Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer freezing and making Beeping sound [Solved]

Started by saf99 , Mar 11 2010 04:27 PM

  • This topic is locked This topic is locked

#1
saf99
Posted 11 March 2010 - 04:27 PM

saf99

    Member

  • Member
  • PipPip
  • 30 posts
Hi Geeks to GO! new to this site and forum so sorry if this topic has already been solved and will really appreciate the help thanks. Recently my computer has been freezing for a reason i do not understand, when I am on the desktop or the internet - especially when I am watching streaming videos or on youtube it will just completely freeze and a beeping sound can sometimes be heard (not sure if it coming from the speakers or the computer itself).

During this state I cannot do anything not even move the mouse or press cntrl + alt + dlt, the only option I have is to restart manually via pressing the restart button on the computer. Having run Malwarebytes' Anti-malware a few times, it has detected some viruses and quarintined them and deleted them but after sometime or another time when i turn my computer on it will freeze again and having run Malwarebytes' Anti-malware more than once it seems to detect viruses again I am assuming that these viruses are not being deleted properly or jus keep coming back.

Therefore I have searched countless times online for a solution for help and a friend told me about this website so I thought I'll give it a shot, I also heard of a programme called Combo-Fix (assuming it will fix my problem), I have run a scan of my PC ang the log is pasted below and I will very muh appreciate it if you can tell me if there are any files I need to delete or should not have. Also after I had run Combo-Fix I realised my Hp Solution Centre application that I had on my desktop no longer opens and that the icon has changed into a white page and says it is not a valid win 32 application, will I have to download and install this again?

LOG:



ComboFix 10-03-11.02 - Safran 11/03/2010 21:14:37.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.1791.894 [GMT 0:00]
Running from: c:\users\Safran\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1823437180-114209430-2017350500-1003
c:\windows\svchost.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_PowerManager


((((((((((((((((((((((((( Files Created from 2010-02-11 to 2010-03-11 )))))))))))))))))))))))))))))))
.

2010-03-11 21:20 . 2010-03-11 21:23 -------- d-----w- c:\users\Safran\AppData\Local\temp
2010-03-11 21:20 . 2010-03-11 21:20 -------- d-----w- c:\users\Sanya\AppData\Local\temp
2010-03-11 21:20 . 2010-03-11 21:20 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-03-11 21:20 . 2010-03-11 21:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-11 20:40 . 2010-03-11 20:40 -------- d-----w- c:\users\Safran\AppData\Roaming\HPAppData
2010-03-07 17:20 . 2010-03-07 17:20 -------- d-----w- c:\users\Safran\AppData\Local\Microsoft Games
2010-03-07 16:30 . 2010-03-07 16:30 -------- d-----w- c:\programdata\HPSSUPPLY
2010-03-07 00:50 . 2010-03-07 00:50 -------- d-----w- c:\program files\InstallShield Installation Information
2010-03-07 00:41 . 2010-03-07 00:41 -------- d-----w- c:\program files\Activision
2010-03-07 00:37 . 2010-03-07 00:37 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-07 00:29 . 2010-03-07 00:29 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-07 00:28 . 2010-03-07 00:29 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-03-06 23:17 . 2010-03-07 00:36 -------- d-----w- c:\users\Safran\AppData\Roaming\DAEMON Tools Lite
2010-03-06 23:17 . 2010-03-07 00:27 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-03-06 20:42 . 2010-03-06 23:44 -------- d-----w- c:\users\Safran\AppData\Roaming\DAEMON Tools Pro
2010-03-06 20:42 . 2010-03-06 23:41 -------- d-----w- c:\programdata\DAEMON Tools Pro
2010-03-05 18:47 . 2010-03-05 18:49 -------- d--h--w- c:\windows\msdownld.tmp
2010-03-04 22:15 . 2010-03-04 22:27 -------- d-----w- c:\users\Sanya\AppData\Roaming\Skype
2010-03-04 11:57 . 2010-03-04 11:57 -------- d-----w- c:\users\Safran\AppData\Local\Nero
2010-03-04 11:27 . 2010-03-07 08:15 -------- d-----w- c:\program files\Registry Easy
2010-03-04 01:19 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-03-01 20:27 . 2010-03-01 20:27 -------- d-----w- c:\program files\Common Files\Java
2010-03-01 20:22 . 2010-03-01 20:22 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-01 20:02 . 2010-03-01 20:02 -------- d-----w- c:\program files\Common Files\eSellerate
2010-03-01 20:02 . 2007-06-08 13:53 1753088 ----a-w- c:\windows\system32\ExGrid.dll
2010-03-01 20:02 . 2007-06-05 10:20 602112 ----a-w- c:\windows\system32\ExMenu.dll
2010-03-01 20:02 . 2007-06-05 10:19 516096 ----a-w- c:\windows\system32\ExTab.dll
2010-03-01 20:02 . 2007-04-03 16:51 614400 ----a-w- c:\windows\system32\ExButton.dll
2010-03-01 20:02 . 2007-04-03 16:51 307200 ----a-w- c:\windows\system32\ExPMenu.dll
2010-03-01 20:02 . 2005-10-11 14:40 356352 ----a-w- c:\windows\system32\eSellerateEngine.dll
2010-03-01 20:02 . 2005-10-04 08:11 118784 ----a-w- c:\windows\system32\eWebControl.dll
2010-03-01 20:02 . 1998-04-24 00:00 368912 ----a-w- c:\windows\system32\vbar332.dll
2010-03-01 20:02 . 2010-03-01 20:02 -------- d-----w- c:\program files\AnswersThatWork
2010-03-01 18:38 . 2010-03-01 18:38 -------- d-----w- c:\users\Safran\AppData\Roaming\Nero
2010-03-01 18:24 . 2010-03-01 18:30 -------- d-----w- c:\program files\Nero
2010-03-01 18:23 . 2010-03-01 18:31 -------- d-----w- c:\program files\Common Files\Nero
2010-02-28 16:33 . 2010-02-28 16:33 -------- d-----w- c:\users\Guest\AppData\Roaming\HPAppData
2010-02-28 15:33 . 2010-02-28 15:33 109600 ----a-w- c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-28 15:31 . 2010-02-28 15:31 -------- d-----w- c:\users\Guest\AppData\Local\LogiShrd
2010-02-24 20:32 . 2010-02-24 20:57 -------- d-----w- C:\$AVG
2010-02-24 20:31 . 2010-02-25 07:51 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-02-24 20:31 . 2010-02-25 07:51 -------- d-----w- c:\programdata\avg9
2010-02-24 12:55 . 2010-03-07 08:15 -------- d-----w- c:\program files\uTorrent
2010-02-24 12:55 . 2010-03-09 22:36 -------- d-----w- c:\users\Safran\AppData\Roaming\uTorrent
2010-02-23 20:57 . 2009-12-13 09:30 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-02-23 20:57 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-02-23 20:57 . 2009-12-13 09:29 417792 ----a-w- c:\windows\system32\msdri.dll
2010-02-23 20:57 . 2010-02-02 07:45 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-22 20:58 . 2010-02-22 20:58 -------- d-----w- c:\users\Safran\AppData\Roaming\AVS4YOU
2010-02-22 20:58 . 2010-02-22 20:58 -------- d-----w- c:\programdata\AVS4YOU
2010-02-22 20:57 . 2010-02-25 07:49 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-02-22 20:57 . 2008-08-13 11:22 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-02-22 20:57 . 2008-08-13 11:22 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-02-22 20:57 . 2010-03-07 08:15 -------- d-----w- c:\program files\AVS4YOU
2010-02-22 20:57 . 2008-08-13 11:22 344064 ----a-w- c:\windows\system32\msvcr70.dll
2010-02-22 20:57 . 2008-08-13 11:22 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-02-22 20:03 . 2010-02-22 20:03 -------- d-----w- c:\users\Safran\AppData\Roaming\Clone2Go DVD Ripper
2010-02-22 20:03 . 2010-03-07 08:15 -------- d-----w- c:\program files\Clone2Go DVD Ripper
2010-02-21 17:37 . 2010-02-21 17:37 -------- d-----w- c:\users\Guest\AppData\Roaming\HP
2010-02-21 03:08 . 2010-02-21 03:08 -------- d-----w- c:\program files\AVG
2010-02-20 19:39 . 2010-02-20 19:39 -------- d-----w- c:\programdata\HP Product Assistant
2010-02-20 19:39 . 2010-02-20 19:40 77620 ----a-w- c:\windows\hpqins05.dat
2010-02-20 18:59 . 2010-02-20 18:59 23113 ----a-w- c:\windows\hpqins15.dat
2010-02-20 16:33 . 2010-02-21 03:36 -------- d-----w- c:\users\Safran\AppData\Local\ElevatedDiagnostics
2010-02-20 01:04 . 2010-03-04 12:15 -------- d-----w- c:\windows\Sun
2010-02-19 23:58 . 2010-02-21 11:20 -------- d-----w- c:\program files\MSECache
2010-02-18 19:38 . 2010-02-18 19:39 -------- d-----w- c:\programdata\Norton
2010-02-18 19:38 . 2010-02-18 19:38 -------- d-----w- c:\programdata\Symantec
2010-02-18 19:38 . 2010-02-18 19:38 -------- d-----w- c:\programdata\NortonInstaller
2010-02-18 17:20 . 2010-02-18 17:20 -------- d-----w- c:\programdata\Alwil Software
2010-02-18 14:53 . 2010-02-18 14:55 -------- d-----w- c:\users\Sanya\AppData\Local\Apple Computer
2010-02-18 14:53 . 2010-02-18 14:54 -------- d-----w- c:\users\Sanya\AppData\Roaming\Apple Computer
2010-02-17 19:10 . 2010-02-18 16:54 -------- d-----w- c:\users\Safran\AppData\Local\Google
2010-02-17 14:07 . 2010-02-25 07:50 -------- d-----w- c:\windows\system32\Adobe
2010-02-16 23:36 . 2010-03-07 08:15 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2010-02-16 23:36 . 2010-02-16 23:36 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-02-16 23:36 . 2010-02-25 07:49 -------- d-----w- c:\program files\Windows Live
2010-02-16 21:09 . 2010-02-16 21:09 -------- d-----w- c:\users\Sanya\AppData\Local\Yahoo
2010-02-15 21:27 . 2010-02-15 21:27 -------- d-----w- c:\users\Sanya\Office Genuine Advantage
2010-02-14 19:32 . 2010-03-07 08:15 -------- d-----w- c:\program files\Microsoft IntelliPoint
2010-02-14 19:31 . 2010-03-07 08:15 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2010-02-14 18:24 . 2010-02-14 18:24 -------- d-----w- c:\users\Sanya\AppData\Local\Adobe
2010-02-13 19:24 . 2010-02-27 12:48 109600 ----a-w- c:\users\Sanya\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-12 17:43 . 2010-02-12 17:43 353584 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{260FD0C0-0C3B-D904-6171-ED03DD0DF0A5}-uTorrent.exe
2010-02-12 17:43 . 2010-02-12 17:43 353584 ----a-w- c:\programdata\Application Data\Microsoft\Windows Defender\LocalCopy\{260FD0C0-0C3B-D904-6171-ED03DD0DF0A5}-uTorrent.exe
2010-02-12 17:43 . 2010-02-12 17:43 353584 ----a-w- c:\programdata\Application Data\Application Data\Microsoft\Windows Defender\LocalCopy\{260FD0C0-0C3B-D904-6171-ED03DD0DF0A5}-uTorrent.exe
2010-02-12 17:43 . 2010-02-12 17:43 353584 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Microsoft\Windows Defender\LocalCopy\{260FD0C0-0C3B-D904-6171-ED03DD0DF0A5}-uTorrent.exe
2010-02-12 17:43 . 2010-02-12 17:43 353584 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\LocalCopy\{260FD0C0-0C3B-D904-6171-ED03DD0DF0A5}-uTorrent.exe
2010-02-12 17:43 . 2010-02-12 17:43 353584 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\LocalCopy\{260FD0C0-0C3B-D904-6171-ED03DD0DF0A5}-uTorrent.exe
2010-02-12 17:43 . 2010-02-12 17:43 353584 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\LocalCopy\{260FD0C0-0C3B-D904-6171-ED03DD0DF0A5}-uTorrent.exe
2010-02-12 17:43 . 2010-02-12 17:43 353584 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\LocalCopy\{260FD0C0-0C3B-D904-6171-ED03DD0DF0A5}-uTorrent.exe
2010-02-12 17:43 . 2010-02-12 17:43 353584 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\LocalCopy\{260FD0C0-0C3B-D904-6171-ED03DD0DF0A5}-uTorrent.exe
2010-02-12 17:43 . 2010-02-12 17:43 353584 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\LocalCopy\{260FD0C0-0C3B-D904-6171-ED03DD0DF0A5}-uTorrent.exe
2010-02-12 17:28 . 2010-02-12 17:28 -------- d-----w- c:\programdata\NVIDIA
2010-02-12 17:28 . 2009-09-27 23:12 526440 ----a-w- c:\windows\system32\nvuninst.exe
2010-02-12 16:45 . 2010-02-12 16:45 -------- d-----w- c:\users\Safran\AppData\Roaming\Uniblue
2010-02-12 16:08 . 2010-02-21 11:20 -------- d-----w- c:\program files\iPod
2010-02-12 16:08 . 2010-03-07 08:15 -------- d-----w- c:\program files\iTunes
2010-02-10 13:40 . 2010-01-18 23:29 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-10 13:40 . 2010-01-18 23:29 369152 ----a-w- c:\windows\system32\secproc.dll
2010-02-10 13:40 . 2010-01-18 23:28 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-10 13:40 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-10 13:40 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-10 13:40 . 2010-01-18 23:28 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-10 13:40 . 2010-01-18 23:28 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-10 13:40 . 2010-01-18 23:28 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-10 13:16 . 2010-02-21 11:20 -------- d-----w- c:\program files\Microsoft Works
2010-02-10 13:15 . 2010-02-21 11:20 -------- d-----w- c:\program files\Microsoft.NET
2010-02-10 13:13 . 2010-02-21 11:20 -------- d-----w- c:\program files\Microsoft Visual Studio 8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-11 21:23 . 2010-02-03 01:09 -------- d-----w- c:\users\Safran\AppData\Roaming\Skype
2010-03-11 21:22 . 2010-02-02 20:44 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-03-11 00:02 . 2010-02-03 23:57 -------- d-----w- c:\programdata\Microsoft Help
2010-03-02 20:08 . 2010-02-03 03:43 -------- d-----w- c:\programdata\Apple Computer
2010-03-01 20:22 . 2010-02-04 01:10 -------- d-----w- c:\program files\Java
2010-03-01 18:25 . 2010-02-03 13:38 -------- d-----w- c:\programdata\Nero
2010-03-01 15:29 . 2010-03-01 15:29 5 ----a-w- c:\windows\system32\YoItzVlad.tmp
2010-02-25 07:52 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Sidebar
2010-02-25 07:52 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Portable Devices
2010-02-25 07:52 . 2010-02-03 01:09 -------- d-----r- c:\program files\Skype
2010-02-25 07:49 . 2010-02-04 01:50 -------- d-----w- c:\programdata\NOS
2010-02-25 07:49 . 2010-02-03 03:13 -------- d-----w- c:\program files\Windows Virtual PC
2010-02-25 07:49 . 2010-02-03 03:06 -------- d-----w- c:\program files\Windows XP Mode
2010-02-25 07:49 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Photo Viewer
2010-02-25 07:49 . 2009-07-14 07:50 -------- d-----w- c:\program files\Windows Journal
2010-02-25 07:49 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Defender
2010-02-25 07:49 . 2009-07-14 04:52 -------- d-----w- c:\program files\Reference Assemblies
2010-02-24 09:16 . 2010-02-02 20:57 217984 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 04:48 . 2010-02-03 03:44 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-02-24 04:48 . 2010-02-03 01:08 -------- d-----w- c:\programdata\Skype
2010-02-24 04:48 . 2010-02-03 01:00 -------- d-----w- c:\programdata\Yahoo!
2010-02-24 04:48 . 2010-02-03 00:34 -------- d-----w- c:\programdata\Yahoo! Companion
2010-02-24 04:48 . 2010-02-08 16:37 -------- d-----w- c:\programdata\Malwarebytes
2010-02-24 04:48 . 2010-02-03 00:31 -------- d-----w- c:\programdata\HP
2010-02-24 04:48 . 2010-02-02 21:48 -------- d-----w- c:\programdata\LogiShrd
2010-02-24 04:48 . 2010-02-03 03:42 -------- d-----w- c:\programdata\Apple
2010-02-20 19:46 . 2010-02-09 17:17 197130 ----a-w- c:\windows\hpoins30.dat
2010-02-20 19:40 . 2010-02-02 23:45 109600 ----a-w- c:\users\Safran\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-17 14:40 . 2010-02-17 14:40 545904 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb63A.tmp.exe
2010-02-17 14:40 . 2010-02-17 14:40 545904 ----a-w- c:\programdata\Application Data\Google\Google Toolbar\Update\gtb63A.tmp.exe
2010-02-17 14:40 . 2010-02-17 14:40 545904 ----a-w- c:\programdata\Application Data\Application Data\Google\Google Toolbar\Update\gtb63A.tmp.exe
2010-02-17 14:40 . 2010-02-17 14:40 545904 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb63A.tmp.exe
2010-02-17 14:40 . 2010-02-17 14:40 545904 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb63A.tmp.exe
2010-02-17 14:40 . 2010-02-17 14:40 545904 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb63A.tmp.exe
2010-02-17 14:40 . 2010-02-17 14:40 545904 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb63A.tmp.exe
2010-02-17 14:40 . 2010-02-17 14:40 545904 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb63A.tmp.exe
2010-02-17 14:40 . 2010-02-17 14:40 545904 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb63A.tmp.exe
2010-02-17 14:40 . 2010-02-17 14:40 545904 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb63A.tmp.exe
2010-02-17 14:40 . 2010-02-17 14:40 545904 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb63A.tmp.exe
2010-02-17 14:40 . 2010-02-17 14:40 545904 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb63A.tmp.exe
2010-02-09 14:14 . 2010-02-09 14:13 1314 ----a-w- C:\cc_20100209_141329.reg
2010-02-08 18:44 . 2010-02-08 18:44 382 ----a-w- C:\KEY.reg
2010-02-08 16:44 . 2010-02-06 18:53 -------- d-----w- c:\programdata\BrowserQuest
2010-02-08 16:37 . 2010-02-08 16:37 -------- d-----w- c:\users\Safran\AppData\Roaming\Malwarebytes
2010-02-06 19:15 . 2010-02-06 18:53 -------- d-----w- c:\program files\BrowserQuest
2010-02-05 21:29 . 2010-02-05 21:29 -------- d-----w- c:\users\Safran\AppData\Roaming\DivX
2010-02-04 10:01 . 2010-03-05 18:50 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-04 10:01 . 2010-03-05 18:50 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-04 10:01 . 2010-03-05 18:50 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-02-04 10:01 . 2010-03-05 18:50 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-02-04 02:01 . 2010-02-04 02:01 -------- d-----w- c:\users\Safran\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-02-04 01:02 . 2010-02-04 01:02 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-02-04 01:00 . 2010-02-04 01:00 -------- d-----w- c:\users\Sanya\AppData\Roaming\DivX
2010-02-04 01:00 . 2010-02-04 01:00 -------- d-----w- c:\users\Sanya\AppData\Roaming\Nero
2010-02-04 00:41 . 2010-02-04 00:41 -------- d-----w- c:\users\Sanya\AppData\Roaming\Yahoo!
2010-02-04 00:40 . 2010-02-04 00:40 -------- d-----w- c:\program files\MSXML 4.0
2010-02-03 13:56 . 2010-02-03 13:56 -------- d-----w- c:\programdata\LightScribe
2010-02-03 03:49 . 2010-02-03 03:49 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-02-03 03:47 . 2010-02-03 03:44 -------- d-----w- c:\users\Safran\AppData\Roaming\Apple Computer
2010-02-03 01:12 . 2010-02-03 01:12 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-02-03 01:12 . 2010-02-03 01:12 -------- d-----w- c:\users\Safran\AppData\Roaming\skypePM
2010-02-03 01:09 . 2010-02-03 01:09 -------- d-----w- c:\program files\Common Files\Skype
2010-02-03 01:06 . 2010-02-03 00:34 -------- d-----w- c:\users\Safran\AppData\Roaming\Yahoo!
2010-02-03 00:45 . 2010-02-03 00:44 -------- d-----w- c:\users\Safran\AppData\Roaming\HP
2010-02-03 00:44 . 2010-02-03 00:44 -------- d-----w- c:\programdata\WEBREG
2010-02-03 00:37 . 2010-02-03 00:37 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-02-02 21:48 . 2010-02-02 21:48 -------- d-----w- c:\users\Safran\AppData\Roaming\Leadertech
2010-01-22 19:51 . 2010-01-22 19:51 72488 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-22 19:51 . 2010-01-22 19:51 72488 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-22 19:51 . 2010-01-22 19:51 72488 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-22 19:51 . 2010-01-22 19:51 72488 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-22 19:51 . 2010-01-22 19:51 72488 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-22 19:51 . 2010-01-22 19:51 72488 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-22 19:51 . 2010-01-22 19:51 72488 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-22 19:51 . 2010-01-22 19:51 72488 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-22 19:51 . 2010-01-22 19:51 72488 ----a-w- c:\programdata\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-22 19:51 . 2010-01-22 19:51 72488 ----a-w- c:\programdata\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-22 19:51 . 2010-01-22 19:51 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-08 03:18 . 2010-02-10 12:46 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:17 . 2010-02-10 12:46 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-01-07 16:07 . 2010-02-08 16:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 16:07 . 2010-02-08 16:37 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-19 09:02 . 2010-02-03 03:03 977920 ----a-w- c:\windows\system32\wininet.dll
2009-12-19 09:02 . 2010-02-10 12:46 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-19 09:02 . 2010-02-10 12:46 1328640 ----a-w- c:\windows\system32\quartz.dll
2009-12-19 09:02 . 2010-02-10 12:46 22016 ----a-w- c:\windows\system32\msyuv.dll
2009-12-19 09:02 . 2010-02-10 12:46 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-19 09:02 . 2010-02-10 12:46 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-19 09:02 . 2010-02-10 12:46 84480 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-19 09:02 . 2010-02-10 12:46 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-19 09:02 . 2010-02-10 12:46 91648 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-03-05 345392]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 1501064]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

R2 BrowserQuest Service;BrowserQuest Service;c:\programdata\BrowserQuest\browserquest119.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-17 135664]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-07 691696]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-04 17408]
S3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n86.sys [2009-10-16 1183232]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 13:24 488224 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-17 14:45]

2010-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-17 14:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x84AF21F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0x6353694d
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Microsoft IntelliType Pro\dpupdchk.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\windows\svchost.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2010-03-11 21:26:44 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-11 21:26

Pre-Run: 48,352,051,200 bytes free
Post-Run: 48,439,201,792 bytes free

- - End Of File - - E37726EA0B37CCF8653BB024108034B6
  • 0

Advertisements

#2
Elise
Posted 17 March 2010 - 05:24 AM

Elise

    Emsisoft Research

  • Expert
  • 3,389 posts
Hello ,
And :) My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Thanks and again sorry for the delay.
  • 0

#3
saf99
Posted 18 March 2010 - 09:29 AM

saf99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi there Elise thanks so much for your help....

I've ran the OTL scan and below are the results:

OTL.Txt

OTL logfile created on: 3/18/2010 3:07:58 PM - Run 1
OTL by OldTimer - Version 3.1.37.2 Folder = C:\Users\Safran\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97.62 Gb Total Space | 38.14 Gb Free Space | 39.07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 100.00 Mb Total Space | 69.81 Mb Free Space | 69.81% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 55.66 Gb Total Space | 22.20 Gb Free Space | 39.88% Space Free | Partition Type: NTFS

Computer Name: SAFRAN-PC
Current User Name: Safran
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/18 15:06:02 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Users\Safran\Desktop\OTL.exe
PRC - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/11/18 12:47:14 | 001,243,088 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2009/11/09 03:17:50 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2009/11/06 14:29:22 | 001,141,712 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2009/10/31 05:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/30 11:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009/10/30 11:18:16 | 000,359,624 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/07/14 01:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/05/21 18:25:15 | 001,501,064 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
PRC - [2009/05/21 18:25:15 | 000,448,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe


========== Modules (SafeList) ==========

MOD - [2010/03/18 15:06:02 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Users\Safran\Desktop\OTL.exe
MOD - [2009/12/08 13:12:24 | 000,014,544 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2009/07/14 01:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 01:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 01:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 01:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 01:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 01:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 01:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 01:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 01:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 01:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/14 01:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (BrowserQuest Service)
SRV - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/11/06 14:29:22 | 001,141,712 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/10/30 11:18:16 | 000,359,624 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/07/14 01:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 01:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 01:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 01:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 01:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 01:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 01:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 01:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 01:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 01:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 01:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 01:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 01:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 01:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 01:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 01:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 01:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 01:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)


========== Driver Services (SafeList) ==========

DRV - [2010/03/07 00:29:02 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/11/09 11:20:12 | 000,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/11/09 03:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/11/04 02:59:00 | 000,017,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2009/10/16 07:24:58 | 001,183,232 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL85n86.sys -- (RTL85n86)
DRV - [2009/10/07 08:49:40 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam E3500(UVC)
DRV - [2009/10/07 08:47:56 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/09/27 23:12:22 | 009,509,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/09/23 01:19:31 | 000,294,912 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2009/09/23 01:19:31 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2009/09/23 01:18:08 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2009/09/23 01:18:07 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2009/07/14 01:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 01:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 01:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 01:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 01:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 01:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 01:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 01:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 01:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 01:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 01:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 01:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 01:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 01:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 01:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 01:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 01:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/07/14 01:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 01:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 01:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 01:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 01:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 01:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 01:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 01:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 01:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 01:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 01:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 01:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 01:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 01:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 01:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 01:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 01:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 01:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 01:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 01:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 01:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 01:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 01:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 01:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 01:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 00:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 00:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/14 00:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 00:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 23:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 23:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 23:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 23:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 23:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 23:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 23:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/07/13 23:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 23:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 23:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 23:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 23:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 23:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 23:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 23:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 23:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 23:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 23:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 22:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 22:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 22:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 22:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 22:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 22:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 22:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/07/13 22:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 22:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 22:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/05/09 01:14:21 | 000,030,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1823437180-114209430-2017350500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1823437180-114209430-2017350500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1823437180-114209430-2017350500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-1823437180-114209430-2017350500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 A6 4B D0 0F AC CA 01 [binary data]
IE - HKU\S-1-5-21-1823437180-114209430-2017350500-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1823437180-114209430-2017350500-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1823437180-114209430-2017350500-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1823437180-114209430-2017350500-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Safran-PC_Guest\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\Safran-PC_Guest\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\Safran-PC_Guest\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 D3 BA DD 1B B3 CA 01 [binary data]
IE - HKU\Safran-PC_Guest\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Safran-PC_Sanya\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\Safran-PC_Sanya\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\Safran-PC_Sanya\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\Safran-PC_Sanya\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 58 D8 99 31 AB CA 01 [binary data]
IE - HKU\Safran-PC_Sanya\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/12 23:32:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/03/17 02:46:51 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/03/11 21:22:55 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1823437180-114209430-2017350500-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1823437180-114209430-2017350500-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\Safran-PC_Sanya\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKU\S-1-5-21-1823437180-114209430-2017350500-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\Safran-PC_Sanya..\Run: [QuickTime Task] C:\Users\Sanya\AppData\Local\Temp\QTTask.exe File not found
O4 - HKU\Safran-PC_Sanya..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1823437180-114209430-2017350500-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1823437180-114209430-2017350500-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Safran-PC_Guest\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Safran-PC_Sanya\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{ae6e634a-107b-11df-b427-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ae6e634a-107b-11df-b427-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Launcher.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/18 15:05:55 | 000,556,032 | ---- | C] (OldTimer Tools) -- C:\Users\Safran\Desktop\OTL.exe
[2010/03/17 11:24:15 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateEngine.dll
[2010/03/17 11:24:15 | 000,081,920 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateControl350.dll
[2010/03/17 11:24:14 | 000,000,000 | ---D | C] -- C:\Program Files\Win 32.Malware.Jeefo Removal Tool[2]
[2010/03/17 02:41:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2010/03/17 02:41:43 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/03/17 02:41:43 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2010/03/17 00:01:08 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010/03/17 00:01:08 | 000,098,600 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010/03/17 00:01:07 | 000,207,792 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010/03/17 00:01:07 | 000,087,784 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010/03/17 00:01:04 | 000,070,408 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010/03/17 00:00:50 | 000,000,000 | ---D | C] -- C:\Users\Safran\AppData\Roaming\PC Tools
[2010/03/17 00:00:50 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/03/17 00:00:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/03/16 23:57:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Google Updater
[2010/03/16 23:39:33 | 000,000,000 | ---D | C] -- C:\Users\Safran\AppData\Local\Threat Expert
[2010/03/16 23:35:13 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll.old
[2010/03/16 23:31:41 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/03/16 19:16:24 | 000,056,816 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/03/16 19:16:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/03/16 17:57:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/03/16 17:56:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/03/16 17:56:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/03/16 17:56:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/03/16 17:54:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010/03/16 16:03:56 | 000,000,000 | R--D | C] -- C:\Users\Safran\Documents\New Briefcase
[2010/03/12 23:32:26 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/03/12 23:31:32 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2010/03/11 21:25:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/03/11 21:20:54 | 000,000,000 | ---D | C] -- C:\Users\Safran\AppData\Local\temp
[2010/03/11 21:13:56 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/03/11 21:13:56 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/03/11 21:13:56 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/03/11 21:13:49 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/03/11 21:09:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/11 21:08:54 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/03/07 17:20:17 | 000,000,000 | ---D | C] -- C:\Users\Safran\AppData\Local\Microsoft Games
[2010/03/07 16:30:24 | 000,000,000 | ---D | C] -- C:\ProgramData\HPSSUPPLY
[2010/03/07 00:58:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2010/03/07 00:50:43 | 000,000,000 | ---D | C] -- C:\Program Files\InstallShield Installation Information
[2010/03/07 00:41:10 | 000,000,000 | ---D | C] -- C:\Program Files\Activision
[2010/03/07 00:37:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/03/07 00:28:49 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010/03/06 23:17:51 | 000,000,000 | ---D | C] -- C:\Users\Safran\AppData\Roaming\DAEMON Tools Lite
[2010/03/06 23:17:43 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010/03/06 20:42:44 | 000,000,000 | ---D | C] -- C:\Users\Safran\AppData\Roaming\DAEMON Tools Pro
[2010/03/06 20:42:44 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro
[2010/03/05 18:50:18 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2010/03/05 18:50:17 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2010/03/05 18:50:17 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2010/03/05 18:50:17 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2010/03/05 18:50:16 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2010/03/05 18:50:16 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2010/03/05 18:50:16 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2010/03/05 18:50:16 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2010/03/05 18:50:15 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2010/03/05 18:50:15 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2010/03/05 18:50:15 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2010/03/05 18:50:15 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2010/03/05 18:50:15 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2010/03/05 18:50:15 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2010/03/05 18:50:15 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2010/03/05 18:50:15 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2010/03/05 18:50:15 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2010/03/05 18:50:15 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2010/03/05 18:50:15 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2010/03/05 18:50:15 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2010/03/05 18:50:14 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2010/03/05 18:50:14 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2010/03/05 18:50:14 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2010/03/05 18:50:14 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2010/03/05 18:50:14 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2010/03/05 18:50:14 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2010/03/05 18:50:14 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2010/03/05 18:50:13 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2010/03/05 18:50:13 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2010/03/05 18:50:13 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2010/03/05 18:50:13 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2010/03/05 18:50:13 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2010/03/05 18:50:13 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2010/03/05 18:50:13 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2010/03/05 18:50:13 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2010/03/05 18:50:13 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2010/03/05 18:50:13 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2010/03/05 18:50:13 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2010/03/05 18:50:13 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2010/03/05 18:50:13 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2010/03/05 18:50:13 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2010/03/05 18:50:12 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2010/03/05 18:50:12 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2010/03/05 18:50:12 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2010/03/05 18:50:12 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2010/03/05 18:50:12 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2010/03/05 18:50:12 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2010/03/05 18:50:12 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2010/03/05 18:50:11 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2010/03/05 18:50:11 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2010/03/05 18:50:11 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2010/03/05 18:50:11 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2010/03/05 18:50:11 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2010/03/05 18:50:11 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2010/03/05 18:50:11 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2010/03/05 18:50:11 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2010/03/05 18:50:11 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2010/03/05 18:50:11 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2010/03/05 18:50:11 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2010/03/05 18:50:11 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2010/03/05 18:50:11 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2010/03/05 18:50:11 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2010/03/05 18:50:10 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2010/03/05 18:50:10 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2010/03/05 18:50:10 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2010/03/05 18:50:10 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2010/03/05 18:50:10 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2010/03/05 18:50:10 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2010/03/05 18:50:09 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2010/03/05 18:50:09 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2010/03/05 18:50:09 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2010/03/05 18:50:09 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2010/03/05 18:50:09 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2010/03/05 18:50:06 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2010/03/05 18:50:06 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2010/03/05 18:50:06 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2010/03/05 18:50:06 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2010/03/05 18:50:06 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2010/03/05 18:50:05 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2010/03/05 18:50:05 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2010/03/05 18:50:05 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2010/03/05 18:47:03 | 000,000,000 | -H-D | C] -- C:\Windows\msdownld.tmp
[2010/03/05 18:46:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2010/03/04 11:57:23 | 000,000,000 | ---D | C] -- C:\Users\Safran\AppData\Local\Nero
[2010/03/04 11:53:21 | 000,000,000 | ---D | C] -- C:\Users\Safran\Desktop\Extras
[2010/03/04 11:27:56 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Easy
[2010/03/04 01:19:40 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010/03/01 20:27:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/03/01 20:27:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/03/01 20:22:57 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010/03/01 20:22:57 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/03/01 20:22:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/03/01 20:22:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/03/01 20:02:36 | 000,212,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RichTx32.ocx
[2010/03/01 20:02:36 | 000,124,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSWinSck.ocx
[2010/03/01 20:02:33 | 001,753,088 | ---- | C] (Exontrol Inc.) -- C:\Windows\System32\ExGrid.dll
[2010/03/01 20:02:33 | 000,614,400 | ---- | C] (Exontrol Inc.) -- C:\Windows\System32\ExButton.dll
[2010/03/01 20:02:33 | 000,602,112 | ---- | C] (Exontrol Inc.) -- C:\Windows\System32\ExMenu.dll
[2010/03/01 20:02:33 | 000,516,096 | ---- | C] (Exontrol Inc.) -- C:\Windows\System32\ExTab.dll
[2010/03/01 20:02:33 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\Windows\System32\eSellerateEngine.dll
[2010/03/01 20:02:33 | 000,307,200 | ---- | C] (Exontrol Inc.) -- C:\Windows\System32\ExPMenu.dll
[2010/03/01 20:02:33 | 000,118,784 | ---- | C] (eSellerate Inc.) -- C:\Windows\System32\eWebControl.dll
[2010/03/01 20:02:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\eSellerate
[2010/03/01 20:02:32 | 001,388,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.004
[2010/03/01 20:02:32 | 000,368,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbar332.dll
[2010/03/01 20:02:32 | 000,326,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.005
[2010/03/01 20:02:32 | 000,147,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.002
[2010/03/01 20:02:32 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COMDLG32.OCX
[2010/03/01 20:02:32 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.003
[2010/03/01 20:02:31 | 000,598,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.000
[2010/03/01 20:02:31 | 000,164,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.001
[2010/03/01 20:02:31 | 000,000,000 | ---D | C] -- C:\Program Files\AnswersThatWork
[2010/03/01 18:38:17 | 000,000,000 | ---D | C] -- C:\Users\Safran\AppData\Roaming\Nero
[2010/03/01 18:24:14 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2010/03/01 18:23:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2010/02/24 20:32:06 | 000,000,000 | ---D | C] -- C:\$AVG
[2010/02/24 20:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/02/24 20:31:24 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/02/24 19:54:09 | 000,000,000 | ---D | C] -- C:\Users\Safran\AppData\Roaming\WinRAR
[2010/02/24 19:53:31 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/02/24 12:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/02/24 12:55:20 | 000,000,000 | ---D | C] -- C:\Users\Safran\AppData\Roaming\uTorrent
[2010/02/23 20:57:31 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/02/23 20:57:29 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010/02/23 20:57:29 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010/02/23 20:57:29 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2010/02/23 20:57:29 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010/02/23 20:57:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/02/22 23:32:04 | 000,000,000 | ---D | C] -- C:\Users\Safran\Documents\SightSpeed Recordings
[2010/02/22 20:58:13 | 000,000,000 | ---D | C] -- C:\Users\Safran\AppData\Roaming\AVS4YOU
[2010/02/22 20:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2010/02/22 20:58:08 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/02/22 20:57:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2010/02/22 20:57:14 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc70.dll
[2010/02/22 20:57:14 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp70.dll
[2010/02/22 20:57:13 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr70.dll
[2010/02/22 20:57:13 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3a.dll
[2010/02/22 20:57:13 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2010/02/22 20:03:43 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/02/22 20:03:43 | 000,000,000 | ---D | C] -- C:\Users\Safran\Documents\Clone2Go DVD Ripper
[2010/02/22 20:03:36 | 000,000,000 | ---D | C] -- C:\Users\Safran\AppData\Roaming\Clone2Go DVD Ripper
[2010/02/22 20:03:33 | 000,000,000 | ---D | C] -- C:\Program Files\Clone2Go DVD Ripper
[2010/02/21 03:08:07 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/02/20 18:40:10 | 000,000,000 | R--D | C] -- C:\Users\Safran\Documents\Scanned Documents
[2010/02/20 16:33:38 | 000,000,000 | ---D | C] -- C:\Users\Safran\AppData\Local\ElevatedDiagnostics
[2010/02/20 01:04:34 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/02/19 23:58:06 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/02/18 19:38:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010/02/18 19:38:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/02/18 19:38:15 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/02/18 17:20:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/02/17 19:10:17 | 000,000,000 | ---D | C] -- C:\Users\Safran\AppData\Roaming\Google
[2010/02/17 19:10:17 | 000,000,000 | ---D | C] -- C:\Users\Safran\AppData\Local\Google
[2010/02/17 14:40:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2010/02/17 14:40:10 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/02/17 14:07:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2010/02/16 23:36:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Outlook Connector
[2010/02/16 23:36:23 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/02/16 23:36:05 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/18 15:10:07 | 001,835,008 | -HS- | M] () -- C:\Users\Safran\ntuser.dat
[2010/03/18 15:06:02 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Users\Safran\Desktop\OTL.exe
[2010/03/18 14:47:48 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/18 14:47:48 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/18 14:42:05 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/03/18 14:39:35 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/18 14:39:24 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/18 14:39:24 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2010/03/18 14:39:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/18 14:39:03 | 1408,688,128 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/18 00:42:32 | 001,149,836 | -H-- | M] () -- C:\Users\Safran\AppData\Local\IconCache.db
[2010/03/18 00:20:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/17 11:24:15 | 000,002,283 | ---- | M] () -- C:\Users\Safran\Desktop\Win 32.Malware.Jeefo Removal Tool[2].lnk
[2010/03/17 11:11:47 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/03/17 11:11:45 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/03/16 21:29:16 | 000,000,513 | ---- | M] () -- C:\Windows\win.ini
[2010/03/16 20:48:56 | 000,109,600 | ---- | M] () -- C:\Users\Safran\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/03/16 19:19:42 | 000,056,816 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/03/16 18:48:08 | 000,031,707 | ---- | M] () -- C:\Users\Safran\Desktop\jangs.docx
[2010/03/16 18:10:20 | 000,000,162 | -H-- | M] () -- C:\Users\Safran\Desktop\~$jangs.docx
[2010/03/16 18:03:50 | 000,410,656 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/03/16 17:44:29 | 000,717,892 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/16 17:44:29 | 000,624,240 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/16 17:44:29 | 000,109,352 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/13 00:43:48 | 000,197,047 | ---- | M] () -- C:\Windows\hpoins30.dat
[2010/03/13 00:41:50 | 000,002,125 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
[2010/03/13 00:36:59 | 000,002,069 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/03/13 00:21:37 | 000,019,500 | ---- | M] () -- C:\Windows\hpqins13.dat
[2010/03/12 23:31:30 | 000,001,273 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2010/03/12 22:12:16 | 000,196,398 | ---- | M] () -- C:\Windows\hpoins30.dat.temp
[2010/03/11 21:23:04 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/03/11 21:22:55 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/03/11 00:01:48 | 000,023,698 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2010/03/07 00:48:17 | 000,002,054 | ---- | M] () -- C:\Users\Safran\Desktop\Rome - Total War.lnk
[2010/03/07 00:48:10 | 000,000,248 | ---- | M] () -- C:\Windows\RomeTW.ini
[2010/03/07 00:29:02 | 000,691,696 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys
[2010/03/07 00:17:34 | 000,524,288 | -HS- | M] () -- C:\Users\Safran\ntuser.dat{a9595bc3-297e-11df-a7f4-001e9071aa2e}.TMContainer00000000000000000002.regtrans-ms
[2010/03/07 00:17:34 | 000,065,536 | -HS- | M] () -- C:\Users\Safran\ntuser.dat{a9595bc3-297e-11df-a7f4-001e9071aa2e}.TM.blf
[2010/03/07 00:17:33 | 000,524,288 | -HS- | M] () -- C:\Users\Safran\ntuser.dat{a9595bc3-297e-11df-a7f4-001e9071aa2e}.TMContainer00000000000000000001.regtrans-ms
[2010/03/05 17:38:15 | 000,000,315 | ---- | M] () -- C:\Users\Safran\AppData\Roaming\default.rss
[2010/03/05 17:38:06 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/03/04 11:31:51 | 000,000,042 | ---- | M] () -- C:\Windows\System32\RegistryEasy.lie
[2010/03/01 20:22:49 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010/03/01 20:22:49 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/03/01 18:24:28 | 000,002,654 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2010/03/01 15:45:42 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/02/25 00:50:35 | 000,524,288 | -HS- | M] () -- C:\Users\Safran\ntuser.dat{dac47147-219f-11df-944b-001e9071aa2e}.TMContainer00000000000000000002.regtrans-ms
[2010/02/25 00:50:35 | 000,524,288 | -HS- | M] () -- C:\Users\Safran\ntuser.dat{dac47147-219f-11df-944b-001e9071aa2e}.TMContainer00000000000000000001.regtrans-ms
[2010/02/25 00:50:35 | 000,065,536 | -HS- | M] () -- C:\Users\Safran\ntuser.dat{dac47147-219f-11df-944b-001e9071aa2e}.TM.blf
[2010/02/24 19:51:51 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/02/24 19:51:51 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/02/24 10:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/02/23 20:53:03 | 000,524,288 | -HS- | M] () -- C:\Users\Safran\ntuser.dat{54376346-20bd-11df-bfa8-001e9071aa2e}.TMContainer00000000000000000002.regtrans-ms
[2010/02/23 20:53:03 | 000,524,288 | -HS- | M] () -- C:\Users\Safran\ntuser.dat{54376346-20bd-11df-bfa8-001e9071aa2e}.TMContainer00000000000000000001.regtrans-ms
[2010/02/23 20:53:03 | 000,065,536 | -HS- | M] () -- C:\Users\Safran\ntuser.dat{54376346-20bd-11df-bfa8-001e9071aa2e}.TM.blf
[2010/02/21 03:36:44 | 000,524,288 | -HS- | M] () -- C:\Users\Safran\ntuser.dat{40f77e41-1e98-11df-9308-001e9071aa2e}.TMContainer00000000000000000002.regtrans-ms
[2010/02/21 03:36:44 | 000,524,288 | -HS- | M] () -- C:\Users\Safran\ntuser.dat{40f77e41-1e98-11df-9308-001e9071aa2e}.TMContainer00000000000000000001.regtrans-ms
[2010/02/21 03:36:44 | 000,065,536 | -HS- | M] () -- C:\Users\Safran\ntuser.dat{40f77e41-1e98-11df-9308-001e9071aa2e}.TM.blf
[2010/02/20 19:40:13 | 000,077,620 | ---- | M] () -- C:\Windows\hpqins05.dat
[2010/02/20 18:59:46 | 000,023,113 | ---- | M] () -- C:\Windows\hpqins15.dat
[2010/02/20 17:14:05 | 002,529,622 | ---- | M] () -- C:\Users\Safran\AppData\Local\[j0009]-[p08].bmp
[2010/02/20 17:09:56 | 002,529,622 | ---- | M] () -- C:\Users\Safran\AppData\Local\[j0008]-[p10].bmp
[2010/02/20 17:07:04 | 002,529,622 | ---- | M] () -- C:\Users\Safran\AppData\Local\[j0007]-[p10].bmp
[2010/02/18 21:44:59 | 000,524,288 | -HS- | M] () -- C:\Users\Safran\ntuser.dat{0b01a0c3-1cc4-11df-a461-001e9071aa2e}.TMContainer00000000000000000002.regtrans-ms
[2010/02/18 21:44:59 | 000,524,288 | -HS- | M] () -- C:\Users\Safran\ntuser.dat{0b01a0c3-1cc4-11df-a461-001e9071aa2e}.TMContainer00000000000000000001.regtrans-ms
[2010/02/18 21:44:59 | 000,065,536 | -HS- | M] () -- C:\Users\Safran\ntuser.dat{0b01a0c3-1cc4-11df-a461-001e9071aa2e}.TM.blf
[2010/02/18 20:30:21 | 000,000,990 | ---- | M] () -- C:\Users\Public\Desktop\PS3 Media Server.lnk
[2010/02/18 20:06:23 | 000,001,023 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Vid.lnk
[2010/02/18 15:52:43 | 000,524,288 | -HS- | M] () -- C:\Users\Safran\NTUSER.DAT{8b64d964-1ca5-11df-b2e0-001e9071aa2e}.TMContainer00000000000000000002.regtrans-ms
[2010/02/18 15:52:43 | 000,524,288 | -HS- | M] () -- C:\Users\Safran\NTUSER.DAT{8b64d964-1ca5-11df-b2e0-001e9071aa2e}.TMContainer00000000000000000001.regtrans-ms
[2010/02/18 15:52:43 | 000,065,536 | -HS- | M] () -- C:\Users\Safran\NTUSER.DAT{8b64d964-1ca5-11df-b2e0-001e9071aa2e}.TM.blf
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/17 11:24:15 | 000,002,283 | ---- | C] () -- C:\Users\Safran\Desktop\Win 32.Malware.Jeefo Removal Tool[2].lnk
[2010/03/17 00:01:08 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2010/03/17 00:01:07 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010/03/17 00:01:07 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010/03/17 00:01:04 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2010/03/16 23:57:46 | 000,000,868 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job
[2010/03/16 23:35:14 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2010/03/16 18:10:20 | 000,000,162 | -H-- | C] () -- C:\Users\Safran\Desktop\~$jangs.docx
[2010/03/16 18:10:19 | 000,031,707 | ---- | C] () -- C:\Users\Safran\Desktop\jangs.docx
[2010/03/13 00:41:50 | 000,002,125 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
[2010/03/13 00:39:26 | 000,197,047 | ---- | C] () -- C:\Windows\hpoins30.dat
[2010/03/13 00:39:25 | 000,000,587 | ---- | C] () -- C:\Windows\hpomdl30.dat
[2010/03/13 00:17:23 | 000,019,500 | ---- | C] () -- C:\Windows\hpqins13.dat
[2010/03/12 23:31:30 | 000,001,273 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2010/03/12 23:31:05 | 000,002,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/03/11 21:13:56 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/03/11 21:13:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/03/11 21:13:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/03/11 21:13:56 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/03/11 21:13:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/03/07 00:48:17 | 000,002,054 | ---- | C] () -- C:\Users\Safran\Desktop\Rome - Total War.lnk
[2010/03/07 00:48:10 | 000,000,248 | ---- | C] () -- C:\Windows\RomeTW.ini
[2010/03/07 00:29:02 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010/03/07 00:17:03 | 000,524,288 | -HS- | C] () -- C:\Users\Safran\ntuser.dat{a9595bc3-297e-11df-a7f4-001e9071aa2e}.TMContainer00000000000000000002.regtrans-ms
[2010/03/07 00:17:03 | 000,524,288 | -HS- | C] () -- C:\Users\Safran\ntuser.dat{a9595bc3-297e-11df-a7f4-001e9071aa2e}.TMContainer00000000000000000001.regtrans-ms
[2010/03/07 00:17:03 | 000,065,536 | -HS- | C] () -- C:\Users\Safran\ntuser.dat{a9595bc3-297e-11df-a7f4-001e9071aa2e}.TM.blf
[2010/03/04 11:31:51 | 000,000,042 | ---- | C] () -- C:\Windows\System32\RegistryEasy.lie
[2010/03/01 20:46:08 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/03/01 18:24:28 | 000,002,654 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2010/02/24 23:55:32 | 000,524,288 | -HS- | C] () -- C:\Users\Safran\ntuser.dat{dac47147-219f-11df-944b-001e9071aa2e}.TMContainer00000000000000000002.regtrans-ms
[2010/02/24 23:55:32 | 000,524,288 | -HS- | C] () -- C:\Users\Safran\ntuser.dat{dac47147-219f-11df-944b-001e9071aa2e}.TMContainer00000000000000000001.regtrans-ms
[2010/02/24 23:55:32 | 000,065,536 | -HS- | C] () -- C:\Users\Safran\ntuser.dat{dac47147-219f-11df-944b-001e9071aa2e}.TM.blf
[2010/02/24 19:51:51 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/02/24 19:51:51 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/02/24 12:55:43 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/02/23 20:53:03 | 000,524,288 | -HS- | C] () -- C:\Users\Safran\ntuser.dat{54376346-20bd-11df-bfa8-001e9071aa2e}.TMContainer00000000000000000002.regtrans-ms
[2010/02/23 20:53:03 | 000,524,288 | -HS- | C] () -- C:\Users\Safran\ntuser.dat{54376346-20bd-11df-bfa8-001e9071aa2e}.TMContainer00000000000000000001.regtrans-ms
[2010/02/23 20:53:03 | 000,065,536 | -HS- | C] () -- C:\Users\Safran\ntuser.dat{54376346-20bd-11df-bfa8-001e9071aa2e}.TM.blf
[2010/02/21 03:22:26 | 000,524,288 | -HS- | C] () -- C:\Users\Safran\ntuser.dat{40f77e41-1e98-11df-9308-001e9071aa2e}.TMContainer00000000000000000002.regtrans-ms
[2010/02/21 03:22:26 | 000,524,288 | -HS- | C] () -- C:\Users\Safran\ntuser.dat{40f77e41-1e98-11df-9308-001e9071aa2e}.TMContainer00000000000000000001.regtrans-ms
[2010/02/21 03:22:26 | 000,065,536 | -HS- | C] () -- C:\Users\Safran\ntuser.dat{40f77e41-1e98-11df-9308-001e9071aa2e}.TM.blf
[2010/02/20 19:39:07 | 000,077,620 | ---- | C] () -- C:\Windows\hpqins05.dat
[2010/02/20 18:59:12 | 000,023,113 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/02/20 17:14:04 | 002,529,622 | ---- | C] () -- C:\Users\Safran\AppData\Local\[j0009]-[p08].bmp
[2010/02/20 17:09:55 | 002,529,622 | ---- | C] () -- C:\Users\Safran\AppData\Local\[j0008]-[p10].bmp
[2010/02/20 17:07:02 | 002,529,622 | ---- | C] () -- C:\Users\Safran\AppData\Local\[j0007]-[p10].bmp
[2010/02/18 20:30:21 | 000,000,990 | ---- | C] () -- C:\Users\Public\Desktop\PS3 Media Server.lnk
[2010/02/18 19:33:00 | 000,524,288 | -HS- | C] () -- C:\Users\Safran\ntuser.dat{0b01a0c3-1cc4-11df-a461-001e9071aa2e}.TMContainer00000000000000000002.regtrans-ms
[2010/02/18 19:33:00 | 000,524,288 | -HS- | C] () -- C:\Users\Safran\ntuser.dat{0b01a0c3-1cc4-11df-a461-001e9071aa2e}.TMContainer00000000000000000001.regtrans-ms
[2010/02/18 19:33:00 | 000,065,536 | -HS- | C] () -- C:\Users\Safran\ntuser.dat{0b01a0c3-1cc4-11df-a461-001e9071aa2e}.TM.blf
[2010/02/18 15:52:43 | 000,524,288 | -HS- | C] () -- C:\Users\Safran\NTUSER.DAT{8b64d964-1ca5-11df-b2e0-001e9071aa2e}.TMContainer00000000000000000002.regtrans-ms
[2010/02/18 15:52:43 | 000,524,288 | -HS- | C] () -- C:\Users\Safran\NTUSER.DAT{8b64d964-1ca5-11df-b2e0-001e9071aa2e}.TMContainer00000000000000000001.regtrans-ms
[2010/02/18 15:52:43 | 000,065,536 | -HS- | C] () -- C:\Users\Safran\NTUSER.DAT{8b64d964-1ca5-11df-b2e0-001e9071aa2e}.TM.blf
[2010/02/17 14:46:01 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/17 14:45:59 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/05 21:30:07 | 000,000,315 | ---- | C] () -- C:\Users\Safran\AppData\Roaming\default.rss
[2010/02/03 03:09:16 | 000,023,698 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/02/03 01:12:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/02/03 00:31:25 | 000,039,426 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/10/07 08:24:22 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/13 23:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 179 bytes -> C:\ProgramData\TEMP:D2F2F703
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:443E07A5
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >


Extras.Txt



OTL Extras logfile created on: 3/18/2010 3:07:58 PM - Run 1
OTL by OldTimer - Version 3.1.37.2 Folder = C:\Users\Safran\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97.62 Gb Total Space | 38.14 Gb Free Space | 39.07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 100.00 Mb Total Space | 69.81 Mb Free Space | 69.81% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 55.66 Gb Total Space | 22.20 Gb Free Space | 39.88% Space Free | Partition Type: NTFS

Computer Name: SAFRAN-PC
Current User Name: Safran
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{53567be2-d074-4cb1-88d4-5ecb7843d565}" = Nero 9 Trial
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{94A065E8-455D-41C1-AF1F-F0C1AF8F50F3}" = Microsoft IntelliType Pro 7.0
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DC11D9A-6DCD-4064-8363-63914A0122AB}" = C4500
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War™
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA6F009F-0CCD-4DD6-A462-28419C101D54}" = HP Photosmart C4500 All-In-One Driver Software 13.0 Rel. 4
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CF408B76-8698-4298-B549-5E6A94931B64}" = PS_AIO_04_C4500_Software_Min
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DA703982C580418795BF4001AA9D7061}" = DivX Plus Media Foundation Components
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF71A531-5B6C-4B20-8D1E-E6379C7FB6D3}" = Microsoft IntelliPoint 7.0
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"CCleaner" = CCleaner
"Clone2Go DVD Ripper_is1" = Clone2Go DVD Ripper 1.8.6
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVDFab 6_is1" = DVDFab 6.2.0.5
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Updater" = Google Updater
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War™
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"NVIDIA Drivers" = NVIDIA Drivers
"PowerISO" = PowerISO
"Registry Easy_is1" = Registry Easy v5.6
"Shop for HP Supplies" = Shop for HP Supplies
"Spyware Doctor" = Spyware Doctor 7.0
"The Ultimate Troubleshooter" = The Ultimate Troubleshooter
"uTorrent" = µTorrent
"Win 32.Malware.Jeefo Removal Tool[2]_is1" = Win 32.Malware.Jeefo Removal Tool[2]
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1823437180-114209430-2017350500-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"blinkx beat" = blinkx beat

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/18/2010 10:40:14 AM | Computer Name = Safran-PC | Source = ESENT | ID = 486
Description = wlcomm (4196) C:\Users\Safran\AppData\Local\Microsoft\Windows Live
Contacts\{bbebe508-05e7-40ab-86ce-772b8e5afaae}\: An attempt to move the file "C:\Users\Safran\AppData\Local\Microsoft\Windows
Live Contacts\{bbebe508-05e7-40ab-86ce-772b8e5afaae}\DBStore\LogFiles\edbtmp.log"
to "C:\Users\Safran\AppData\Local\Microsoft\Windows Live Contacts\{bbebe508-05e7-40ab-86ce-772b8e5afaae}\DBStore\LogFiles\edb.log"
failed with system error 5 (0x00000005): "Access is denied. ". The move file operation
will fail with error -1032 (0xfffffbf8).

Error - 3/18/2010 10:40:14 AM | Computer Name = Safran-PC | Source = ESENT | ID = 413
Description = wlcomm (4196) C:\Users\Safran\AppData\Local\Microsoft\Windows Live
Contacts\{bbebe508-05e7-40ab-86ce-772b8e5afaae}\: Unable to create a new logfile
because the database cannot write to the log drive. The drive may be read-only,
out of disk space, misconfigured, or corrupted. Error -1032.

Error - 3/18/2010 10:40:16 AM | Computer Name = Safran-PC | Source = ESENT | ID = 486
Description = wlcomm (4196) C:\Users\Safran\AppData\Local\Microsoft\Windows Live
Contacts\{bbebe508-05e7-40ab-86ce-772b8e5afaae}\: An attempt to move the file "C:\Users\Safran\AppData\Local\Microsoft\Windows
Live Contacts\{bbebe508-05e7-40ab-86ce-772b8e5afaae}\DBStore\LogFiles\edbtmp.log"
to "C:\Users\Safran\AppData\Local\Microsoft\Windows Live Contacts\{bbebe508-05e7-40ab-86ce-772b8e5afaae}\DBStore\LogFiles\edb.log"
failed with system error 5 (0x00000005): "Access is denied. ". The move file operation
will fail with error -1032 (0xfffffbf8).

Error - 3/18/2010 10:40:16 AM | Computer Name = Safran-PC | Source = ESENT | ID = 413
Description = wlcomm (4196) C:\Users\Safran\AppData\Local\Microsoft\Windows Live
Contacts\{bbebe508-05e7-40ab-86ce-772b8e5afaae}\: Unable to create a new logfile
because the database cannot write to the log drive. The drive may be read-only,
out of disk space, misconfigured, or corrupted. Error -1032.

Error - 3/18/2010 10:40:18 AM | Computer Name = Safran-PC | Source = ESENT | ID = 486
Description = wlcomm (4196) C:\Users\Safran\AppData\Local\Microsoft\Windows Live
Contacts\{bbebe508-05e7-40ab-86ce-772b8e5afaae}\: An attempt to move the file "C:\Users\Safran\AppData\Local\Microsoft\Windows
Live Contacts\{bbebe508-05e7-40ab-86ce-772b8e5afaae}\DBStore\LogFiles\edbtmp.log"
to "C:\Users\Safran\AppData\Local\Microsoft\Windows Live Contacts\{bbebe508-05e7-40ab-86ce-772b8e5afaae}\DBStore\LogFiles\edb.log"
failed with system error 5 (0x00000005): "Access is denied. ". The move file operation
will fail with error -1032 (0xfffffbf8).

Error - 3/18/2010 10:40:18 AM | Computer Name = Safran-PC | Source = ESENT | ID = 413
Description = wlcomm (4196) C:\Users\Safran\AppData\Local\Microsoft\Windows Live
Contacts\{bbebe508-05e7-40ab-86ce-772b8e5afaae}\: Unable to create a new logfile
because the database cannot write to the log drive. The drive may be read-only,
out of disk space, misconfigured, or corrupted. Error -1032.

Error - 3/18/2010 10:40:28 AM | Computer Name = Safran-PC | Source = ESENT | ID = 486
Description = wlcomm (4900) C:\Users\Safran\AppData\Local\Microsoft\Windows Live
Contacts\{bbebe508-05e7-40ab-86ce-772b8e5afaae}\: An attempt to move the file "C:\Users\Safran\AppData\Local\Microsoft\Windows
Live Contacts\{bbebe508-05e7-40ab-86ce-772b8e5afaae}\DBStore\LogFiles\edbtmp.log"
to "C:\Users\Safran\AppData\Local\Microsoft\Windows Live Contacts\{bbebe508-05e7-40ab-86ce-772b8e5afaae}\DBStore\LogFiles\edb.log"
failed with system error 5 (0x00000005): "Access is denied. ". The move file operation
will fail with error -1032 (0xfffffbf8).

Error - 3/18/2010 10:40:28 AM | Computer Name = Safran-PC | Source = ESENT | ID = 413
Description = wlcomm (4900) C:\Users\Safran\AppData\Local\Microsoft\Windows Live
Contacts\{bbebe508-05e7-40ab-86ce-772b8e5afaae}\: Unable to create a new logfile
because the database cannot write to the log drive. The drive may be read-only,
out of disk space, misconfigured, or corrupted. Error -1032.

Error - 3/18/2010 10:40:30 AM | Computer Name = Safran-PC | Source = ESENT | ID = 486
Description = wlcomm (4900) C:\Users\Safran\AppData\Local\Microsoft\Windows Live
Contacts\{bbebe508-05e7-40ab-86ce-772b8e5afaae}\: An attempt to move the file "C:\Users\Safran\AppData\Local\Microsoft\Windows
Live Contacts\{bbebe508-05e7-40ab-86ce-772b8e5afaae}\DBStore\LogFiles\edbtmp.log"
to "C:\Users\Safran\AppData\Local\Microsoft\Windows Live Contacts\{bbebe508-05e7-40ab-86ce-772b8e5afaae}\DBStore\LogFiles\edb.log"
failed with system error 5 (0x00000005): "Access is denied. ". The move file operation
will fail with error -1032 (0xfffffbf8).

Error - 3/18/2010 10:40:30 AM | Computer Name = Safran-PC | Source = ESENT | ID = 413
Description = wlcomm (4900) C:\Users\Safran\AppData\Local\Microsoft\Windows Live
Contacts\{bbebe508-05e7-40ab-86ce-772b8e5afaae}\: Unable to create a new logfile
because the database cannot write to the log drive. The drive may be read-only,
out of disk space, misconfigured, or corrupted. Error -1032.

[ OSession Events ]
Error - 2/20/2010 10:38:12 AM | Computer Name = Safran-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 96 seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/20/2010 10:39:44 AM | Computer Name = Safran-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 28 seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/20/2010 10:40:54 AM | Computer Name = Safran-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 12 seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 3/16/2010 9:43:33 PM | Computer Name = Safran-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 3/16/2010 9:43:33 PM | Computer Name = Safran-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 3/16/2010 9:43:33 PM | Computer Name = Safran-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 3/16/2010 9:45:16 PM | Computer Name = Safran-PC | Source = Service Control Manager | ID = 7001
Description = The PnP-X IP Bus Enumerator service depends on the Function Discovery
Provider Host service which failed to start because of the following error: %%1068

Error - 3/16/2010 9:46:44 PM | Computer Name = Safran-PC | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%193

Error - 3/16/2010 9:47:57 PM | Computer Name = Safran-PC | Source = DCOM | ID = 10016
Description =

Error - 3/17/2010 4:06:18 PM | Computer Name = Safran-PC | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%193

Error - 3/17/2010 4:07:25 PM | Computer Name = Safran-PC | Source = DCOM | ID = 10016
Description =

Error - 3/18/2010 10:39:24 AM | Computer Name = Safran-PC | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%193

Error - 3/18/2010 10:40:35 AM | Computer Name = Safran-PC | Source = DCOM | ID = 10016
Description =


< End of report >
  • 0

#4
saf99
Posted 18 March 2010 - 10:08 AM

saf99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi again I downloaded and opened the Gmer file, however the scan did not automatically run so I booted my computer in safe mode to resolve this but this did not help. I therefore checked the boxes F:\ and L:\ and clicked the scan button to scan these drives along with my C:\ drive. Also I did not get any warnings about rootkit activity during the scan and did not get any windows popping up about rootkit warnings.

I am quite sure that the scan did finish completely as I was able to save the report and also the start scan button was highlighted again...

the gmer.log is pasted below :


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-18 15:56:13
Windows 6.1.7600
Running: 2swezxrd.exe; Driver: C:\Users\Safran\AppData\Local\Temp\uxryqpob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x880CBCDE]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x880CBED0]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x880CC0D8]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x880CB984]

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82422AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82422104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 824223F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8240B2D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8240A898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 824221DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82422958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 824226F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82422F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 824231A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwSaveKeyEx + 13B1 8203D8E9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 8205D3D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 14A3 82064770 8 Bytes [DE, BC, 0C, 88, D0, BE, 0C, ...]
.text ntoskrnl.exe!KeRemoveQueueEx + 14DB 820647A8 4 Bytes [D8, C0, 0C, 88] {FADD ST, ST(0); OR AL, 0x88}
.text ntoskrnl.exe!KeRemoveQueueEx + 192F 82064BFC 4 Bytes [84, B9, 0C, 88]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [747C2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [747A5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [747A56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [747C250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [747B8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [747B4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [747B50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [747B51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [747B66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [747B82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [747B8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [747B907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [747BE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [747B4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x80 0x0B 0xEA 0xD1 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x0E 0xCE 0xDC 0x4A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x92 0x10 0x44 0xAE ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xC2 0xC0 0xE6 0x10 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x92 0x10 0x44 0xAE ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x80 0x0B 0xEA 0xD1 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x0E 0xCE 0xDC 0x4A ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x92 0x10 0x44 0xAE ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xC2 0xC0 0xE6 0x10 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x92 0x10 0x44 0xAE ...
  • 0

#5
Elise
Posted 18 March 2010 - 10:09 AM

Elise

    Emsisoft Research

  • Expert
  • 3,389 posts
Hello saf99,

P2P WARNING
-------------------
Going over your logs I noticed that you have uTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.



  • Please download TDSSKiller.zip and save it to your desktop.
  • Extract the zip file to your desktop (important, before continuing, make sure the file is located on your desktop, otherwise the following steps will not work!). Do NOT run the file yet!
  • Click Start > Run and copy paste the following bolded text in the run box
    "%userprofile%\desktop\tdsskiller.exe" -l report.txt
  • When it finished press any key to continue.
  • If needed reboot the computer.
A logfile (report.txt) will be created on your desktop. Please post its contents in your next reply.

In your next reply, please include the following:
  • TDSSkiller report.txt
  • 0

#6
saf99
Posted 18 March 2010 - 11:01 AM

saf99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Not sure if I did the extracting right, I did type that code into the search box and a log file was created. Here it is below:




16:57:48:919 4584 TDSS rootkit removing tool 2.2.8 Mar 10 2010 15:53:20
16:57:48:919 4584 ================================================================================
16:57:48:919 4584 SystemInfo:

16:57:48:919 4584 OS Version: 6.1.7600 ServicePack: 0.0
16:57:48:919 4584 Product type: Workstation
16:57:48:919 4584 ComputerName: SAFRAN-PC
16:57:48:929 4584 UserName: Safran
16:57:48:929 4584 Windows directory: C:\Windows
16:57:48:929 4584 Processor architecture: Intel x86
16:57:48:929 4584 Number of processors: 2
16:57:48:929 4584 Page size: 0x1000
16:57:48:929 4584 Boot type: Normal boot
16:57:48:929 4584 ================================================================================
16:57:48:939 4584 UnloadDriverW: NtUnloadDriver error 2
16:57:48:939 4584 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
16:57:49:099 4584 wfopen_ex: Trying to open file C:\Windows\system32\config\system
16:57:49:099 4584 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
16:57:49:099 4584 wfopen_ex: Trying to KLMD file open
16:57:49:099 4584 wfopen_ex: File opened ok (Flags 2)
16:57:49:119 4584 wfopen_ex: Trying to open file C:\Windows\system32\config\software
16:57:49:119 4584 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
16:57:49:119 4584 wfopen_ex: Trying to KLMD file open
16:57:49:119 4584 wfopen_ex: File opened ok (Flags 2)
16:57:49:139 4584 Initialize success
16:57:49:139 4584
16:57:49:139 4584 Scanning Services ...
16:57:50:209 4584 GetAdvancedServicesInfo: Raw services enum returned 475 services
16:57:50:219 4584
16:57:50:219 4584 Scanning Kernel memory ...
16:57:50:219 4584 Devices to scan: 1
16:57:50:219 4584
16:57:50:219 4584 Driver Name: atapi
16:57:50:219 4584 IRP_MJ_CREATE : 84AF21F8
16:57:50:219 4584 IRP_MJ_CREATE_NAMED_PIPE : 82CC2359
16:57:50:219 4584 IRP_MJ_CLOSE : 84AF21F8
16:57:50:219 4584 IRP_MJ_READ : 82CC2359
16:57:50:219 4584 IRP_MJ_WRITE : 82CC2359
16:57:50:219 4584 IRP_MJ_QUERY_INFORMATION : 82CC2359
16:57:50:219 4584 IRP_MJ_SET_INFORMATION : 82CC2359
16:57:50:219 4584 IRP_MJ_QUERY_EA : 82CC2359
16:57:50:219 4584 IRP_MJ_SET_EA : 82CC2359
16:57:50:219 4584 IRP_MJ_FLUSH_BUFFERS : 82CC2359
16:57:50:219 4584 IRP_MJ_QUERY_VOLUME_INFORMATION : 82CC2359
16:57:50:219 4584 IRP_MJ_SET_VOLUME_INFORMATION : 82CC2359
16:57:50:219 4584 IRP_MJ_DIRECTORY_CONTROL : 82CC2359
16:57:50:219 4584 IRP_MJ_FILE_SYSTEM_CONTROL : 82CC2359
16:57:50:219 4584 IRP_MJ_DEVICE_CONTROL : 84AF21F8
16:57:50:219 4584 IRP_MJ_INTERNAL_DEVICE_CONTROL : 84AF21F8
16:57:50:219 4584 IRP_MJ_SHUTDOWN : 82CC2359
16:57:50:219 4584 IRP_MJ_LOCK_CONTROL : 82CC2359
16:57:50:219 4584 IRP_MJ_CLEANUP : 82CC2359
16:57:50:219 4584 IRP_MJ_CREATE_MAILSLOT : 82CC2359
16:57:50:219 4584 IRP_MJ_QUERY_SECURITY : 82CC2359
16:57:50:219 4584 IRP_MJ_SET_SECURITY : 82CC2359
16:57:50:219 4584 IRP_MJ_POWER : 84AF21F8
16:57:50:219 4584 IRP_MJ_SYSTEM_CONTROL : 84AF21F8
16:57:50:219 4584 IRP_MJ_DEVICE_CHANGE : 82CC2359
16:57:50:219 4584 IRP_MJ_QUERY_QUOTA : 82CC2359
16:57:50:219 4584 IRP_MJ_SET_QUOTA : 82CC2359
16:57:50:229 4584 C:\Windows\system32\DRIVERS\atapi.sys - Verdict: 1
16:57:50:229 4584
16:57:50:229 4584 Completed
16:57:50:229 4584
16:57:50:229 4584 Results:
16:57:50:229 4584 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
16:57:50:229 4584 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
16:57:50:229 4584 File objects infected / cured / cured on reboot: 0 / 0 / 0
16:57:50:229 4584
16:57:50:229 4584 fclose_ex: Trying to close file C:\Windows\system32\config\system
16:57:50:229 4584 fclose_ex: Trying to close file C:\Windows\system32\config\software
16:57:50:249 4584 KLMD(ARK) unloaded successfully
  • 0

#7
Elise
Posted 18 March 2010 - 11:26 AM

Elise

    Emsisoft Research

  • Expert
  • 3,389 posts
Hello saf99,

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.


COMBOFIX
---------------
Please download ComboFix from one of these locations:Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


In your next reply, please include the following:
  • Combofix.txt
  • 0

#8
saf99
Posted 18 March 2010 - 12:13 PM

saf99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi i've ran Combofix, below is the combofix log. By the way I forgot to mention before my first reply that my computer is infected by JEEFO virus as it was detected by my spyware...




ComboFix 10-03-17.07 - Safran 18/03/2010 17:44:12.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.1791.1061 [GMT 0:00]
Running from: c:\users\Safran\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\eSellerateEngine.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2010-02-18 to 2010-03-18 )))))))))))))))))))))))))))))))
.

2010-03-18 17:55 . 2010-03-18 17:57 -------- d-----w- c:\users\Safran\AppData\Local\temp
2010-03-18 17:55 . 2010-03-18 17:55 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-18 17:55 . 2010-03-18 17:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-18 17:54 . 2010-03-18 17:54 -------- d-----w- c:\users\Sanya\AppData\Local\temp
2010-03-18 17:54 . 2010-03-18 17:54 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-03-17 11:24 . 2010-01-26 14:01 81920 ----a-w- c:\windows\eSellerateControl350.dll
2010-03-17 11:24 . 2010-03-17 20:00 -------- d-----w- c:\program files\Win 32.Malware.Jeefo Removal Tool[2]
2010-03-17 02:41 . 2010-03-17 02:41 -------- d-----w- c:\program files\Common Files\McAfee
2010-03-17 02:41 . 2010-03-17 20:06 -------- d-----w- c:\program files\McAfee
2010-03-17 02:41 . 2010-03-17 02:41 -------- d-----w- c:\programdata\McAfee
2010-03-17 00:01 . 2009-10-30 11:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-03-17 00:01 . 2009-10-30 11:09 98600 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-03-17 00:01 . 2009-11-09 11:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-03-17 00:01 . 2009-10-06 16:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-03-17 00:01 . 2009-09-03 09:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-03-17 00:00 . 2010-03-17 00:01 -------- d-----w- c:\program files\Common Files\PC Tools
2010-03-17 00:00 . 2010-03-17 00:00 -------- d-----w- c:\users\Safran\AppData\Roaming\PC Tools
2010-03-17 00:00 . 2010-03-17 00:00 -------- d-----w- c:\programdata\PC Tools
2010-03-16 23:57 . 2010-03-16 23:57 -------- d-----w- c:\programdata\Google Updater
2010-03-16 23:39 . 2010-03-16 23:39 -------- d-----w- c:\users\Safran\AppData\Local\Threat Expert
2010-03-16 23:31 . 2010-03-18 17:41 -------- d-----w- c:\program files\Spyware Doctor
2010-03-16 19:16 . 2010-03-16 21:48 -------- d-----w- c:\programdata\Avira
2010-03-16 19:16 . 2010-03-16 19:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-03-16 17:57 . 2010-03-16 21:30 -------- d-----w- c:\program files\Microsoft Works
2010-03-16 17:56 . 2010-03-16 17:56 -------- d-----w- c:\program files\Microsoft.NET
2010-03-16 17:54 . 2010-03-16 17:54 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-03-16 17:23 . 2010-03-16 17:23 -------- d-----w- c:\users\Guest\Office Genuine Advantage
2010-03-16 16:47 . 2010-03-16 16:47 -------- d-----w- c:\users\Guest\AppData\Roaming\Yahoo!
2010-03-13 00:39 . 2010-03-13 00:43 197047 ----a-w- c:\windows\hpoins30.dat
2010-03-13 00:39 . 2009-10-08 01:29 587 ------w- c:\windows\hpomdl30.dat
2010-03-13 00:17 . 2010-03-13 00:21 19500 ----a-w- c:\windows\hpqins13.dat
2010-03-12 23:32 . 2010-03-12 23:32 -------- d-----w- c:\program files\Yahoo!
2010-03-12 23:31 . 2010-03-12 23:31 -------- d-----w- c:\programdata\HP Product Assistant
2010-03-07 17:20 . 2010-03-07 17:20 -------- d-----w- c:\users\Safran\AppData\Local\Microsoft Games
2010-03-07 16:30 . 2010-03-07 16:30 -------- d-----w- c:\programdata\HPSSUPPLY
2010-03-07 00:50 . 2010-03-07 00:50 -------- d-----w- c:\program files\InstallShield Installation Information
2010-03-07 00:41 . 2010-03-07 00:41 -------- d-----w- c:\program files\Activision
2010-03-07 00:37 . 2010-03-07 00:37 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-07 00:29 . 2010-03-07 00:29 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-07 00:28 . 2010-03-17 11:15 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-03-06 23:17 . 2010-03-07 00:36 -------- d-----w- c:\users\Safran\AppData\Roaming\DAEMON Tools Lite
2010-03-06 23:17 . 2010-03-07 00:27 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-03-06 20:42 . 2010-03-06 23:44 -------- d-----w- c:\users\Safran\AppData\Roaming\DAEMON Tools Pro
2010-03-06 20:42 . 2010-03-06 23:41 -------- d-----w- c:\programdata\DAEMON Tools Pro
2010-03-05 18:47 . 2010-03-05 18:49 -------- d--h--w- c:\windows\msdownld.tmp
2010-03-04 22:15 . 2010-03-04 22:27 -------- d-----w- c:\users\Sanya\AppData\Roaming\Skype
2010-03-04 11:57 . 2010-03-04 11:57 -------- d-----w- c:\users\Safran\AppData\Local\Nero
2010-03-04 11:27 . 2010-03-17 11:12 -------- d-----w- c:\program files\Registry Easy
2010-03-04 01:19 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-03-01 20:27 . 2010-03-01 20:27 -------- d-----w- c:\program files\Common Files\Java
2010-03-01 20:22 . 2010-03-01 20:22 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-01 20:02 . 2010-03-01 20:02 -------- d-----w- c:\program files\Common Files\eSellerate
2010-03-01 20:02 . 2007-06-08 13:53 1753088 ----a-w- c:\windows\system32\ExGrid.dll
2010-03-01 20:02 . 2007-06-05 10:20 602112 ----a-w- c:\windows\system32\ExMenu.dll
2010-03-01 20:02 . 2007-06-05 10:19 516096 ----a-w- c:\windows\system32\ExTab.dll
2010-03-01 20:02 . 2007-04-03 16:51 614400 ----a-w- c:\windows\system32\ExButton.dll
2010-03-01 20:02 . 2007-04-03 16:51 307200 ----a-w- c:\windows\system32\ExPMenu.dll
2010-03-01 20:02 . 2005-10-11 14:40 356352 ----a-w- c:\windows\system32\eSellerateEngine.dll
2010-03-01 20:02 . 2005-10-04 08:11 118784 ----a-w- c:\windows\system32\eWebControl.dll
2010-03-01 20:02 . 1998-04-24 00:00 368912 ----a-w- c:\windows\system32\vbar332.dll
2010-03-01 20:02 . 2010-03-01 20:02 -------- d-----w- c:\program files\AnswersThatWork
2010-03-01 18:38 . 2010-03-01 18:38 -------- d-----w- c:\users\Safran\AppData\Roaming\Nero
2010-03-01 18:24 . 2010-03-01 18:30 -------- d-----w- c:\program files\Nero
2010-03-01 18:23 . 2010-03-01 18:31 -------- d-----w- c:\program files\Common Files\Nero
2010-02-28 15:33 . 2010-02-28 15:33 109600 ----a-w- c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-28 15:31 . 2010-02-28 15:31 -------- d-----w- c:\users\Guest\AppData\Local\LogiShrd
2010-02-24 20:32 . 2010-02-24 20:57 -------- d-----w- C:\$AVG
2010-02-24 20:31 . 2010-02-25 07:51 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-02-24 20:31 . 2010-02-25 07:51 -------- d-----w- c:\programdata\avg9
2010-02-24 12:55 . 2010-03-17 11:12 -------- d-----w- c:\program files\uTorrent
2010-02-24 12:55 . 2010-03-09 22:36 -------- d-----w- c:\users\Safran\AppData\Roaming\uTorrent
2010-02-23 20:57 . 2009-12-13 09:30 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-02-23 20:57 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-02-23 20:57 . 2009-12-13 09:29 417792 ----a-w- c:\windows\system32\msdri.dll
2010-02-23 20:57 . 2010-02-02 07:45 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-22 20:58 . 2010-02-22 20:58 -------- d-----w- c:\users\Safran\AppData\Roaming\AVS4YOU
2010-02-22 20:58 . 2010-02-22 20:58 -------- d-----w- c:\programdata\AVS4YOU
2010-02-22 20:57 . 2010-02-25 07:49 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-02-22 20:57 . 2008-08-13 11:22 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-02-22 20:57 . 2008-08-13 11:22 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-02-22 20:57 . 2010-03-17 11:16 -------- d-----w- c:\program files\AVS4YOU
2010-02-22 20:57 . 2008-08-13 11:22 344064 ----a-w- c:\windows\system32\msvcr70.dll
2010-02-22 20:57 . 2008-08-13 11:22 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-02-22 20:03 . 2010-02-22 20:03 -------- d-----w- c:\users\Safran\AppData\Roaming\Clone2Go DVD Ripper
2010-02-22 20:03 . 2010-03-17 11:16 -------- d-----w- c:\program files\Clone2Go DVD Ripper
2010-02-21 17:37 . 2010-02-21 17:37 -------- d-----w- c:\users\Guest\AppData\Roaming\HP
2010-02-21 03:08 . 2010-02-21 03:08 -------- d-----w- c:\program files\AVG
2010-02-20 19:39 . 2010-02-20 19:40 77620 ----a-w- c:\windows\hpqins05.dat
2010-02-20 18:59 . 2010-02-20 18:59 23113 ----a-w- c:\windows\hpqins15.dat
2010-02-20 16:33 . 2010-02-21 03:36 -------- d-----w- c:\users\Safran\AppData\Local\ElevatedDiagnostics
2010-02-20 01:04 . 2010-03-04 12:15 -------- d-----w- c:\windows\Sun
2010-02-19 23:58 . 2010-02-21 11:20 -------- d-----w- c:\program files\MSECache
2010-02-18 19:38 . 2010-02-18 19:39 -------- d-----w- c:\programdata\Norton
2010-02-18 19:38 . 2010-02-18 19:38 -------- d-----w- c:\programdata\Symantec
2010-02-18 19:38 . 2010-02-18 19:38 -------- d-----w- c:\programdata\NortonInstaller
2010-02-18 17:20 . 2010-02-18 17:20 -------- d-----w- c:\programdata\Alwil Software
2010-02-18 14:53 . 2010-02-18 14:55 -------- d-----w- c:\users\Sanya\AppData\Local\Apple Computer
2010-02-18 14:53 . 2010-02-18 14:54 -------- d-----w- c:\users\Sanya\AppData\Roaming\Apple Computer
2010-02-17 19:10 . 2010-02-18 16:54 -------- d-----w- c:\users\Safran\AppData\Local\Google
2010-02-17 14:40 . 2010-02-17 22:22 -------- d-----w- c:\users\Sanya\AppData\Local\Google
2010-02-17 14:40 . 2010-03-16 23:57 -------- d-----w- c:\program files\Google
2010-02-17 14:07 . 2010-02-25 07:50 -------- d-----w- c:\windows\system32\Adobe
2010-02-16 23:36 . 2010-03-07 08:15 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2010-02-16 23:36 . 2010-02-16 23:36 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-02-16 23:36 . 2010-02-25 07:49 -------- d-----w- c:\program files\Windows Live
2010-02-16 21:09 . 2010-02-16 21:09 -------- d-----w- c:\users\Sanya\AppData\Local\Yahoo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-18 17:56 . 2010-02-02 20:44 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-03-18 17:37 . 2010-02-03 01:09 -------- d-----w- c:\users\Safran\AppData\Roaming\Skype
2010-03-17 11:17 . 2010-02-03 03:43 -------- d-----w- c:\program files\Apple Software Update
2010-03-17 11:16 . 2010-02-06 18:53 -------- d-----w- c:\program files\Blinkx
2010-03-17 11:16 . 2010-02-09 00:57 -------- d-----w- c:\program files\CCleaner
2010-03-17 11:15 . 2010-02-03 13:37 -------- d-----w- c:\program files\Common Files\LightScribe
2010-03-17 11:15 . 2010-02-03 03:49 -------- d-----w- c:\program files\DivX
2010-03-17 11:14 . 2010-02-06 19:19 -------- d-----w- c:\program files\DVDFab 6
2010-03-17 11:14 . 2010-02-12 16:08 -------- d-----w- c:\program files\iTunes
2010-03-17 11:14 . 2010-02-06 19:49 -------- d-----w- c:\program files\MagicISO
2010-03-17 11:14 . 2010-02-08 16:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-17 11:13 . 2010-02-14 19:32 -------- d-----w- c:\program files\Microsoft IntelliPoint
2010-03-17 11:13 . 2010-02-14 19:31 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2010-03-17 11:13 . 2010-02-04 15:17 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-17 11:13 . 2010-02-06 19:51 -------- d-----w- c:\program files\PowerISO
2010-03-17 11:12 . 2010-02-03 03:43 -------- d-----w- c:\program files\QuickTime
2010-03-17 03:07 . 2010-02-03 23:57 -------- d-----w- c:\programdata\Microsoft Help
2010-03-16 22:42 . 2010-02-17 14:40 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb63A.tmp.exe
2010-03-16 22:42 . 2010-02-17 14:40 509552 ----a-w- c:\programdata\Application Data\Google\Google Toolbar\Update\gtb63A.tmp.exe
2010-03-16 22:42 . 2010-02-17 14:40 509552 ----a-w- c:\programdata\Application Data\Application Data\Google\Google Toolbar\Update\gtb63A.tmp.exe
2010-03-16 22:42 . 2010-02-17 14:40 509552 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb63A.tmp.exe
2010-03-16 22:42 . 2010-02-17 14:40 509552 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb63A.tmp.exe
2010-03-16 22:42 . 2010-02-17 14:40 509552 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb63A.tmp.exe
2010-03-16 22:42 . 2010-02-17 14:40 509552 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb63A.tmp.exe
2010-03-16 22:42 . 2010-02-17 14:40 509552 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb63A.tmp.exe
2010-03-16 22:42 . 2010-02-17 14:40 509552 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb63A.tmp.exe
2010-03-16 22:42 . 2010-02-17 14:40 509552 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb63A.tmp.exe
2010-03-16 22:42 . 2010-02-17 14:40 509552 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb63A.tmp.exe
2010-03-16 22:42 . 2010-02-17 14:40 509552 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb63A.tmp.exe
2010-03-16 20:48 . 2010-02-02 23:45 109600 ----a-w- c:\users\Safran\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-16 17:57 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-03-16 17:39 . 2010-02-03 00:50 -------- d-----w- c:\program files\Microsoft
2010-03-13 00:01 . 2010-02-03 00:34 -------- d-----w- c:\programdata\Yahoo! Companion
2010-03-12 23:31 . 2010-02-03 00:31 -------- d-----w- c:\programdata\HP
2010-03-12 23:31 . 2010-02-03 00:32 -------- d-----w- c:\program files\HP
2010-03-07 08:15 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-03-07 08:15 . 2010-02-04 01:08 -------- d-----w- c:\program files\PS3 Media Server
2010-03-07 08:15 . 2010-02-03 03:50 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-03-07 08:15 . 2010-02-03 03:43 -------- d-----w- c:\program files\Bonjour
2010-03-02 20:08 . 2010-02-03 03:43 -------- d-----w- c:\programdata\Apple Computer
2010-03-01 20:22 . 2010-02-04 01:10 -------- d-----w- c:\program files\Java
2010-03-01 18:25 . 2010-02-03 13:38 -------- d-----w- c:\programdata\Nero
2010-03-01 15:29 . 2010-03-01 15:29 5 ----a-w- c:\windows\system32\YoItzVlad.tmp
2010-02-27 12:48 . 2010-02-13 19:24 109600 ----a-w- c:\users\Sanya\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-25 07:52 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Sidebar
2010-02-25 07:52 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Portable Devices
2010-02-25 07:52 . 2010-02-03 01:09 -------- d-----r- c:\program files\Skype
2010-02-25 07:49 . 2010-02-04 01:50 -------- d-----w- c:\programdata\NOS
2010-02-25 07:49 . 2010-02-03 03:13 -------- d-----w- c:\program files\Windows Virtual PC
2010-02-25 07:49 . 2010-02-03 03:06 -------- d-----w- c:\program files\Windows XP Mode
2010-02-25 07:49 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Photo Viewer
2010-02-25 07:49 . 2009-07-14 07:50 -------- d-----w- c:\program files\Windows Journal
2010-02-25 07:49 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Defender
2010-02-25 07:49 . 2009-07-14 04:52 -------- d-----w- c:\program files\Reference Assemblies
2010-02-24 10:16 . 2010-02-02 20:57 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 04:48 . 2010-02-03 03:44 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-02-24 04:48 . 2010-02-03 01:08 -------- d-----w- c:\programdata\Skype
2010-02-24 04:48 . 2010-02-03 01:00 -------- d-----w- c:\programdata\Yahoo!
2010-02-24 04:48 . 2010-02-08 16:37 -------- d-----w- c:\programdata\Malwarebytes
2010-02-24 04:48 . 2010-02-02 21:48 -------- d-----w- c:\programdata\LogiShrd
2010-02-24 04:48 . 2010-02-03 03:42 -------- d-----w- c:\programdata\Apple
2010-02-21 11:20 . 2010-02-03 03:09 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-02-21 11:20 . 2010-02-02 21:48 -------- d-----w- c:\program files\Logitech
2010-02-21 11:20 . 2009-07-14 04:52 -------- d-----w- c:\program files\Microsoft Games
2010-02-21 11:20 . 2010-02-12 16:08 -------- d-----w- c:\program files\iPod
2010-02-21 11:20 . 2010-02-02 23:47 -------- d-----w- c:\program files\Common Files\Windows Live
2010-02-21 11:20 . 2009-07-14 04:52 -------- d-----w- c:\program files\DVD Maker
2010-02-21 11:20 . 2010-02-09 17:19 -------- d-----w- c:\program files\Common Files\HP
2010-02-21 11:20 . 2010-02-04 01:52 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-21 11:20 . 2010-02-04 01:51 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-21 11:20 . 2010-02-03 03:42 -------- d-----w- c:\program files\Common Files\Apple
2010-02-21 11:20 . 2010-02-03 00:33 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-02-21 11:20 . 2010-02-02 20:43 -------- d-----w- c:\program files\Common Files\logishrd
2010-02-12 17:28 . 2010-02-12 17:28 -------- d-----w- c:\programdata\NVIDIA
2010-02-12 16:45 . 2010-02-12 16:45 -------- d-----w- c:\users\Safran\AppData\Roaming\Uniblue
2010-02-09 14:14 . 2010-02-09 14:13 1314 ----a-w- C:\cc_20100209_141329.reg
2010-02-08 18:44 . 2010-02-08 18:44 382 ----a-w- C:\KEY.reg
2010-02-08 16:44 . 2010-02-06 18:53 -------- d-----w- c:\programdata\BrowserQuest
2010-02-08 16:37 . 2010-02-08 16:37 -------- d-----w- c:\users\Safran\AppData\Roaming\Malwarebytes
2010-02-06 19:15 . 2010-02-06 18:53 -------- d-----w- c:\program files\BrowserQuest
2010-02-05 21:29 . 2010-02-05 21:29 -------- d-----w- c:\users\Safran\AppData\Roaming\DivX
2010-02-04 10:01 . 2010-03-05 18:50 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-04 10:01 . 2010-03-05 18:50 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-04 10:01 . 2010-03-05 18:50 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-02-04 10:01 . 2010-03-05 18:50 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-02-04 02:01 . 2010-02-04 02:01 -------- d-----w- c:\users\Safran\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-02-04 01:02 . 2010-02-04 01:02 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-02-04 01:00 . 2010-02-04 01:00 -------- d-----w- c:\users\Sanya\AppData\Roaming\DivX
2010-02-04 01:00 . 2010-02-04 01:00 -------- d-----w- c:\users\Sanya\AppData\Roaming\Nero
2010-02-04 00:41 . 2010-02-04 00:41 -------- d-----w- c:\users\Sanya\AppData\Roaming\Yahoo!
2010-02-04 00:40 . 2010-02-04 00:40 -------- d-----w- c:\program files\MSXML 4.0
2010-02-03 13:56 . 2010-02-03 13:56 -------- d-----w- c:\programdata\LightScribe
2010-02-03 03:49 . 2010-02-03 03:49 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-02-03 03:47 . 2010-02-03 03:44 -------- d-----w- c:\users\Safran\AppData\Roaming\Apple Computer
2010-02-03 01:12 . 2010-02-03 01:12 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-02-03 01:12 . 2010-02-03 01:12 -------- d-----w- c:\users\Safran\AppData\Roaming\skypePM
2010-02-03 01:09 . 2010-02-03 01:09 -------- d-----w- c:\program files\Common Files\Skype
2010-02-03 01:06 . 2010-02-03 00:34 -------- d-----w- c:\users\Safran\AppData\Roaming\Yahoo!
2010-02-03 00:45 . 2010-02-03 00:44 -------- d-----w- c:\users\Safran\AppData\Roaming\HP
2010-02-03 00:44 . 2010-02-03 00:44 -------- d-----w- c:\programdata\WEBREG
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 984000]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 1501064]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCInstallQueue"="netman.dll" [2009-07-14 280576]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

R2 BrowserQuest Service;BrowserQuest Service;c:\programdata\BrowserQuest\browserquest119.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-17 170992]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-10-30 359624]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-07 691696]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-11-09 207792]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [2009-12-08 93320]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-04 17408]
S3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n86.sys [2009-10-16 1183232]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder

2010-03-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-03-16 23:57]

2010-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-17 14:45]

2010-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-17 14:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

AddRemove-AVS Update Manager_is1 - c:\program files\AVS4YOU\AVSUpdateManager\unins000.exe
AddRemove-AVS4YOU Software Navigator_is1 - c:\program files\AVS4YOU\AVSSoftwareNavigator\unins000.exe
AddRemove-AVS4YOU Video Converter 6_is1 - c:\program files\AVS4YOU\AVSVideoConverter6\unins000.exe
AddRemove-CCleaner - c:\program files\CCleaner\uninst.exe
AddRemove-Clone2Go DVD Ripper_is1 - c:\program files\Clone2Go DVD Ripper\unins000.exe
AddRemove-DivX Plus DirectShow Filters - c:\program files\DivX\DivXDSFiltersUninstall.exe
AddRemove-DVDFab 6_is1 - c:\program files\DVDFab 6\unins000.exe
AddRemove-InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834} - c:\progra~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe
AddRemove-Malwarebytes' Anti-Malware_is1 - c:\program files\Malwarebytes' Anti-Malware\unins000.exe
AddRemove-NVIDIA Drivers - c:\windows\system32\nvuninst.exe
AddRemove-Registry Easy_is1 - c:\program files\Registry Easy\unins000.exe
AddRemove-WinLiveSuite_Wave3 - c:\program files\Windows Live\Installer\wlarp.exe
AddRemove-{7585478E9D9B42108671C12F8714CEFE} - c:\program files\DivX\DivXConverterUninstall.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9} - c:\program files\DivX\DivXPlayerUninstall.exe
AddRemove-{B13A7C41581B411290FBC0395694E2A9} - c:\program files\DivX\DivXConverterUninstall.exe
AddRemove-{B7050CBDB2504B34BC2A9CA0A692CC29} - c:\program files\DivX\DivXWebPlayerUninstall.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2532)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Microsoft IntelliType Pro\dpupdchk.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2010-03-18 18:03:47 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-18 18:03
ComboFix2.txt 2010-03-11 21:26

Pre-Run: 40,792,915,968 bytes free
Post-Run: 47,336,370,176 bytes free

- - End Of File - - 305E61E02B2039B8B6A8350D1D3526FC
  • 0

#9
Elise
Posted 18 March 2010 - 12:47 PM

Elise

    Emsisoft Research

  • Expert
  • 3,389 posts
Hello saf99,

MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please launch MBAM and update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


I notice the presence of Registry Easy Registry Cleaner on your pc.

I don't personally recommend the use of ANY registry cleaners.
Here is an excerpt from a discussion on regcleaners

Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.
The point we are trying to make is that the risk of using one far outweighs any benefit.
If it does work perfectly you will not see any difference
If it doesn't work properly you may end up with an expensive doorstop.


http://miekiemoes.bl...weaking_13.html
http://forums.whatth...ner_t42862.html


INSTALL ANTIVIRUS
---------------------------
I don't see an Anti Virus Program running on your machine

Download and install an antivirus program, and make sure that you keep it updated
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
Three good antivirus programs free for non-commercial home use are Avast!, Antivir and Microsoft Security Essentials
Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.


In your next reply, please include the following:
  • MBAM log
  • A description of the remaining problems
  • 0

#10
saf99
Posted 18 March 2010 - 02:02 PM

saf99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
I do have an antivirus it's Spyware Doctor and Antivirus, I had disabled it when running combo fix and the other programmes before I used Combofix.

Should I run a scan with Spyware Doctor and Antivirus??

Here is the log for Malwarebytes' Antimalware no infections were found:

Malwarebytes' Anti-Malware 1.44
Database version: 3883
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

18/03/2010 19:59:05
mbam-log-2010-03-18 (19-59-05).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|L:\|)
Objects scanned: 289479
Time elapsed: 43 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

Advertisements

#11
saf99
Posted 18 March 2010 - 02:28 PM

saf99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
My coomputer just froze again... just now...
Previously when i ran my Spyware Doctor it had detected a JEEFO Malware or virys and was not able to completely uninstall it. When I ran the scan again This virus showed up again and still It could not be completely removed... do you believe that this virus is the culprit for freezing my computer??

At the time of running all these operations from the start of this post ..I have not ran my antivrus i.e. Spyware Doctor, so should I run a scan now? to inform me wheteher the virus has been removed due to all these operations you have told me to carry out. And if it has this would mean my computer is freezing because of another reason and not because of a virus....

let me know....
  • 0

#12
Elise
Posted 18 March 2010 - 02:36 PM

Elise

    Emsisoft Research

  • Expert
  • 3,389 posts
To be honest, I think this might not be malware related. A beeping sound often means a hardware problem.

Its possible its something like overheating. Do you see a pattern in the freezes (i.e. after a certain amount of time has passed?). Also, disconnect any external hardware, except for mouse, keyboard and network card/modem, to see if that makes any difference.

Did Spyware doctor indicate which file was infected with this virus?
  • 0

#13
saf99
Posted 18 March 2010 - 04:08 PM

saf99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
It only beeps when I am watching films when it freezes otherwise it just freezes...
Spyware Doctor just said it's in local disc C roaming/app.data or something like that can't really remember what it exactly said......
  • 0

#14
saf99
Posted 18 March 2010 - 04:10 PM

saf99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
The beeping sound comess from the speeakers i think because when i am watching movies and speakers are on the sound can be heard coming from them and when they are off no sound is heard....
  • 0

#15
Elise
Posted 19 March 2010 - 02:51 AM

Elise

    Emsisoft Research

  • Expert
  • 3,389 posts
Since there was indeed a sign of Jeefo, lets concentrate on that for now (this virus infects PE files in windows, and might have corrupted something).

For the next steps you may need your XP CD.

Click start > run, type sfc /scannow in the runbox and press enter.
Allow the System File Checker to run unhindered and insert the CD when prompted for it.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP