Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win32/Nuqel.E and BankerFox.A

Started by componthefritz , Aug 12 2010 07:39 PM

  • Please log in to reply

#1
componthefritz
Posted 12 August 2010 - 07:39 PM

componthefritz

    New Member

  • Member
  • Pip
  • 1 posts
Yesterday I started getting popups saying my computer's being attacked by Win32/Nuqel.E and BankerFox.A and that I should click on the popup to protect my computer. It's for a fake antivirus software, but I can't get rid of it now.

I can't run anything outside of safe mode besides Firefox. If I try to open anything else I get a prompt that says "Application could not be executed. The file [filename].exe is infected. Do you want to start your antivirus software now?"

I downloaded Malwarebytes Anti-Malware and ran it in safe mode, and some infected files showed up, and I deleted them. But when I restarted windows normally, the popups were still there, and rerunning MBAM (in safe mode) doesn't turn anything up. Then I tried downloading RKill 4 times (with filename ending in .exe, .com, .scr and .pif) but I can still only run it in safe mode, the malware shuts it down so fast.

I am seriously at my wit's end and at the end of my computer knowledge. I've seen websites that say to delete the registry keys and some other stuff manually but I have no idea how to do that. Any help would be appreciated.

*A friend just told me that I can't run RKill because I downloaded it on the computer that was infected. Would loading it from a flashdrive make a difference? Like I said I hardly know anything about computers. Again, I'd be grateful for any help you guys can give me.



****Ok I think I may have fixed it but I'm not sure. I did another quick scan for MBAM in safe mode, and even though I downloaded it the day before I checked for updates, and it turned out that the link I used was to a really out of date version. That turned up a few trojans. So then I restarted windows normally (the popups are gone!!), ran RKill, then did a full scan with MBAM, and nothing turned up. But I'm worried it's just waiting to show up again, so I ran GMER and OTL anyway, and I was hoping someone could tell me if my computer is clean again. I'm too freaked out to go to any websites beside this one, and I'm definitely not going to any where I'd have to enter my passwords.

MBAM and GMER were both run in safe mode, I don't know if that makes any difference. I started running GMER normally, but then it said I had to restart in safe mode.

========================================MBAM================================================
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4423

Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 8.0.6001.18943

8/12/2010 11:33:14 PM
mbam-log-2010-08-12 (23-33-14).txt

Scan type: Quick scan
Objects scanned: 131241
Time elapsed: 7 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\naeqxoej (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Devika\AppData\Local\hiiqbhsry\hmotmntshdw.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.




=======================================GMER================================================ GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-13 11:18:48
Windows 6.0.6001 Service Pack 1
Running: gmer.exe; Driver: C:\Users\Devika\AppData\Local\Temp\uwryrpod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----




=========================================OTL===================================================

OTL logfile created on: 8/13/2010 11:45:26 AM - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Devika\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 41.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.52 Gb Total Space | 23.63 Gb Free Space | 22.83% Space Free | Partition Type: NTFS
Drive D: | 74.53 Gb Total Space | 58.25 Gb Free Space | 78.16% Space Free | Partition Type: NTFS
Drive E: | 8.27 Gb Total Space | 1.28 Gb Free Space | 15.48% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DEVIKA-PC
Current User Name: Devika
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/13 11:22:16 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Devika\Downloads\OTL.exe
PRC - [2010/08/12 13:56:42 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Devika\Program Files\DNA\btdna.exe
PRC - [2010/07/06 07:01:16 | 002,634,048 | ---- | M] (Veoh Networks) -- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2010/04/21 14:34:14 | 000,704,432 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/17 11:04:43 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/12/09 06:25:16 | 000,615,720 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008/10/28 23:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/07/20 17:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/07/20 17:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/01/19 00:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/19 00:33:28 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
PRC - [2007/04/23 18:11:42 | 000,262,243 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
PRC - [2007/03/09 10:50:02 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2007/01/01 14:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\Devika\AppData\Roaming\Google\Google Talk\googletalk.exe


========== Modules (SafeList) ==========

MOD - [2010/08/13 11:22:16 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Devika\Downloads\OTL.exe
MOD - [2008/01/19 00:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008/01/19 00:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe -- (McSysmon)
SRV - File not found [Unknown | Stopped] -- C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe -- (McShield)
SRV - [2010/04/21 14:34:14 | 000,704,432 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2010/04/21 14:34:14 | 000,704,432 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/09 06:25:16 | 000,615,720 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/20 17:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/04/23 18:11:44 | 000,106,593 | ---- | M] () [Auto | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2007/04/23 18:11:42 | 000,262,243 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2007/03/29 13:59:42 | 000,176,128 | ---- | M] (Starz Entertainment Group LLC) [Disabled | Stopped] -- C:\Program Files\Vongo\VongoService.exe -- (Vongo Service)
SRV - [2007/01/09 14:55:34 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2009/12/09 06:10:40 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/09/08 10:40:14 | 000,020,392 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElRawDsk.sys -- (ElRawDisk)
DRV - [2008/07/20 17:44:44 | 000,324,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008/02/10 21:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/02/10 21:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2008/01/25 00:46:40 | 000,106,496 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/08/08 20:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 10:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/03/12 12:29:46 | 001,747,936 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/03/01 05:49:58 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/01/12 20:59:02 | 000,181,432 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/11/30 10:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/11/02 02:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 02:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 02:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 02:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 02:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 02:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 02:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 02:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 02:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 02:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 02:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 02:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 02:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 02:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 02:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 02:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 02:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 02:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 02:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 02:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 02:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 00:41:50 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (HSF_DPV)
DRV - [2006/11/02 00:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 00:41:48 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf)
DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 00:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/11/02 00:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/06/28 09:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/17 11:08:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/15 17:48:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/08 21:05:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/11 22:27:30 | 000,000,000 | ---D | M]

[2009/10/13 01:58:57 | 000,000,000 | ---D | M] -- C:\Users\Devika\AppData\Roaming\Mozilla\Extensions
[2010/08/12 12:59:59 | 000,000,000 | ---D | M] -- C:\Users\Devika\AppData\Roaming\Mozilla\Firefox\Profiles\r5b7ugzx.default\extensions
[2009/10/13 07:58:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Devika\AppData\Roaming\Mozilla\Firefox\Profiles\r5b7ugzx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/08 21:05:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [iolo Startup] C:\Program Files\iolo\Common\Lib\ioloLManager.exe (iolo technologies, LLC)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Redemption] File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\Devika\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [googletalk] C:\Users\Devika\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - Startup: C:\Users\Devika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (Reg Error: Key error.)
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} http://www.worldwinn...d/bejeweled.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Reg Error: Key error.)
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} http://www.parallelg...in/cortvrml.cab (Reg Error: Key error.)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://www.cvsphoto....veX_Control.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebo...Uploader4_5.cab (Reg Error: Key error.)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://aolsvc.aol.co...ploader_v10.cab (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://inschool.web...ex/ieatgpc1.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://vpn.chegg.co...SetupClient.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Devika\Pictures\2009_04_25\IMG_2686.JPG
O24 - Desktop BackupWallPaper: C:\Users\Devika\Pictures\2009_04_25\IMG_2686.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/21 02:05:54 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 08:18:54 | 000,000,340 | -HS- | M] () - E:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{33bb6226-0f0c-11dd-a1e1-001b24c7117b}\Shell - "" = AutoRun
O33 - MountPoints2\{33bb6226-0f0c-11dd-a1e1-001b24c7117b}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{b96c7a56-f520-11dc-90cf-001b24c7117b}\Shell - "" = AutoRun
O33 - MountPoints2\{b96c7a56-f520-11dc-90cf-001b24c7117b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d58181ac-5c15-11de-a694-001b24c7117b}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found
O33 - MountPoints2\{e261fa3f-fdbf-11dc-a8a4-001b24c7117b}\Shell - "" = AutoRun
O33 - MountPoints2\{e261fa3f-fdbf-11dc-a8a4-001b24c7117b}\Shell\AutoRun\command - "" = I:\ONSPCLCK.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/08/13 11:12:39 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/08/12 23:23:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/12 23:22:54 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/08/12 21:36:08 | 000,000,000 | ---D | C] -- C:\Users\Devika\Desktop\tdsskiller
[2010/08/12 10:54:40 | 000,000,000 | ---D | C] -- C:\Users\Devika\AppData\Roaming\PC Tools
[2010/08/12 10:54:40 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/08/12 10:54:14 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/08/12 03:14:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/08/11 22:49:34 | 000,000,000 | ---D | C] -- C:\Users\Devika\AppData\Roaming\Malwarebytes
[2010/08/11 22:44:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/08/11 22:44:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/11 22:44:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/08/11 22:44:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/11 14:20:04 | 000,000,000 | ---D | C] -- C:\Users\Devika\AppData\Local\hiiqbhsry
[2010/08/08 21:05:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/07/30 22:06:17 | 000,398,632 | ---- | C] (Juniper Networks) -- C:\Windows\System32\dsNcSmartCardProv.dll
[2010/07/30 22:06:17 | 000,345,384 | ---- | C] (Juniper Networks) -- C:\Windows\System32\dsNcCredProv.dll
[2010/07/30 22:03:38 | 000,000,000 | ---D | C] -- C:\Program Files\Juniper Networks
[2010/07/30 22:03:09 | 000,000,000 | ---D | C] -- C:\Users\Devika\AppData\Roaming\Juniper Networks
[2010/07/19 20:55:55 | 000,000,000 | ---D | C] -- C:\Users\Devika\Desktop\WORLD CUP
[2010/06/30 14:01:24 | 000,000,000 | ---D | C] -- C:\Program Files\CamStudio
[2010/06/30 13:05:12 | 000,000,000 | ---D | C] -- C:\Users\Devika\AppData\Roaming\vlc
[2010/06/19 17:04:52 | 000,020,392 | ---- | C] (EldoS Corporation) -- C:\Windows\System32\drivers\ElRawDsk.sys
[2010/06/19 17:04:16 | 000,093,096 | ---- | C] (iolo technologies, LLC) -- C:\Windows\System32\IncContxMenu.dll
[2010/06/19 17:04:05 | 000,000,000 | ---D | C] -- C:\Program Files\iolo
[2010/06/19 16:55:53 | 000,000,000 | ---D | C] -- C:\Users\Devika\AppData\Roaming\iolo
[2010/06/19 16:55:53 | 000,000,000 | ---D | C] -- C:\ProgramData\iolo
[2010/06/10 15:47:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/05/31 23:20:57 | 000,000,000 | ---D | C] -- C:\Users\Devika\AppData\Local\bxvgrbjcv
[2010/05/18 15:21:42 | 000,106,496 | ---- | C] (Realtek Corporation ) -- C:\Windows\System32\drivers\Rtlh86.sys

========== Files - Modified Within 90 Days ==========

[2010/08/13 11:45:19 | 004,456,448 | ---- | M] () -- C:\Users\Devika\NTUSER.DAT
[2010/08/13 11:44:04 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-218864658-4136759880-527318915-1000UA.job
[2010/08/13 11:26:21 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/13 11:26:20 | 000,703,388 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/13 11:26:20 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/08/13 11:20:37 | 000,000,149 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/08/13 11:20:03 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/13 11:20:03 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/13 11:19:57 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/13 11:19:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/13 11:19:46 | 2135,384,064 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/13 11:19:03 | 000,524,288 | -HS- | M] () -- C:\Users\Devika\NTUSER.DAT{1f1eb580-a35d-11df-adaf-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2010/08/13 11:19:03 | 000,065,536 | -HS- | M] () -- C:\Users\Devika\NTUSER.DAT{1f1eb580-a35d-11df-adaf-806e6f6e6963}.TM.blf
[2010/08/13 11:12:39 | 216,663,469 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/08/13 00:09:59 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3ACBB38F-4258-4BF7-AC3D-34C7941EC513}.job
[2010/08/12 23:44:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-218864658-4136759880-527318915-1000Core.job
[2010/08/12 23:34:22 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-218864658-4136759880-527318915-1000.job
[2010/08/12 23:22:54 | 000,000,735 | ---- | M] () -- C:\Users\Devika\Desktop\NTREGOPT.lnk
[2010/08/12 23:22:54 | 000,000,716 | ---- | M] () -- C:\Users\Devika\Desktop\ERUNT.lnk
[2010/08/12 21:31:42 | 001,132,196 | ---- | M] () -- C:\Users\Devika\Desktop\tdsskiller.zip
[2010/08/12 21:14:54 | 000,006,648 | ---- | M] () -- C:\Users\Devika\AppData\Local\d3d9caps.dat
[2010/08/12 19:57:18 | 000,363,520 | ---- | M] () -- C:\Users\Devika\Desktop\eXplorer.exe
[2010/08/12 13:26:00 | 000,008,212 | ---- | M] () -- C:\Windows\mfebcdata
[2010/08/11 22:44:58 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/11 21:27:33 | 000,351,856 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/08 21:05:31 | 000,001,750 | ---- | M] () -- C:\Users\Devika\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/08 21:05:31 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/08 20:02:26 | 000,524,288 | -HS- | M] () -- C:\Users\Devika\NTUSER.DAT{1f1eb580-a35d-11df-adaf-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2010/08/08 19:27:44 | 000,524,288 | -HS- | M] () -- C:\Users\Devika\NTUSER.DAT{8cbc4380-91ee-11df-9fd3-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2010/08/08 19:27:44 | 000,065,536 | -HS- | M] () -- C:\Users\Devika\NTUSER.DAT{8cbc4380-91ee-11df-9fd3-806e6f6e6963}.TM.blf
[2010/07/30 13:38:02 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDevika.job
[2010/07/25 11:14:22 | 000,011,715 | ---- | M] () -- C:\Users\Devika\Desktop\AUSTRALIA NEW ZEALAND FIJI.xlsx
[2010/07/19 21:10:25 | 000,081,408 | ---- | M] () -- C:\Users\Devika\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/17 16:29:14 | 000,524,288 | -HS- | M] () -- C:\Users\Devika\NTUSER.DAT{8cbc4380-91ee-11df-9fd3-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2010/07/17 15:03:58 | 000,524,288 | -HS- | M] () -- C:\Users\Devika\NTUSER.DAT{b5f89b3e-8e01-11df-8e04-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2010/07/17 15:03:58 | 000,065,536 | -HS- | M] () -- C:\Users\Devika\NTUSER.DAT{b5f89b3e-8e01-11df-8e04-806e6f6e6963}.TM.blf
[2010/07/12 22:01:08 | 000,524,288 | -HS- | M] () -- C:\Users\Devika\NTUSER.DAT{b5f89b3e-8e01-11df-8e04-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2010/07/12 21:29:12 | 000,010,366 | ---- | M] () -- C:\Users\Devika\Desktop\lalala.docx
[2010/07/12 15:10:46 | 000,524,288 | -HS- | M] () -- C:\Users\Devika\NTUSER.DAT{740a421f-801d-11df-a21d-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2010/07/12 15:10:46 | 000,065,536 | -HS- | M] () -- C:\Users\Devika\NTUSER.DAT{740a421f-801d-11df-a21d-806e6f6e6963}.TM.blf
[2010/06/30 14:01:33 | 000,000,813 | ---- | M] () -- C:\Users\Public\Desktop\CamStudio.lnk
[2010/06/30 13:38:11 | 000,002,799 | ---- | M] () -- C:\Windows\System32\responseBody.xml
[2010/06/30 13:38:11 | 000,002,441 | ---- | M] () -- C:\Windows\System32\requestBody.xml
[2010/06/30 13:38:11 | 000,000,900 | ---- | M] () -- C:\Windows\System32\request.gzip
[2010/06/25 00:46:48 | 000,524,288 | -HS- | M] () -- C:\Users\Devika\NTUSER.DAT{740a421f-801d-11df-a21d-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2010/06/24 22:53:59 | 000,524,288 | -HS- | M] () -- C:\Users\Devika\NTUSER.DAT{d2e2af18-7c10-11df-9cce-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2010/06/24 22:53:59 | 000,065,536 | -HS- | M] () -- C:\Users\Devika\NTUSER.DAT{d2e2af18-7c10-11df-9cce-806e6f6e6963}.TM.blf
[2010/06/19 19:26:38 | 000,524,288 | -HS- | M] () -- C:\Users\Devika\NTUSER.DAT{d2e2af18-7c10-11df-9cce-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2010/06/19 19:13:03 | 000,524,288 | -HS- | M] () -- C:\Users\Devika\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/06/19 19:13:03 | 000,065,536 | -HS- | M] () -- C:\Users\Devika\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/06/19 17:05:32 | 000,000,406 | ---- | M] () -- C:\Windows\System32\ioloBootDefrag.cfg
[2010/06/19 17:04:21 | 000,001,913 | ---- | M] () -- C:\Users\Devika\Desktop\System Mechanic.lnk
[2010/06/19 16:57:14 | 000,074,703 | ---- | M] () -- C:\Windows\System32\mfc45.dll
[2010/06/11 07:43:39 | 000,569,799 | ---- | M] () -- C:\Users\Devika\Desktop\worldcup!!! (Autosaved).xlsx
[2010/06/10 22:31:04 | 000,610,521 | ---- | M] () -- C:\Users\Devika\Desktop\PRD Delivery Issue v.06.11.2010.docx
[2010/06/10 15:47:33 | 000,000,945 | ---- | M] () -- C:\Users\Devika\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/08 05:01:41 | 000,569,798 | ---- | M] () -- C:\Users\Devika\Documents\worldcup!!! (Autosaved).xlsx
[2010/06/03 21:13:09 | 000,042,911 | ---- | M] () -- C:\Users\Devika\Desktop\CSUEB_Schedule.xlsx
[2010/05/23 09:53:01 | 000,053,248 | ---- | M] () -- C:\Users\Devika\Desktop\devika_singh_2010.doc
[2010/05/16 23:40:15 | 000,030,998 | ---- | M] () -- C:\Users\Devika\Desktop\Charles_Dang_Resume.pdf
[2010/05/16 22:25:32 | 000,047,616 | ---- | M] () -- C:\Users\Devika\Desktop\devika singh resume.doc
[2010/05/16 18:53:11 | 000,053,248 | ---- | M] () -- C:\Users\Devika\Desktop\Vikram_Naidu_-_Resume.doc
[2010/05/16 09:17:51 | 000,011,356 | ---- | M] () -- C:\Users\Devika\Documents\mom's whereabouts.docx

========== Files Created - No Company Name ==========

[2010/08/13 11:19:46 | 2135,384,064 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/13 11:12:06 | 216,663,469 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/08/12 23:22:54 | 000,000,735 | ---- | C] () -- C:\Users\Devika\Desktop\NTREGOPT.lnk
[2010/08/12 23:22:54 | 000,000,716 | ---- | C] () -- C:\Users\Devika\Desktop\ERUNT.lnk
[2010/08/12 21:35:32 | 001,132,196 | ---- | C] () -- C:\Users\Devika\Desktop\tdsskiller.zip
[2010/08/12 20:27:03 | 000,000,288 | ---- | C] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-218864658-4136759880-527318915-1000.job
[2010/08/12 20:14:16 | 000,363,520 | ---- | C] () -- C:\Users\Devika\Desktop\eXplorer.exe
[2010/08/12 13:26:00 | 000,008,212 | ---- | C] () -- C:\Windows\mfebcdata
[2010/08/11 22:44:58 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/08 21:05:31 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/08 19:29:02 | 000,524,288 | -HS- | C] () -- C:\Users\Devika\NTUSER.DAT{1f1eb580-a35d-11df-adaf-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2010/08/08 19:29:02 | 000,524,288 | -HS- | C] () -- C:\Users\Devika\NTUSER.DAT{1f1eb580-a35d-11df-adaf-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2010/08/08 19:29:02 | 000,065,536 | -HS- | C] () -- C:\Users\Devika\NTUSER.DAT{1f1eb580-a35d-11df-adaf-806e6f6e6963}.TM.blf
[2010/07/25 10:44:25 | 000,011,715 | ---- | C] () -- C:\Users\Devika\Desktop\AUSTRALIA NEW ZEALAND FIJI.xlsx
[2010/07/17 15:06:04 | 000,524,288 | -HS- | C] () -- C:\Users\Devika\NTUSER.DAT{8cbc4380-91ee-11df-9fd3-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2010/07/17 15:06:04 | 000,524,288 | -HS- | C] () -- C:\Users\Devika\NTUSER.DAT{8cbc4380-91ee-11df-9fd3-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2010/07/17 15:06:04 | 000,065,536 | -HS- | C] () -- C:\Users\Devika\NTUSER.DAT{8cbc4380-91ee-11df-9fd3-806e6f6e6963}.TM.blf
[2010/07/12 21:29:08 | 000,010,366 | ---- | C] () -- C:\Users\Devika\Desktop\lalala.docx
[2010/07/12 15:12:11 | 000,524,288 | -HS- | C] () -- C:\Users\Devika\NTUSER.DAT{b5f89b3e-8e01-11df-8e04-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2010/07/12 15:12:10 | 000,524,288 | -HS- | C] () -- C:\Users\Devika\NTUSER.DAT{b5f89b3e-8e01-11df-8e04-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2010/07/12 15:12:10 | 000,065,536 | -HS- | C] () -- C:\Users\Devika\NTUSER.DAT{b5f89b3e-8e01-11df-8e04-806e6f6e6963}.TM.blf
[2010/06/30 14:01:33 | 000,000,813 | ---- | C] () -- C:\Users\Public\Desktop\CamStudio.lnk
[2010/06/24 22:55:13 | 000,524,288 | -HS- | C] () -- C:\Users\Devika\NTUSER.DAT{740a421f-801d-11df-a21d-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2010/06/24 22:55:13 | 000,524,288 | -HS- | C] () -- C:\Users\Devika\NTUSER.DAT{740a421f-801d-11df-a21d-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2010/06/24 22:55:13 | 000,065,536 | -HS- | C] () -- C:\Users\Devika\NTUSER.DAT{740a421f-801d-11df-a21d-806e6f6e6963}.TM.blf
[2010/06/19 19:14:15 | 000,524,288 | -HS- | C] () -- C:\Users\Devika\NTUSER.DAT{d2e2af18-7c10-11df-9cce-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2010/06/19 19:14:15 | 000,524,288 | -HS- | C] () -- C:\Users\Devika\NTUSER.DAT{d2e2af18-7c10-11df-9cce-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2010/06/19 19:14:15 | 000,065,536 | -HS- | C] () -- C:\Users\Devika\NTUSER.DAT{d2e2af18-7c10-11df-9cce-806e6f6e6963}.TM.blf
[2010/06/19 17:05:32 | 000,000,406 | ---- | C] () -- C:\Windows\System32\ioloBootDefrag.cfg
[2010/06/19 17:04:21 | 000,001,913 | ---- | C] () -- C:\Users\Devika\Desktop\System Mechanic.lnk
[2010/06/19 17:04:16 | 002,316,712 | ---- | C] () -- C:\Windows\System32\Incinerator.dll
[2010/06/19 17:04:07 | 000,030,208 | ---- | C] () -- C:\Windows\System32\iolobtdfg.exe
[2010/06/19 17:04:07 | 000,012,288 | ---- | C] () -- C:\Windows\System32\smrgdf.exe
[2010/06/19 16:57:14 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2010/06/11 07:43:38 | 000,569,799 | ---- | C] () -- C:\Users\Devika\Desktop\worldcup!!! (Autosaved).xlsx
[2010/06/10 22:30:56 | 000,610,521 | ---- | C] () -- C:\Users\Devika\Desktop\PRD Delivery Issue v.06.11.2010.docx
[2010/06/10 15:47:33 | 000,000,945 | ---- | C] () -- C:\Users\Devika\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/10 14:20:12 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/06/03 21:12:59 | 000,042,911 | ---- | C] () -- C:\Users\Devika\Desktop\CSUEB_Schedule.xlsx
[2010/05/23 09:52:59 | 000,053,248 | ---- | C] () -- C:\Users\Devika\Desktop\devika_singh_2010.doc
[2010/05/16 23:40:07 | 000,030,998 | ---- | C] () -- C:\Users\Devika\Desktop\Charles_Dang_Resume.pdf
[2010/05/16 19:13:43 | 000,047,616 | ---- | C] () -- C:\Users\Devika\Desktop\devika singh resume.doc
[2010/05/16 18:18:58 | 000,053,248 | ---- | C] () -- C:\Users\Devika\Desktop\Vikram_Naidu_-_Resume.doc
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/03/29 16:18:29 | 000,000,103 | ---- | C] () -- C:\Windows\REDEMUNINS.INI
[2008/02/10 21:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/01/02 17:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/01/02 17:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/01/02 17:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/01/02 17:47:22 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/08/20 23:35:42 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/08/20 23:35:42 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1244.dll
[2007/02/27 13:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/13 23:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/13 23:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 17:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2007/12/05 00:01:28 | 000,000,000 | ---D | M] -- C:\Users\Devika\AppData\Roaming\acccore
[2010/08/08 14:12:48 | 000,000,000 | ---D | M] -- C:\Users\Devika\AppData\Roaming\BitTorrent
[2010/08/13 11:40:30 | 000,000,000 | ---D | M] -- C:\Users\Devika\AppData\Roaming\DNA
[2010/05/01 20:49:15 | 000,000,000 | ---D | M] -- C:\Users\Devika\AppData\Roaming\Elluminate
[2010/06/19 17:38:54 | 000,000,000 | ---D | M] -- C:\Users\Devika\AppData\Roaming\iolo
[2010/07/30 22:06:24 | 000,000,000 | ---D | M] -- C:\Users\Devika\AppData\Roaming\Juniper Networks
[2009/08/30 19:36:22 | 000,000,000 | ---D | M] -- C:\Users\Devika\AppData\Roaming\MSNInstaller
[2008/03/29 16:23:13 | 000,000,000 | ---D | M] -- C:\Users\Devika\AppData\Roaming\Redemption
[2010/05/08 20:10:48 | 000,000,000 | ---D | M] -- C:\Users\Devika\AppData\Roaming\webex
[2008/05/14 18:19:18 | 000,000,000 | ---D | M] -- C:\Users\Devika\AppData\Roaming\WildTangent
[2010/08/13 01:41:24 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/08/13 00:09:59 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{3ACBB38F-4258-4BF7-AC3D-34C7941EC513}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2007/08/21 02:05:54 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2008/01/19 00:45:45 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2006/09/18 14:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/08/13 11:19:46 | 2135,384,064 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/14 14:47:02 | 000,001,926 | -H-- | M] () -- C:\IPH.PH
[2008/09/03 17:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\npbittorrent.dll
[2010/08/13 11:19:44 | 2451,238,912 | -HS- | M] () -- C:\pagefile.sys
[2010/08/12 23:38:25 | 000,000,535 | ---- | M] () -- C:\rkill.log
[2007/12/23 21:09:47 | 000,000,295 | -H-- | M] () -- C:\T4Metrics.log
[2010/08/12 21:44:46 | 000,058,488 | ---- | M] () -- C:\TDSSKiller.2.4.1.1_12.08.2010_21.38.34_log.txt
[2009/01/27 17:43:51 | 000,000,594 | ---- | M] () -- C:\updatedatfix.log

< %systemroot%\Fonts\*.com >
[2006/11/02 05:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 05:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 05:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 05:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 14:37:34 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/03/28 13:57:34 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzpp5ha.dll
[2006/11/02 05:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/08/20 15:28:56 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 03:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 03:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 03:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-13 18:32:12

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >



**** Sorry if I'm creating extra work, I just can't trust that whatever is off my computer is gone yet. Thanks in advance!

Edited by componthefritz, 13 August 2010 - 01:12 PM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP