:20:21 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/03 01:57:08 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/27 18:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe -- (NIS)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/16 15:43:12 | 002,792,280 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/29 14:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Start_Pending] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/30 07:47:58 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/03/29 01:28:38 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/03/29 01:28:30 | 001,092,728 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/03/29 01:06:25 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1307010.005\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/03/29 01:03:27 | 000,737,912 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1307010.005\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/03/29 01:03:27 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1307010.005\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2012/03/01 01:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/17 17:45:55 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symds64.sys -- (SymDS)
DRV:64bit: - [2011/11/29 17:44:29 | 000,167,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1307010.005\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2010/09/26 21:15:22 | 002,374,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/07/27 04:47:46 | 000,040,960 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50a64.sys -- (MRESP50a64)
DRV:64bit: - [2010/07/27 04:47:36 | 000,043,008 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50a64.sys -- (MREMP50a64)
DRV:64bit: - [2010/03/20 18:55:11 | 000,699,960 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/01/18 16:40:26 | 000,004,608 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcmirror.sys -- (rcmirror)
DRV:64bit: - [2009/12/01 15:49:52 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/10 09:45:10 | 000,139,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2009/06/18 23:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 19:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/05/23 01:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/29 14:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/04/29 10:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/02/13 01:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/13 01:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/13 01:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2006/06/18 09:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2012/05/18 04:25:49 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20120517.023\ex64.sys -- (NAVEX15)
DRV - [2012/05/18 04:25:49 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20120517.023\eng64.sys -- (NAVENG)
DRV - [2012/04/27 19:18:20 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\IPSDefs\20120512.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/04/02 18:38:04 | 001,160,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\BASHDefs\20120507.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/02/03 21:38:34 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/02/03 21:38:34 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/07/27 04:47:30 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/07/27 04:47:10 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{3A93316D-D387-4AD3-B9D7-446F7B54BA51}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...mp;sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{BADDF0D4-B77B-4210-BB16-DF445A2882B5}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...mrud=18-07-2011
IE - HKLM\..\SearchScopes\{3A93316D-D387-4AD3-B9D7-446F7B54BA51}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...mp;sourceid=ie7
IE - HKLM\..\SearchScopes\{BADDF0D4-B77B-4210-BB16-DF445A2882B5}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2227592550-3438150762-2319449296-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2227592550-3438150762-2319449296-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-2227592550-3438150762-2319449296-1000\..\SearchScopes,DefaultScope = {4D886D78-03BB-46A1-83DB-07C70DB67B5E}
IE - HKU\S-1-5-21-2227592550-3438150762-2319449296-1000\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...mrud=18-07-2011
IE - HKU\S-1-5-21-2227592550-3438150762-2319449296-1000\..\SearchScopes\{3A93316D-D387-4AD3-B9D7-446F7B54BA51}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKU\S-1-5-21-2227592550-3438150762-2319449296-1000\..\SearchScopes\{4D886D78-03BB-46A1-83DB-07C70DB67B5E}: "URL" = http://www.google.co...;rlz=1I7ADFA_en
IE - HKU\S-1-5-21-2227592550-3438150762-2319449296-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...mp;sourceid=ie7
IE - HKU\S-1-5-21-2227592550-3438150762-2319449296-1000\..\SearchScopes\{9E7D91DE-17C3-4355-ABD7-D93CEBA2F955}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKU\S-1-5-21-2227592550-3438150762-2319449296-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...p...o=US&ver=17
IE - HKU\S-1-5-21-2227592550-3438150762-2319449296-1000\..\SearchScopes\{BADDF0D4-B77B-4210-BB16-DF445A2882B5}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-2227592550-3438150762-2319449296-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....amp;fr=chr-atty
IE - HKU\S-1-5-21-2227592550-3438150762-2319449296-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2227592550-3438150762-2319449296-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Freecorder Customized Web Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.12.21.1
FF - prefs.js..extensions.enabledItems: {582195F5-92E7-40a0-A127-DB71295901D7}:0.6.4.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Christal\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Christal\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Christal\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\IPSFFPlgn\ [2012/03/30 10:30:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\coFFPlgn\ [2012/05/18 04:11:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/04 15:39:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/03 01:57:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/12 08:24:04 | 000,000,000 | ---D | M]

[2010/05/21 17:06:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christal\AppData\Roaming\Mozilla\Extensions
[2010/05/21 17:06:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christal\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2010/02/07 13:58:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christal\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2012/05/03 02:03:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christal\AppData\Roaming\Mozilla\Firefox\Profiles\3as6vkqu.default\extensions
[2011/07/17 23:06:06 | 000,002,342 | ---- | M] () -- C:\Users\Christal\AppData\Roaming\Mozilla\Firefox\Profiles\3as6vkqu.default\searchplugins\aol-search.xml
[2012/02/05 16:59:22 | 000,000,923 | ---- | M] () -- C:\Users\Christal\AppData\Roaming\Mozilla\Firefox\Profiles\3as6vkqu.default\searchplugins\conduit.xml
[2011/01/16 00:56:45 | 000,002,470 | ---- | M] () -- C:\Users\Christal\AppData\Roaming\Mozilla\Firefox\Profiles\3as6vkqu.default\searchplugins\safesearch.xml
[2012/03/17 10:23:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/04 15:39:56 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/03/30 10:30:31 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\IPSFFPLGN
[2012/01/06 16:11:28 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\CHRISTAL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3AS6VKQU.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/05/03 01:57:08 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/04/07 11:21:37 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2011/04/07 11:21:37 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol500.dll
[2011/03/18 12:33:21 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2012/03/03 06:33:05 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 12:33:22 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/02/24 20:44:58 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/08/26 19:44:37 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/02/24 20:44:58 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{googl
e:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chro
me&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client
=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Christal\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Christal\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Christal\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Christal\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Christal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.3.7_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files (x86)\Common Files\Motive\npMotive.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Entanglement = C:\Users\Christal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: AdBlock = C:\Users\Christal\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.33_0\
CHR - Extension: Poppit = C:\Users\Christal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Norton Identity Protection = C:\Users\Christal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.3.7_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Christal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2012/02/28 05:57:23 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2227592550-3438150762-2319449296-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2227592550-3438150762-2319449296-1000..\Run: [Push Client] C:\Users\Christal\AppData\Local\ATT Connect\Participant\pull.exe (AT&T Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2227592550-3438150762-2319449296-1000\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.h...DataManager.CAB (Reg Error: Key error.)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1303999762922 (MUCatalogWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F19EA1D7-803A-4B44-B142-1BA0BAACFDCE}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
System Restore Service not available.

========== Files/Folders - Created Within 30 Days ==========

[2012/05/19 22:59:09 | 000,000,000 | ---D | C] -- C:\6841b64af2830f572f
[2012/05/19 22:54:37 | 000,000,000 | ---D | C] -- C:\Users\Christal\AppData\Local\{925A0D08-49A1-4EBF-A4F1-7C284C8C58A1}
[2012/05/19 22:54:25 | 000,000,000 | ---D | C] -- C:\Users\Christal\AppData\Local\{045D1FC3-AA0D-4903-9D15-C9122EC537AA}
[2012/05/18 05:29:26 | 000,000,000 | ---D | C] -- C:\Users\Christal\AppData\Local\{9F627798-9F36-4BA4-9E6B-D6001800CAF2}
[2012/05/18 04:10:42 | 000,000,000 | ---D | C] -- C:\Users\Christal\AppData\Local\{A4E642F1-2275-4EE0-B469-4DB93D30870B}
[2012/05/18 04:10:30 | 000,000,000 | ---D | C] -- C:\Users\Christal\AppData\Local\{F79CF1D6-FBB1-4C4E-B101-CBC59DCB9E29}
[2012/05/17 17:05:04 | 000,000,000 | ---D | C] -- C:\Users\Christal\AppData\Local\{44CBD677-AA63-4467-8707-C6D883F86984}
[2012/05/17 15:06:41 | 000,000,000 | ---D | C] -- C:\Users\Christal\AppData\Local\{334103DD-D09E-4858-8B41-F44515E580E0}
[2012/05/16 15:19:39 | 000,000,000 | ---D | C] -- C:\Users\Christal\AppData\Local\{038DD4A5-0D22-4A7E-B41A-CE5D5F40D8BD}
[2012/05/16 14:40:13 | 000,000,000 | ---D | C] -- C:\Users\Christal\AppData\Local\{D3421AB9-4339-429E-999F-241B7B167F68}
[2012/05/16 03:45:45 | 000,000,000 | ---D | C] -- C:\Users\Christal\AppData\Local\{465B7967-FFC3-4C31-A2DA-88F0E46F86C6}
[2012/05/16 03:40:09 | 000,000,000 | ---D | C] -- C:\Users\Christal\AppData\Local\{DB23BA75-F169-4745-BCBC-217FFABAF29C}
[2012/05/16 03:39:52 | 000,000,000 | ---D | C] -- C:\Users\Christal\AppData\Local\{DA0AE683-759C-411E-80AD-5822741B3D54}
[2012/05/16 03:09:35 | 000,000,000 | ---D | C] -- C:\Users\Christal\AppData\Local\{4417FB9A-758A-43A4-B1B8-869061CB6B50}
[2012/05/13 12:29:47 | 000,000,000 | ---D | C] -- C:\Users\Christal\AppData\Local\{B4392C3F-7D3E-4DF0-BD12-A217ADB52F16}
[2012/05/13 12:29:32 | 000,000,000 | ---D | C] -- C:\Users\Christal\AppData\Local\{C515ACEE-366B-4B5A-8D9F-FF5456D6FE30}
[2012/05/13 02:55:35 | 000,000,000 | ---D | C] -- C:\Users\Christal\AppData\Local\{7B252D17-AC33-452E-8077-530D0F882592}
[2012/05/13 02:55:22 | 000,000,000 | ---D | C] -- C:\Users\Christal\AppData\Local\{00B702AF-E058-4C84-ACD4-D6E2E93AD4AD}
[2012/05/11 12:26:27 | 000,000,000 | ---D | C] -- C:\Users\Christal\AppData\Local\{9BDF2F2F-7454-41FF-91E2-058CCEE16D5B}
[2012/05/11 12:26:15 | 000,000,000 | ---D | C] -- C:\Users\Christal\AppData\Local\{EEC13199-8870-4A40-941E-0FABC2E9F5C9}
[2012/05/10 18:08:41 | 000,000,000 | ---D | C] -- C:\Users\Christal\AppData\Local\{E0AE54ED-7309-42A1-8E6D-F7A5F6B7B210}
[2012/05/10 18:08:27 | 000,000,000 | ---D | C] -- C:\Users\Christal\AppData\Local\{ADDBB3DF-17FB-4D63-BA52-3C650557C5ED}
[2012/05/10 10:29:04 | 000,000,000 | ---D | C] -- C:\Users\Christal\AppData\Local\{FC3C662D-36E3-4914-95A4-A96358661D53}
[2012/05/10 10:28:51 | 000,000,000 | ---D | C] -- C:\Users\Christal\AppData\Local\{D5248094-9F4B-4E8B-818C-802A47F5F292}
[2012/05/10 10:07:05 | 000,000,000 | ---D | C] -- C:\Users\Christal\AppData\Local\{4E66604D-EF6B-401D-9FF0-AC7F699D0085}
[2012/05/10 10:06:53 | 000,000,000 | ---D | C] -- C:\Users\Christal\AppData\Local\{C02B854D-EA46-4CBE-9864-5B8F960DC123}
[2012/05/10 07:07:00 | 000,000,000 | ---D | C] -- C:\Users\Christal\AppData\Local\{6E7B8B98-3A10-4AFC-B55F-9A9FB939FA4B}
[2012/05/10 07:06:49 | 000,000,000 | ---D | C] -- C:\Users\Christal\AppData\Local\{AB9C5B78-45C3-4DA3-A581-97902DB3DB43}
[2012/05/06 18:34:54 | 000,000,000 | ---D | C] -- C:\Users\Christal\AppData\Local\{18516181-D461-4138-AB79-B4B557DB2931}
[2012/05/06 18:34:41 | 000,000,000 | ---D | C] -- C:\Users\Christal\AppData\Local\{C9692668-E4CE-4FA2-8F90-BAC172C5723B}
[2012/05/03 01:57:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/05/03 01:57:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/03 01:34:21 | 000,000,000 | ---D | C] -- C:\Users\Christal\AppData\Local\{23CC1170-05A9-4499-8669-F670E59A6F74}
[2012/05/03 01:34:09 | 000,000,000 | ---D | C] -- C:\Users\Christal\AppData\Local\{30CF023E-49BB-441C-9C79-9D15A080F010}
[2012/05/02 04:28:36 | 000,000,000 | ---D | C] -- C:\Users\Christal\AppData\Local\{C87F59CB-18A8-426B-8022-2FE61557221B}
[2012/05/02 04:28:24 | 000,000,000 | ---D | C] -- C:\Users\Christal\AppData\Local\{E6BCC74C-7DC0-42CC-888D-FB56DAB07129}
[2012/04/26 13:25:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/04/26 13:24:07 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/04/26 13:24:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/04/25 06:07:34 | 000,000,000 | ---D | C] -- C:\Users\Christal\AppData\Local\{65407A03-E0A3-4825-9398-88C3B46899A0}
[2012/04/25 06:07:19 | 000,000,000 | ---D | C] -- C:\Users\Christal\AppData\Local\{660092CC-695F-4C02-B63B-8062039A7167}

========== Files - Modified Within 30 Days ==========

[2012/05/20 17:37:27 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/20 17:34:15 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2227592550-3438150762-2319449296-1000Core.job
[2012/05/20 17:23:32 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2227592550-3438150762-2319449296-1000UA.job
[2012/05/20 17:23:32 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/20 17:23:12 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/20 17:23:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/20 00:55:44 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/20 00:55:44 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/19 23:00:13 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/05/19 22:53:37 | 000,002,452 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/05/19 22:53:20 | 2361,802,752 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/18 05:28:35 | 002,084,489 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\Cat.DB
[2012/05/18 05:28:04 | 000,008,942 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\VT20120410.034
[2012/05/17 17:02:21 | 528,058,688 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/05/16 13:29:44 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/13 02:40:04 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\isolate.ini
[2012/05/12 23:46:55 | 000,002,828 | -HS- | M] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2012/05/10 18:09:32 | 002,084,489 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1307000.009\Cat.DB
[2012/05/10 03:20:59 | 000,391,024 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/10 03:11:59 | 000,757,850 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/10 03:11:59 | 000,636,864 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/10 03:11:59 | 000,110,980 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/03 01:41:58 | 000,000,056 | ---- | M] () -- C:\{EFEC763C-420B-4870-8FED-0D8F005109B3}
[2012/04/28 06:59:46 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForChristal.job
[2012/04/26 13:25:03 | 000,001,743 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/25 05:58:49 | 000,008,942 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1307000.009\VT20120410.034

========== Files Created - No Company Name ==========

[2012/05/19 23:00:13 | 000,002,052 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/05/03 01:41:58 | 000,000,056 | ---- | C] () -- C:\{EFEC763C-420B-4870-8FED-0D8F005109B3}
[2012/04/26 13:25:03 | 000,001,743 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/06/21 13:17:48 | 000,000,000 | ---- | C] () -- C:\Users\Christal\AppData\Local\{0BD5EFAA-87D3-4C4D-A290-B6C066CFC97E}
[2011/01/08 22:24:11 | 000,001,854 | ---- | C] () -- C:\Users\Christal\AppData\Roaming\GhostObjGAFix.xml
[2011/01/04 19:11:36 | 000,001,940 | ---- | C] () -- C:\Users\Christal\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/10/15 21:25:22 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/06/07 00:21:02 | 000,001,582 | ---- | C] () -- C:\Users\Christal\AppData\Roaming\wklnhst.dat

========== LOP Check ==========

[2011/08/02 14:12:08 | 000,000,000 | ---D | M] -- C:\Users\Christal\AppData\Roaming\ATT Connect
[2011/04/07 11:21:38 | 000,000,000 | ---D | M] -- C:\Users\Christal\AppData\Roaming\Catalina Marketing Corp
[2011/12/14 09:08:41 | 000,000,000 | ---D | M] -- C:\Users\Christal\AppData\Roaming\CoreFTP
[2010/11/25 18:28:26 | 000,000,000 | ---D | M] -- C:\Users\Christal\AppData\Roaming\FrostWire
[2011/09/11 13:20:52 | 000,000,000 | ---D | M] -- C:\Users\Christal\AppData\Roaming\Gmail Notifier Plus
[2010/07/22 14:06:31 | 000,000,000 | ---D | M] -- C:\Users\Christal\AppData\Roaming\Jasc
[2012/05/11 22:52:09 | 000,000,000 | ---D | M] -- C:\Users\Christal\AppData\Roaming\MP3Rocket
[2011/11/12 21:39:49 | 000,000,000 | ---D | M] -- C:\Users\Christal\AppData\Roaming\ooVoo Details
[2012/02/16 01:12:08 | 000,000,000 | -H-D | M] -- C:\Users\Christal\AppData\Roaming\RPPrivate
[2011/07/16 22:29:48 | 000,000,000 | ---D | M] -- C:\Users\Christal\AppData\Roaming\Screaming Bee
[2010/06/07 00:21:04 | 000,000,000 | ---D | M] -- C:\Users\Christal\AppData\Roaming\Template
[2011/09/03 22:55:40 | 000,000,000 | ---D | M] -- C:\Users\Christal\AppData\Roaming\Tific
[2010/05/21 17:10:17 | 000,000,000 | ---D | M] -- C:\Users\Christal\AppData\Roaming\Vivox
[2011/04/30 00:16:04 | 000,000,000 | ---D | M] -- C:\Users\Christal\AppData\Roaming\Windows Live Writer
[2012/05/17 15:57:30 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2009/12/28 07:53:54 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/12/28 07:53:54 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/12/28 07:53:54 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2009/12/28 07:53:54 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /rp /s >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD3200BEVT-60ZCT1 ATA Device
Partitions: 3
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 0.00GB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 286.00GB
Starting Offset: 209715200
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 12.00GB
Starting Offset: 306776637440
Hidden sectors: 0


< End of report >

EXTRAS.TXT

OTL Extras logfile created on: 5/20/2012 5:28:18 PM - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Christal\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 40.25% Memory free
5.86 Gb Paging File | 4.05 Gb Available in Paging File | 69.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.51 Gb Total Space | 220.22 Gb Free Space | 77.13% Space Free | Partition Type: NTFS
Drive D: | 12.38 Gb Total Space | 2.07 Gb Free Space | 16.73% Space Free | Partition Type: NTFS

Computer Name: CHRISTAL-PC | User Name: Christal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2227592550-3438150762-2319449296-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.Christal] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C049204-3798-48F9-B312-D5AC919169D5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1DC14BAB-C4E9-400A-A10B-A7DC626C433A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3399FEC0-5743-4C62-B387-5CCE1448DD29}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{36E0F403-36F6-4B22-B798-F4442DA92935}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{42917DDC-5749-42A9-BD9F-1853CC45DBA6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{597AEEB8-1735-409D-9C86-A75790CB4AB3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{604708F6-9E72-4149-987E-FAF1A278E849}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6C95EA93-EB4A-4384-BE28-56A629FF51D6}" = rport=445 | protocol=6 | dir=out | app=system |
"{75DCC1B2-568E-4E07-B20E-2157A98AA081}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8195E031-9000-416E-9991-6DD905776075}" = rport=139 | protocol=6 | dir=out | app=system |
"{95E65513-F628-45B8-85E0-3D974DAD173B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A9A84434-6CD2-4A16-8557-407D356D677A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AE17DC0D-EEB7-4BA3-A5C0-45E80F9D709E}" = lport=138 | protocol=17 | dir=in | app=system |
"{B52F4FC3-DB82-4B74-A9A3-F258552216A2}" = lport=445 | protocol=6 | dir=in | app=system |
"{BE0F3BAA-BCA3-45B0-98C9-950C2ED96D46}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BED6CFD3-B127-407A-A386-3F6ADCC60CE7}" = rport=138 | protocol=17 | dir=out | app=system |
"{C0381B93-D245-4369-AB2F-4FB1296145CE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C74B6BC7-7AB0-41DD-B248-4586C7303E7B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C81AB1B2-F04E-4268-A471-E260CD0975A5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C88C9143-F7AA-4D5F-839F-0B9BC690ABB3}" = lport=137 | protocol=17 | dir=in | app=system |
"{CA0E67D0-D422-4B1F-AE86-FAE62B3418BF}" = lport=139 | protocol=6 | dir=in | app=system |
"{F0599997-29E7-4FCD-8FDC-40C63BABE27A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F5937AE2-2F20-4CD7-B706-7039EFA30866}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F9D92B4C-62E0-4F68-BE8D-4722BCD0707A}" = rport=137 | protocol=17 | dir=out | app=system |
"{FC7A0391-49F0-4158-A862-6E94CF2337E3}" = lport=10243 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0277E4B8-DAFB-4158-A5BF-F865DB39D09D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{074CF606-51DC-4C2E-97E9-8293F445D745}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{0776238F-B9BC-4FD1-AFCB-E71626E1D21B}" = protocol=6 | dir=out | app=system |
"{098AC95C-9342-47B3-A6C0-A6A577BAF080}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1B2DA27C-8C11-4A41-B612-142A1497A6C7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1B8EB752-3E77-4E3B-8732-9F5D694EFD45}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1F2AE6D0-97AE-4190-9E05-DE4DB4415990}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{23B896FE-534B-4792-85EA-27FA1631F27A}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |
"{2A2D7EFA-0F97-452E-9512-87A10D2CB90A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3101D0AD-74A1-46EE-A318-F17E7FBD725C}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{33B7A053-F974-41C2-AB7B-76AEE1FFA26B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3423E93E-FD55-43BF-9564-7B682FFDE19A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{385467A6-D1B0-4A6B-B53D-1AA9B908C141}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3C4965BD-5B83-4C82-975D-6F3DCE8D454B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3E0B7E70-0F4B-40ED-8FF3-F67681893938}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{48F182B3-583F-45B3-8506-B1023E20B94A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4985164A-EB62-4320-AB3E-6597BDE08BD1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{49E78E83-B397-487A-AB38-B4988AF19327}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{501F2436-E299-4D2A-926F-E44B233FBE03}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{5C0BD6C7-7B71-40B2-A024-76730DCA057D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{63BE52FE-436E-498B-B856-8F2F5A0BDC37}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{63E215C4-A0A0-408F-BC8E-4FFA7DFC9D3B}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{64D3DD39-0FBA-429D-A998-B7229F14126E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7300A449-AA9F-46A0-89E1-996DC13554C7}" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{731AC6F0-3235-4D9D-891A-5CDE75EDAC06}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7594D45F-A59D-4B38-B81A-11697D20C525}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7BAAAD1C-EA01-470E-8316-DFBFD741F122}" = protocol=17 | dir=in | app=c:\program files (x86)\mp3 rocket\mp3rocket.exe |
"{86EA7A23-6916-42B8-9A09-3FE1B14BBC74}" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{941253F3-AB46-4453-8056-B0B72954554D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{95D5353C-A456-474B-ADB4-1FFA9EA34CFC}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{A5E3A268-37B6-488A-8C4B-B0183E849733}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A883F859-ED3C-4216-A714-51C8CF1F1E59}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A8975A85-5BC7-40AE-8435-81910D55D7BD}" = protocol=6 | dir=in | app=c:\users\christal\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{ACA0F9BE-6F3D-4AF6-BAB0-88955F7878E9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ACDA6E01-EFB2-4A85-A1B2-FF901BEC26E2}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{B1A0A66D-BF5D-4BD5-9564-93FC4326795C}" = protocol=6 | dir=in | app=c:\program files (x86)\mp3 rocket\mp3rocket.exe |
"{B553C4CD-8DE8-431F-A90C-9A6027BC29A2}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{B6901F95-38F6-41B2-8398-753D05497B59}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{B735A8C9-3011-4881-AB9D-B8D4228BD92F}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{BD268C57-EA40-41A5-9249-07E27C713397}" = protocol=17 | dir=in | app=c:\users\christal\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{C085BC0C-18A5-4CAE-A824-C32A0969444F}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{C0FBC8D1-EC10-47C4-A668-6E3F6FC9CC29}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{C21CF18E-DE12-4C7F-8D10-0FE305EBE983}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{C57C7756-0AE7-40E7-B073-8A0152355ACE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C5B6DB8F-2875-415A-BA24-65AF1FB7B7B7}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C7045A07-399E-4E98-84D5-BBEDCC73A53D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CC782145-2D97-4F23-B135-0B8FDAF66ECC}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{D0A9BBFC-E6CB-4E16-A2A5-4D1AD22F0554}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{D2E77B81-CB94-4C85-92E2-D5A61508D5EA}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{D94B44EF-6D8E-47FE-AEB9-54CD4FE78F5E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E14FA878-DC34-4CC9-9028-07676077BFCC}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |
"{E1D0E032-3771-49E6-A49F-5D93A8D7FF62}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{E8DB1F50-E5DD-40D6-BA3C-C02930BB7537}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E9FCEAE5-1666-4044-975B-1441327A3F42}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EAA6A141-3AB0-45D1-9CB2-57D2B2698D5A}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{EC84E1AA-2FFC-4591-9F2F-2E1C1F450910}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{F2C77D39-475A-4607-87CA-DC374AB9F3CD}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{F6947873-EE55-42CF-B6EA-383B388A435D}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{F789D567-A39C-4DD3-8E2E-4A4609638522}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"TCP Query User{0CBD5CA3-F213-462A-B41B-5BD07D7DA461}C:\program files (x86)\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"TCP Query User{497C97FD-1F89-4330-A0F2-9B8DAAE0B011}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{4A2F4F1C-B846-437A-B905-1C440BA84AC2}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{8633180F-4FA4-420F-9C1B-40659F1C1999}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{B34E819C-F28C-4644-AF00-AE772BCA1CF7}C:\program files (x86)\symantec\norton online backup\nobuclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe |
"TCP Query User{DF0707B9-C94F-4D23-ADC9-1E34D10A3791}C:\users\christal\appdata\roaming\imvuclient\1vivoxvoice.exe" = protocol=6 | dir=in | app=c:\users\christal\appdata\roaming\imvuclient\1vivoxvoice.exe |
"UDP Query User{0DB256D5-4550-48CC-AF65-F52E5BDF7959}C:\users\christal\appdata\roaming\imvuclient\1vivoxvoice.exe" = protocol=17 | dir=in | app=c:\users\christal\appdata\roaming\imvuclient\1vivoxvoice.exe |
"UDP Query User{27339A7D-ECFB-40BD-A46E-3DF182CF225E}C:\program files (x86)\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"UDP Query User{3D0551DE-43E8-498A-ACD1-38EB476DF961}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{8E1D1EEE-E40F-4E24-8AE2-EF83EDD457D2}C:\program files (x86)\symantec\norton online backup\nobuclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe |
"UDP Query User{A6C62A5F-06FB-4528-B39E-37673690AE27}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{E175CA7E-007E-43D6-8D04-EFC5C3226122}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EF48631A-7F45-430A-8AD3-B41CFB1D7596}" = HP Deskjet 2050 J510 series Product Improvement Study
"{F2C07BE3-0F88-4D0C-957B-3557699981E9}" = HP Deskjet 2050 J510 series Basic Device Software
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E432692-A736-4F77-AF77-F9078CF88D31}" = HP Wireless Assistant
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{64A7418C-6BD4-48BE-A2E3-CAEC3BCD9E81}" = HP User Guides 0156
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Help
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CDD4495B-0424-42F0-8D89-70D47E21BD69}" = AT&T Connect Participant Application v8.9.35
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE626616-D7C4-4F00-7E0B-EAF26FA65749}" = muvee Reveal
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"ATT-SST" = AT&T Service & Support Tool
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"DivX Setup" = DivX Setup
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP3 Rocket" = MP3 Rocket
"NIS" = Norton Internet Security
"WinLiveSuite" = Windows Live Essentials
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2227592550-3438150762-2319449296-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

ASW:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-20 18:11:54
-----------------------------
18:11:54.468 OS Version: Windows x64 6.1.7600
18:11:54.468 Number of processors: 2 586 0x170A
18:11:54.469 ComputerName: CHRISTAL-PC UserName: Christal
18:11:55.986 Initialize success
18:13:31.699 AVAST engine defs: 12052001
18:13:57.507 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:13:57.511 Disk 0 Vendor: WDC_WD3200BEVT-60ZCT1 13.01A13 Size: 305245MB BusType: 11
18:13:57.521 Disk 0 MBR read successfully
18:13:57.526 Disk 0 MBR scan
18:13:57.533 Disk 0 unknown MBR code
18:13:57.546 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
18:13:57.561 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 292365 MB offset 409600
18:13:57.594 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12679 MB offset 599173120
18:13:57.638 Disk 0 scanning C:\Windows\system32\drivers
18:14:08.953 Service scanning
18:14:35.234 Modules scanning
18:14:35.248 Disk 0 trace - called modules:
18:14:35.300 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
18:14:35.639 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800302a660]
18:14:35.649 3 CLASSPNP.SYS[fffff8800114843f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002e13060]
18:14:37.104 AVAST engine scan C:\Windows
18:14:40.073 AVAST engine scan C:\Windows\system32
18:18:14.305 AVAST engine scan C:\Windows\system32\drivers
18:18:29.193 AVAST engine scan C:\Users\Christal
18:25:27.015 AVAST engine scan C:\ProgramData
18:27:43.832 Scan finished successfully
18:33:38.113 Disk 0 MBR has been saved successfully to "C:\Users\Christal\Desktop\MBR.dat"
18:33:38.120 The log file has been saved successfully to "C:\Users\Christal\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   522bytes   2536 downloads


#6 christal91

christal91

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 21 May 2012 - 12:56 AM

I just went to go close out of my web browser and at the bottom of my desktop its says "Windows 7 build 7600 This copy of Windows is not Genuine"!!!???

#7 mrp

mrp

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPip
  • 992 posts

Posted 21 May 2012 - 04:28 PM

  • ComboFix

    Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouse click ComboFix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.


#8 christal91

christal91

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 22 May 2012 - 03:39 AM

What do I do since I can't get my antivirus to open up at all?? Like when I click on it nothing happens so how do i dis-able it? can I run the program in safe mode, I might be able to disable it there...

#9 mrp

mrp

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPip
  • 992 posts

Posted 22 May 2012 - 08:18 PM

Hi christal91, Go ahead and run ComboFix in safe mode. There is no need to disable your security programs in safe mode as they won't be running, nor will the GUI be available. If ComboFix reboots your machine, boot back into safe mode and don't worry if ComboFix warns you about your anti-virus.

#10 christal91

christal91

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 22 May 2012 - 09:38 PM

I accidentally forgot to reboot back into safe mode when the computer rebooted, really hoped that didn't mess anything up :( but here's the log anyways... Also that error about windows 7 not being genuine that was at the bottom of my desktop is gone but norton still won't open :/ ComboFix 12-05-22.02 - Christal 05/22/2012 22:19:27.1.2 - x64 NETWORK Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3003.2020 [GMT -5:00] Running from: c:\users\Christal\Desktop\ComboFix.exe AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Christal\g2mdlhlpx.exe . . ((((((((((((((((((((((((( Files Created from 2012-04-23 to 2012-05-23 ))))))))))))))))))))))))))))))) . . 2012-05-18 09:25 . 2012-05-18 10:28 -------- d-----w- c:\windows\system32\drivers\NISx64\1307010.005 2012-05-10 23:11 . 2012-04-02 05:24 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-10 23:11 . 2012-04-02 04:40 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-05-09 23:50 . 2012-03-03 06:29 1541120 ----a-w- c:\windows\system32\DWrite.dll 2012-05-09 23:50 . 2012-03-03 06:29 320512 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-05-09 23:50 . 2012-03-03 06:29 1837568 ----a-w- c:\windows\system32\d3d10warp.dll 2012-05-09 23:50 . 2012-03-03 06:29 902656 ----a-w- c:\windows\system32\d2d1.dll 2012-05-09 23:50 . 2012-03-03 05:40 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-05-09 23:50 . 2012-03-03 05:40 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2012-05-09 23:50 . 2012-03-03 05:40 739840 ----a-w- c:\windows\SysWow64\d2d1.dll 2012-05-09 23:50 . 2012-03-03 05:40 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll 2012-05-09 23:50 . 2012-03-03 06:29 197120 ----a-w- c:\windows\system32\d3d10_1.dll 2012-05-09 23:50 . 2012-03-03 05:40 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2012-05-09 23:48 . 2012-04-02 05:34 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-09 23:48 . 2012-04-02 03:01 3143680 ----a-w- c:\windows\system32\win32k.sys 2012-05-09 23:48 . 2012-04-02 04:46 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-09 23:48 . 2012-04-02 04:46 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-09 23:48 . 2012-03-17 07:55 75632 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-09 23:48 . 2012-03-30 11:09 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-05-03 06:57 . 2012-05-03 06:57 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2012-05-03 06:57 . 2012-05-03 06:57 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe 2012-05-03 06:57 . 2012-05-03 06:57 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe 2012-04-26 18:24 . 2012-04-26 18:24 -------- d-----w- c:\program files\iPod 2012-04-26 18:24 . 2012-04-26 18:24 -------- d-----w- c:\program files\iTunes 2012-04-23 22:38 . 2012-04-25 10:58 -------- d-----w- c:\windows\system32\drivers\NISx64\1307000.009 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-04 18:20 . 2012-04-05 07:27 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-04 18:20 . 2011-05-16 17:24 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-04 18:20 . 2012-04-05 08:20 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-04-04 20:56 . 2012-02-28 11:39 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-30 12:47 . 2010-09-02 22:36 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2012-03-13 22:56 . 2012-03-13 22:56 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-03-05 15:13 . 2012-03-05 15:13 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin 2012-03-03 11:33 . 2010-06-01 17:20 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-03-01 06:54 . 2012-04-12 12:37 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-03-01 06:45 . 2012-04-12 12:37 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-03-01 06:40 . 2012-04-12 12:37 80896 ----a-w- c:\windows\system32\imagehlp.dll 2012-03-01 06:35 . 2012-04-12 12:37 5120 ----a-w- c:\windows\system32\wmi.dll 2012-03-01 05:49 . 2012-04-12 12:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-03-01 05:45 . 2012-04-12 12:37 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-03-01 05:40 . 2012-04-12 12:37 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-02-28 06:56 . 2012-04-12 12:38 2311168 ----a-w- c:\windows\system32\jscript9.dll 2012-02-28 06:49 . 2012-04-12 12:38 1390080 ----a-w- c:\windows\system32\wininet.dll 2012-02-28 06:48 . 2012-04-12 12:38 1493504 ----a-w- c:\windows\system32\inetcpl.cpl 2012-02-28 06:42 . 2012-04-12 12:38 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-02-28 01:18 . 2012-04-12 12:38 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-02-28 01:11 . 2012-04-12 12:38 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-02-28 01:11 . 2012-04-12 12:38 1127424 ----a-w- c:\windows\SysWow64\wininet.dll 2012-02-28 01:03 . 2012-04-12 12:38 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-02-27 13:28 . 2009-07-14 02:36 175104 ----a-w- c:\windows\system32\msclmd.dll 2012-02-27 13:28 . 2009-07-14 02:36 152064 ----a-w- c:\windows\SysWow64\msclmd.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Push Client"="c:\users\Christal\AppData\Local\ATT Connect\Participant\pull.exe" [2010-06-03 965872] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files (x86)\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-28 136176] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696] R3 ALSysIO;ALSysIO;c:\users\Christal\AppData\Local\Temp\ALSysIO64.sys [x] R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-28 136176] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-03 129976] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x] R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x] R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [x] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [2012-04-02 1160824] S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [x] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\IPSDefs\20120512.001\IDSvia64.sys [2012-04-28 488568] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264] S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-11-18 517632] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232] S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service [x] S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-08-20 21:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2012-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 18:20] . 2012-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-28 13:09] . 2012-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-28 13:09] . 2012-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2227592550-3438150762-2319449296-1000Core.job - c:\users\Christal\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-06 23:25] . 2012-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2227592550-3438150762-2319449296-1000UA.job - c:\users\Christal\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-06 23:25] . 2012-04-28 c:\windows\Tasks\HPCeeScheduleForChristal.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 04:15] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uStart Page = hxxp://google.com/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local Trusted Zone: $talisma_url$ TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\Christal\AppData\Roaming\Mozilla\Firefox\Profiles\3as6vkqu.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - google.com . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\Common Files\Motive\McciCMService.exe c:\windows\SysWOW64\PSIService.exe c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\InstCA.exe . ************************************************************************** . Completion time: 2012-05-22 22:33:19 - machine was rebooted ComboFix-quarantined-files.txt 2012-05-23 03:33 . Pre-Run: 234,664,194,048 bytes free Post-Run: 237,172,469,760 bytes free . - - End Of File - - D07003FDA5A70CE2E005C42672FDA9D5

#11 christal91

christal91

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 23 May 2012 - 08:54 AM

After one of my programs just crashed, the "this copy of windows is not genuine" has came back up again :/

#12 mrp

mrp

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPip
  • 992 posts

Posted 23 May 2012 - 06:06 PM

  • Malwarebytes' Anti-Malware

    I see you already have MBAM on your computer. Please do the following:

    • Once the program has loaded, click the Update tab and Check for Updates.
    • Click the Scanner tab, select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. This log is saved by MBAM and can be viewed by clicking the Logs tab.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log. Please paste the results in your next reply.
    • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
  • ESET Online Scanner

    Please disable any real-time security programs such as your anti-virus before proceeding with this scan.

    • Open Internet Explorer.
    • Download ESET Online Scanner.
    • Put a checkmark in the checkbox next to YES, I accept the Terms of Use.
    • Click Start.
    • When prompted by your web browser, click Install.
    • Uncheck Remove found threats.
    • Check Scan archives.
    • Click Start and let the scanner finish downloading virus signatures. The scan will begin afterward.
    • When the scan completes, click List of found threats.
    • Click Export to text file... and save the file to your desktop. Post it in your next reply.
    • Click Back.
    • Click Finish.


#13 christal91

christal91

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 23 May 2012 - 07:58 PM

would I have to run the ESET scanner in safe mode since I can't disable my anti virus?

#14 mrp

mrp

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPip
  • 992 posts

Posted 24 May 2012 - 05:06 PM

It may be that Norton is corrupt, so I'm going to ask you to uninstall it via Programs and Features in Control Panel for the time being. Once Norton is removed, please go ahead with those scans in normal mode.

#15 mrp

mrp

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPip
  • 992 posts

Posted 25 May 2012 - 06:54 AM

Please also try to keep your Internet usage on this machine to a minimum aside from this thread as without Norton you will be unprotected for the time being.



Similar Topics: My internet ONLY works in Safe Mode [Solved]     x


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users