Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan-phisher-snifula


  • This topic is locked This topic is locked

#1
lunarnomadd

lunarnomadd

    Member

  • Member
  • PipPip
  • 10 posts
So, I have a trojan-phisher-snifula that I've been unable to remove via most normal routes. I've tried a few of the common, free virus removal softwares, and didn't get anything on the AVG or Malwarebytes scans. SS picked up the infection, and a few others have found it in scans, but wont remove without cost. I ran a hijackthis, and was wondering if anyone would mind seeing if the suspicious party is here for fixing? I'm sorry, I know very little about this topic beyond scanning with the simple interface freewares and keeping my normal antivirus updates :)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:32:51 PM, on 9/6/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files (x86)\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=14986&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [googletalk] "C:\Program Files (x86)\Google\Google Talk\googletalk.exe" /autostart
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] "C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE"
O4 - HKLM\..\Run: [MRIPEUndo] "e:\MRI.exe" /undopeboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [OEM02Mon.exe] "C:\Windows\OEM02Mon.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: CurseClientStartup.ccip
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\system32\AESTSr64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Unknown owner - C:\Program Files (x86)\Extensis\Extensis Suitcase 11\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c98e292ce19390) (gupdate1c98e292ce19390) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - Unknown owner - C:\Windows\system32\STacSV64.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: TabletServiceWacom - Unknown owner - C:\Windows\system32\Wacom_Tablet.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11291 bytes


Thanks so much in advance!
  • 0

Advertisements


#2
azarl

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Hi

Welcome to Geekstogo. I'll be helping you with this problem.

  • Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarification.

  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you

We no longer use HJT as it does not show enough information to deal with current infections.

Q: How do you know you have trojan-phisher-snifula?

»Step 1«
Posted Image OTL
OTL is currently our primary tool for searching key areas of the registry and other system locations for the telltale signs of malware. It generates a comprehensive log, and offers an initial diagnosis.

Important note: HijackThis has been replaced by OTL in this guide. Since being acquired by TrendMicro, HijackThis has not been regularly updated. Many infections are now able to hide partly, or completely from a HijackThis scan. OTL is authored by one of our staff members (OldTimer). It includes all the scan locations of HijackThis and more. It's not only a more comprehensive scan tool, but also offers more powerful removal features.

  • Download OTL to your Desktop
  • Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.exe
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    %USERPROFILE%\Templates\*.tmp
    %SYSTEMDRIVE%\explorexxx.exe\*.*
    %Windir%\Installer\*.tmp
    %systemroot%\System32\*.xco
    %ProgramFiles%\system32\*.*
    %systemroot%\System32\windos\*.*
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste them into your reply.
»Step 2«
Download GMER Rootkit Scanner. Note the files name and unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
  • Double click GMER.exe.
    Posted Image
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
      Posted Image
      Click the image to enlarge it
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save the log where you can easily find it, such as your desktop.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Please copy and paste the report into your Post.
  • 0

#3
lunarnomadd

lunarnomadd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thank you so much for your quick response, and sorry about the delay getting back. I was notified of this trojan through a bestbuy scan when the computer was taken in for service, and then it was picked up again when I ran a spy sweeper on my own. It isn't caught by symantic or by AVG, however. I ran the scans you suggested, the pasted files are below:

OTL logfile created on: 9/12/2010 1:08:10 PM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\Annah\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.50 Gb Total Space | 89.17 Gb Free Space | 31.23% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.54 Gb Free Space | 35.41% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SIMON
Current User Name: Annah
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/12 13:06:46 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Annah\Desktop\OTL.exe
PRC - [2010/07/26 08:30:31 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/04/08 15:45:54 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/04/08 15:45:52 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/04/08 15:45:40 | 002,440,120 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/04/08 15:45:36 | 000,050,616 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
PRC - [2009/04/07 21:31:22 | 000,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2008/10/14 22:38:56 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2008/05/05 08:30:28 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007/01/30 02:08:40 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2007/01/01 17:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Talk\googletalk.exe


========== Modules (SafeList) ==========

MOD - [2010/09/12 13:06:46 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Annah\Desktop\OTL.exe
MOD - [2009/10/14 17:10:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll
MOD - [2009/10/14 17:10:06 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcp80.dll
MOD - [2008/01/20 22:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2007/01/30 02:08:38 | 000,044,544 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\x86\lgscroll.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/10/10 14:07:00 | 003,580,712 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV:64bit: - [2008/07/03 09:43:44 | 000,031,744 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/09/07 12:25:18 | 000,119,296 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\STacSV64.exe -- (STacSV)
SRV:64bit: - [2007/08/29 15:25:14 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AESTSr64.exe -- (AESTFilters)
SRV - [2010/03/18 14:27:14 | 001,020,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/05/21 21:35:32 | 000,923,136 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/04/08 15:45:54 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/04/08 15:45:54 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/04/08 15:45:46 | 000,388,424 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
SRV - [2009/04/08 15:45:42 | 003,081,544 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/04/08 15:45:40 | 002,440,120 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/04/07 21:31:22 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/06/30 16:36:35 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2007/03/20 18:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2010/09/04 22:41:25 | 000,219,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WpsHelper.sys -- (WpsHelper)
DRV:64bit: - [2010/09/04 22:06:04 | 000,172,080 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/03/21 15:12:20 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/11 01:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/04/08 15:46:06 | 000,052,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wpsdrvnt.sys -- (WPS)
DRV:64bit: - [2009/04/08 15:45:56 | 000,480,816 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SRTSPL64.SYS -- (SRTSPL)
DRV:64bit: - [2009/04/08 15:45:56 | 000,441,904 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2009/04/08 15:45:56 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\SRTSPX64.SYS -- (SRTSPX)
DRV:64bit: - [2009/04/08 15:45:50 | 000,062,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\teefer2.sys -- (Teefer2)
DRV:64bit: - [2008/11/07 16:23:30 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2008/10/06 13:53:26 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2008/09/25 09:23:08 | 000,402,456 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/08/20 13:58:58 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2008/07/16 07:08:48 | 000,315,440 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/07/11 13:16:50 | 000,015,272 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2008/07/03 09:43:28 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV:64bit: - [2008/07/03 09:43:08 | 001,374,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008/05/06 01:35:46 | 000,219,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2008/05/05 08:34:04 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008/05/05 08:34:04 | 000,053,760 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008/05/05 08:34:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/05/05 08:30:32 | 000,012,288 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OEM02Vfx.sys -- (OEM02Vfx)
DRV:64bit: - [2008/05/05 08:30:26 | 000,266,624 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OEM02Dev.sys -- (OEM02Dev)
DRV:64bit: - [2008/01/20 22:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 22:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 22:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2008/01/20 22:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2007/09/10 17:50:02 | 000,057,872 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tcusb.sys -- (TcUsb)
DRV:64bit: - [2007/09/07 12:26:06 | 000,392,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2007/06/20 14:57:36 | 000,029,184 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motmodem.sys -- (motmodem)
DRV:64bit: - [2007/02/16 13:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2007/02/16 09:42:28 | 000,022,528 | ---- | M] (Christian Diefer) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\fanio.sys -- (fanio)
DRV:64bit: - [2007/02/15 18:11:26 | 000,012,976 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\WacomVKHid.sys -- (WacomVKHid)
DRV:64bit: - [2007/01/23 15:47:00 | 000,051,984 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2007/01/23 15:47:00 | 000,048,912 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2006/11/06 21:52:50 | 000,086,832 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2006/11/06 19:13:44 | 000,020,016 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2006/11/06 19:13:42 | 000,094,512 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2006/11/02 03:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2010/09/04 22:40:29 | 001,791,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100907.025\EX64.SYS -- (NAVEX15)
DRV - [2010/09/04 22:40:29 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/09/04 22:40:29 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/09/04 22:40:29 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100907.025\ENG64.SYS -- (NAVENG)
DRV - [2009/04/08 15:45:56 | 000,480,816 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2009/04/08 15:45:56 | 000,441,904 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2009/04/08 15:45:56 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=2081006
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=2081006
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=2081006
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=14986&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.5

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/26 08:30:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/26 08:30:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/08/21 19:10:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010/06/10 16:14:28 | 000,000,000 | ---D | M]

[2010/08/21 19:10:40 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\Mozilla\Extensions
[2010/08/21 19:10:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Annah\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/09/06 21:25:12 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\Mozilla\Firefox\Profiles\3sfys25b.default\extensions
[2010/07/30 09:53:28 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Annah\AppData\Roaming\Mozilla\Firefox\Profiles\3sfys25b.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/08/05 14:46:55 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\Mozilla\Firefox\Profiles\3sfys25b.default\extensions\[email protected]
[2009/06/12 13:09:40 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\Mozilla\Sunbird\Profiles\6e9ztz62.default\extensions
[2010/01/25 19:24:11 | 000,001,606 | ---- | M] () -- C:\Users\Annah\AppData\Roaming\Mozilla\Firefox\Profiles\3sfys25b.default\searchplugins\amazondotcom.xml
[2009/07/10 17:26:08 | 000,002,257 | ---- | M] () -- C:\Users\Annah\AppData\Roaming\Mozilla\Firefox\Profiles\3sfys25b.default\searchplugins\askcom.xml
[2009/01/06 11:07:10 | 000,001,595 | ---- | M] () -- C:\Users\Annah\AppData\Roaming\Mozilla\Firefox\Profiles\3sfys25b.default\searchplugins\ebay.xml
[2010/06/26 08:53:28 | 000,002,789 | ---- | M] () -- C:\Users\Annah\AppData\Roaming\Mozilla\Firefox\Profiles\3sfys25b.default\searchplugins\world-of-warcraft-armory.xml
[2010/06/28 09:27:49 | 000,002,048 | ---- | M] () -- C:\Users\Annah\AppData\Roaming\Mozilla\Firefox\Profiles\3sfys25b.default\searchplugins\wowecon.xml
[2010/06/26 08:54:01 | 000,001,548 | ---- | M] () -- C:\Users\Annah\AppData\Roaming\Mozilla\Firefox\Profiles\3sfys25b.default\searchplugins\wowhead.xml
[2010/09/06 21:25:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/01/13 18:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2010/09/06 22:10:13 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SigmatelSysTrayApp] File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MRIPEUndo] e:\MRI.exe File not found
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - Startup: C:\Users\Annah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: google.com ([docs] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\SysNative\vrlogon.dll (UPEK Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - Reg Error: Key error. - C:\Windows\SysNative\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Users\Annah\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Annah\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0302080b-c089-11dd-9bf9-00219be0aa5f}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\windowsupdate.com
O33 - MountPoints2\{0302080b-c089-11dd-9bf9-00219be0aa5f}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\windowsupdate.com
O33 - MountPoints2\{1075dcf2-b19d-11dd-87b9-00219be0aa5f}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\windowsupdate.com
O33 - MountPoints2\{1075dcf2-b19d-11dd-87b9-00219be0aa5f}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\windowsupdate.com
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\mri.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS http://hp.vector.co....thors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 90 Days ==========

[2010/09/12 13:05:50 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Annah\Desktop\OTL.exe
[2010/09/06 22:32:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/09/06 22:30:46 | 000,000,000 | ---D | C] -- C:\Users\Annah\Pavark
[2010/09/06 21:24:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSSOAP
[2010/09/06 21:24:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap
[2010/09/06 21:23:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Webroot
[2010/09/06 14:33:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\vi-VN
[2010/09/06 14:33:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\eu-ES
[2010/09/06 14:33:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\eu-ES
[2010/09/06 14:33:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ca-ES
[2010/09/06 14:33:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ca-ES
[2010/09/06 14:33:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\vi-VN
[2010/09/06 13:38:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2010/09/06 02:10:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WindowsPowerShell
[2010/09/06 02:10:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WindowsPowerShell
[2010/09/05 18:48:52 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/09/05 17:40:36 | 000,000,000 | ---D | C] -- C:\Users\Annah\AppData\Roaming\Malwarebytes
[2010/09/05 17:40:26 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/09/05 17:40:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/05 14:15:26 | 000,000,000 | ---D | C] -- C:\Users\Annah\Desktop\Registry
[2010/09/04 22:05:49 | 000,172,080 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/09/04 22:05:48 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/09/04 22:04:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/08/28 19:28:12 | 000,000,000 | ---D | C] -- C:\Users\Annah\Desktop\SystemAnalyzer
[2010/08/28 19:27:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Geek Squad
[2010/08/26 16:56:03 | 000,000,000 | ---D | C] -- C:\Users\Annah\Desktop\Annah's Folder
[2010/08/18 22:57:51 | 000,000,000 | ---D | C] -- C:\Users\Annah\AppData\Roaming\vlc
[2010/08/18 22:57:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2010/06/29 19:45:02 | 000,000,000 | ---D | C] -- C:\Users\Annah\AppData\Local\Deployment
[2010/06/15 21:00:09 | 000,000,000 | ---D | C] -- C:\Users\Annah\AppData\Roaming\foobar2000
[2010/06/15 21:00:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\foobar2000

========== Files - Modified Within 90 Days ==========

[2010/09/12 13:10:03 | 000,707,456 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/09/12 13:10:03 | 000,607,406 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/09/12 13:10:03 | 000,105,014 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/09/12 13:08:18 | 005,242,880 | -HS- | M] () -- C:\Users\Annah\NTUSER.DAT
[2010/09/12 13:06:46 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Annah\Desktop\OTL.exe
[2010/09/12 13:02:56 | 000,136,101 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/09/12 13:02:19 | 000,136,101 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/09/12 13:02:18 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/12 13:02:10 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/12 13:02:09 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/12 13:02:09 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/12 13:02:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/08 19:52:50 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/09/08 19:01:16 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/07 22:45:54 | 000,524,288 | -HS- | M] () -- C:\Users\Annah\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/09/07 22:45:54 | 000,065,536 | -HS- | M] () -- C:\Users\Annah\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/09/06 23:28:54 | 002,304,819 | -H-- | M] () -- C:\Users\Annah\AppData\Local\IconCache.db
[2010/09/06 22:32:35 | 000,001,930 | ---- | M] () -- C:\Users\Annah\Desktop\HijackThis.lnk
[2010/09/06 22:10:13 | 000,000,761 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\HOSTS
[2010/09/06 21:24:56 | 000,000,514 | ---- | M] () -- C:\Windows\win.ini
[2010/09/06 21:19:16 | 000,000,164 | ---- | M] () -- C:\Windows\install.dat
[2010/09/06 15:25:01 | 000,000,975 | ---- | M] () -- C:\Users\Annah\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/06 14:39:44 | 004,198,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/09/06 10:34:53 | 000,216,576 | ---- | M] () -- C:\Users\Annah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/06 10:30:02 | 000,124,704 | ---- | M] () -- C:\Users\Annah\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/09/05 17:10:55 | 000,000,206 | ---- | M] () -- C:\Windows\SysNative\hwmonitorw.ini
[2010/09/04 22:41:25 | 000,219,184 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\WpsHelper.sys
[2010/09/04 22:06:04 | 000,172,080 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/09/04 22:06:04 | 000,010,583 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/09/04 22:06:04 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/09/04 22:03:46 | 000,002,801 | ---- | M] () -- C:\Windows\unins000.dat
[2010/09/04 22:03:27 | 000,685,849 | ---- | M] () -- C:\Windows\unins000.exe
[2010/08/19 10:01:13 | 000,008,412 | ---- | M] () -- C:\Users\Annah\AppData\Local\d3d9caps64.dat
[2010/08/18 15:45:25 | 000,000,090 | ---- | M] () -- C:\Windows\QBChanUtil_Trigger.ini
[2010/08/18 15:41:50 | 000,000,031 | ---- | M] () -- C:\Windows\QUICKEN.INI
[2010/07/06 14:53:39 | 000,000,908 | ---- | M] () -- C:\Users\Annah\Desktop\Music.lnk
[2010/06/29 19:45:49 | 000,000,000 | ---- | M] () -- C:\Users\Annah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip

========== Files Created - No Company Name ==========

[2010/09/06 22:32:35 | 000,001,930 | ---- | C] () -- C:\Users\Annah\Desktop\HijackThis.lnk
[2010/09/06 21:19:13 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat
[2010/09/06 15:25:00 | 000,000,975 | ---- | C] () -- C:\Users\Annah\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/06 13:35:01 | 000,121,856 | ---- | C] () -- C:\Windows\SysNative\EhStorAuthn.dll
[2010/09/06 13:35:01 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/09/06 13:34:52 | 000,262,552 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2010/09/06 13:34:38 | 000,471,992 | ---- | C] () -- C:\Windows\SysNative\dot3.tmf
[2010/09/06 13:34:36 | 000,700,507 | ---- | C] () -- C:\Windows\SysNative\eaphost.tmf
[2010/09/06 13:34:35 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010/09/06 13:34:35 | 000,107,612 | ---- | C] () -- C:\Windows\SysNative\StructuredQuerySchema.bin
[2010/09/06 13:34:32 | 003,662,128 | ---- | C] () -- C:\Windows\SysWow64\locale.nls
[2010/09/06 13:34:32 | 003,662,128 | ---- | C] () -- C:\Windows\SysNative\locale.nls
[2010/09/06 13:34:32 | 000,395,723 | ---- | C] () -- C:\Windows\SysNative\onex.tmf
[2010/09/06 13:34:15 | 000,207,968 | ---- | C] () -- C:\Windows\SysNative\WFP.TMF
[2010/09/06 13:34:13 | 000,092,918 | ---- | C] () -- C:\Windows\SysWow64\slmgr.vbs
[2010/09/06 13:34:13 | 000,092,918 | ---- | C] () -- C:\Windows\SysNative\slmgr.vbs
[2010/09/06 13:34:10 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010/09/06 13:33:52 | 000,009,239 | ---- | C] () -- C:\Windows\SysWow64\spcinstrumentation.man
[2010/09/06 13:33:52 | 000,009,239 | ---- | C] () -- C:\Windows\SysNative\spcinstrumentation.man
[2010/09/06 13:33:38 | 000,009,212 | ---- | C] () -- C:\Windows\SysWow64\RacUR.xml
[2010/09/06 13:33:38 | 000,009,212 | ---- | C] () -- C:\Windows\SysNative\RacUR.xml
[2010/09/06 02:03:29 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2010/09/06 02:03:29 | 000,018,904 | ---- | C] () -- C:\Windows\SysNative\StructuredQuerySchemaTrivial.bin
[2010/09/06 02:03:25 | 011,967,524 | ---- | C] () -- C:\Windows\SysWow64\korwbrkr.lex
[2010/09/06 02:03:25 | 011,967,524 | ---- | C] () -- C:\Windows\SysNative\korwbrkr.lex
[2010/09/06 01:47:57 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\WsmTxt.xsl
[2010/09/06 01:47:57 | 000,002,426 | ---- | C] () -- C:\Windows\SysNative\WsmTxt.xsl
[2010/09/06 01:47:56 | 000,201,184 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs
[2010/09/06 01:47:56 | 000,201,184 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs
[2010/09/06 01:47:56 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml
[2010/09/06 01:47:56 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml
[2010/09/05 18:39:49 | 000,223,344 | ---- | C] () -- C:\Users\Annah\AppData\Local\dd_ATL90SP1_KB973924MSI06B4.txt
[2010/09/05 18:39:48 | 000,012,422 | ---- | C] () -- C:\Users\Annah\AppData\Local\dd_ATL90SP1_KB973924UI06B4.txt
[2010/09/05 18:32:36 | 000,523,398 | ---- | C] () -- C:\Users\Annah\AppData\Local\dd_ATL80SP1_KB973923MSI012E.txt
[2010/09/05 18:32:35 | 000,011,694 | ---- | C] () -- C:\Users\Annah\AppData\Local\dd_ATL80SP1_KB973923UI012E.txt
[2010/09/05 18:11:37 | 002,608,861 | ---- | C] () -- C:\Windows\SysNative\wlan.tmf
[2010/09/04 22:05:49 | 000,010,583 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/09/04 22:05:49 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/06/29 19:45:49 | 000,000,000 | ---- | C] () -- C:\Users\Annah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2010/05/11 10:35:08 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2010/05/11 10:33:47 | 003,065,652 | ---- | C] () -- C:\Users\Annah\AppData\Local\dd_NET_Framework35_x64_MSI5D29.txt
[2010/04/29 19:09:15 | 000,000,792 | ---- | C] () -- C:\Users\Annah\AppData\Local\RAExpertHistory.xml
[2009/11/30 18:35:27 | 000,000,031 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2009/11/07 15:19:33 | 001,879,620 | ---- | C] () -- C:\Users\Annah\AppData\Local\dd_NET_Framework35_x64_MSI4146.txt
[2009/11/07 15:16:36 | 000,400,252 | ---- | C] () -- C:\Users\Annah\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2009/11/07 15:16:33 | 000,383,610 | ---- | C] () -- C:\Users\Annah\AppData\Local\dd_dotnetfx35install.txt
[2009/11/07 15:16:33 | 000,006,284 | ---- | C] () -- C:\Users\Annah\AppData\Local\uxeventlog.txt
[2009/11/07 15:16:33 | 000,000,002 | ---- | C] () -- C:\Users\Annah\AppData\Local\dd_dotnetfx35error.txt
[2009/10/22 19:32:35 | 000,000,261 | ---- | C] () -- C:\Users\Annah\AppData\Roaming\iPod Access v4 Prefs
[2009/10/22 19:24:51 | 000,000,042 | -H-- | C] () -- C:\Users\Annah\AppData\Roaming\iPodAccessv4_OwnerName
[2009/10/22 19:24:51 | 000,000,042 | -H-- | C] () -- C:\ProgramData\iPodAccessv4_OwnerName
[2009/10/22 19:23:03 | 000,000,011 | -H-- | C] () -- C:\Users\Annah\AppData\Roaming\iPodAccess_Time
[2009/07/27 18:13:50 | 000,008,412 | ---- | C] () -- C:\Users\Annah\AppData\Local\d3d9caps64.dat
[2008/12/04 09:01:27 | 000,713,340 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/11/13 02:02:47 | 000,003,725 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/11/13 01:49:22 | 000,000,680 | ---- | C] () -- C:\Users\Annah\AppData\Local\d3d9caps.dat
[2008/11/13 01:15:02 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2008/11/12 16:22:49 | 000,216,576 | ---- | C] () -- C:\Users\Annah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/11 20:06:40 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2008/11/11 20:06:40 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2008/11/11 19:23:22 | 000,136,101 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/11/11 19:22:28 | 000,136,101 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/11/11 18:36:34 | 000,001,834 | ---- | C] () -- C:\Users\Annah\AppData\Roaming\install.dat
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

========== LOP Check ==========

[2008/12/21 21:16:43 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\acccore
[2008/11/24 12:16:54 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\Acreon
[2009/03/05 00:56:57 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\Amazon
[2009/03/17 00:24:01 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\AMPSoft
[2010/02/25 00:10:37 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\AnvSoft
[2010/08/16 16:19:17 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\Audacity
[2009/11/15 14:11:28 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\com.adobe.kuler.Desktop.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/01/16 00:37:32 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\com.myApp.NetBook.3AC0BB277CD6252F403A34D00E555927230DF2EF.1
[2010/03/21 15:32:47 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\DAEMON Tools Lite
[2009/11/15 16:48:52 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\de.betriebsraum.minitask.MiniTask.59043E270734A37363A375013A0E8B7849399976.1
[2009/11/15 19:40:49 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\de.dasplankton.Contrast-A.5DD45AD90B4BAAE78989E28539AB01CA0764F503.1
[2008/12/04 20:17:40 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\ExportTool
[2009/11/09 20:20:55 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\Extensis
[2010/04/14 22:03:06 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\Facebook
[2010/08/15 21:44:33 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\foobar2000
[2008/12/21 21:16:38 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\LAIM
[2009/11/08 00:11:04 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\Obsidium
[2008/11/13 23:26:02 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\OpenOffice.org
[2010/03/13 21:23:22 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\Personal TaskMaster
[2009/11/08 00:11:04 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\Proxima Software
[2008/11/12 21:53:15 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\ScummVM
[2009/01/01 12:07:53 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\SPORE
[2010/08/21 19:10:39 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\Thunderbird
[2008/11/11 19:02:27 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\tmp
[2008/11/30 11:32:05 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\uTorrent
[2010/09/08 19:52:50 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2007/08/30 14:16:36 | 000,001,510 | ---- | M] () -- C:\avlist.txt
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/10/06 05:27:40 | 000,004,832 | RH-- | M] () -- C:\dell.sdr
[2005/09/23 00:39:38 | 000,894,976 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2008/05/29 10:29:00 | 000,001,493 | ---- | M] () -- C:\notice.txt
[2010/09/12 13:01:44 | 311,545,855 | -HS- | M] () -- C:\pagefile.sys
[2010/09/06 22:10:13 | 000,000,000 | -H-- | M] () -- C:\ProgramData.LOG1
[2010/09/06 22:10:13 | 000,000,000 | -H-- | M] () -- C:\ProgramData.LOG2
[2005/04/17 23:22:34 | 000,008,550 | ---- | M] () -- C:\tos.txt

< %systemroot%\Fonts\*.com >
[2006/11/02 11:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 11:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 11:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/09/06 14:06:57 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 17:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 23:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >
[2009/12/02 16:48:35 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\IsolatedStorage\cg5clflv.yth\sswrll0q.ha4\Url.udynpsygivp3gt3szhdxwfdfjmzqp5t0\Url.y115muuzdi3qxix11mkqpehmywhq4upe\Files\bak

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/09/06 15:25:01 | 000,000,221 | -HS- | M] () -- C:\Users\Annah\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2008/09/08 21:27:32 | 001,503,232 | ---- | M] (CPUID) -- C:\Users\Annah\Desktop\HWMonitor (2).exe
[2008/11/11 21:59:02 | 001,503,232 | -H-- | M] (CPUID) -- C:\Users\Annah\Desktop\HWMonitor.exe
[2010/09/12 13:06:46 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Annah\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2010/09/06 14:43:57 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2010/09/06 14:43:27 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2010/09/06 14:28:02 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2010/09/06 14:28:02 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2010/09/06 14:43:27 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/11/11 18:36:21 | 000,000,402 | -HS- | M] () -- C:\Users\Annah\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/04/29 21:34:38 | 000,003,725 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2009/10/22 19:24:51 | 000,000,042 | -H-- | M] () -- C:\ProgramData\iPodAccessv4_OwnerName
[2010/09/12 13:02:56 | 000,136,101 | ---- | M] () -- C:\ProgramData\nvModes.001

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.exe >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< %USERPROFILE%\Templates\*.tmp >

< %SYSTEMDRIVE%\explorexxx.exe\*.* >

< %Windir%\Installer\*.tmp >
[1 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]

< %systemroot%\System32\*.xco >

< %ProgramFiles%\system32\*.* >

< %systemroot%\System32\windos\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:DD4DD9B9
< End of report >



OTL Extras logfile created on: 9/12/2010 1:08:10 PM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\Annah\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.50 Gb Total Space | 89.17 Gb Free Space | 31.23% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.54 Gb Free Space | 35.41% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SIMON
Current User Name: Annah
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3494594848-3579487786-3683612834-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CDCBE26-5E16-40B7-840E-E746AE11BF9E}" = lport=3390 | protocol=6 | dir=in | app=system |
"{0FEB0733-53FF-4190-829E-40EB95BF77B8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1E3338AF-7048-4051-88CA-416497857843}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{425F7E3D-CD28-4AA9-BEAB-188AC62515DF}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{4734A09D-7BA4-4FD0-A061-BD2426BA4DDB}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{4CB7D891-CD50-48BE-B6E0-E8BC0D005E4A}" = rport=10244 | protocol=6 | dir=out | app=system |
"{542C9B80-CD27-44C2-87BC-D2B6FAB9D03A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5440B521-0DBF-42F4-A021-8F526CCE0689}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{555C07F5-2AD4-4A8C-BAF1-4C3594825F11}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{65ACCDD6-ED6C-4F0D-A1E2-8AB13297B504}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{675ED431-9992-4239-9371-5488F0AAF7C1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{685E65AF-735F-4D70-8461-A57074729AA2}" = lport=3390 | protocol=6 | dir=in | app=system |
"{692ED863-A121-43DB-9AC6-F98F435F68CB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7973A19C-E212-49ED-8C9A-C00FE5CCCF3D}" = lport=10244 | protocol=6 | dir=in | app=system |
"{829D0EAF-171E-4B28-B6C3-C423960F1555}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{87B308CD-64EE-478B-98AA-F71711916D5E}" = lport=10244 | protocol=6 | dir=in | app=system |
"{ADB7334F-7903-4262-AF84-A3A2D3B5BEEB}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{B45CA4F6-11D2-4003-A0C4-91F5D0431314}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{BA5AFDDF-3C5A-4DC3-8B94-4D160B91B7D3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C5E57BB0-2A30-4FAD-8CA4-5FAE1FF2B41E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D860703C-B3CB-4777-829E-DD3BF6F0122D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{DBDF27B9-300D-409E-9BCC-C93D647E126C}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{DEEF74E1-B6D1-4585-926C-7B33DA99779D}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{E0EAC24D-E31E-4EF9-B440-4E76263FF0F7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EC8C0329-800A-48B0-B256-A75EE21B0893}" = rport=10244 | protocol=6 | dir=out | app=system |
"{FFF6BBE6-2D2A-4F40-84F3-F0C5EB745376}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004D93D7-BBEE-4425-8535-5252B5C16EB8}" = dir=in | app=c:\program files (x86)\dell\mediadirect\pcmservice.exe |
"{00FECF5A-7326-47BA-957C-BBCBC57D8A95}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{01D02F12-CEB7-4F53-AE64-0A884F51F4E8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{0A5F912D-4EA0-4AD3-8CD6-713FEDC1AF2A}" = protocol=6 | dir=in | app=c:\users\annah\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{0D2E29F7-27B0-4433-ADC6-FFDAF887C9C0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{0E42985C-884A-4361-A6D5-9A4311C14B54}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe |
"{0F314999-4218-49E6-9344-4DA1D769EF1F}" = protocol=6 | dir=in | app=c:\users\annah\appdata\local\apps\2.0\boxxj6j8.khp\57bh4ome.owo\curs..tion_eee711038731a406_0004.0000_172b37d8269e5e48\curseclient.exe |
"{0F4C86AD-7B9A-405D-896C-F4C91B5C554A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{14CA5DE5-5653-4939-9EEE-76E083649081}" = protocol=6 | dir=in | app=c:\users\annah\appdata\local\apps\2.0\boxxj6j8.khp\57bh4ome.owo\curs..tion_eee711038731a406_0004.0000_172b37d8269e5e48\curseclient.exe |
"{14E5AD44-41E6-430E-979D-CF590FC90608}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe |
"{1783DEA7-29FC-45F4-A26F-43C7FC32189F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{1876931A-FCE1-4565-868B-56142C740810}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe |
"{1A9B1328-D26F-43B3-B647-770AD64E9828}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
"{1DED932C-0FB5-43B7-B395-22FA58C57B9C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{1EA6B916-EBCC-4239-BFEA-FDA95F340EE6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1FDE75FA-E1F6-43E8-B40C-02A66C6B46DF}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{20E7F752-3946-486F-9932-1E5FB920FA0F}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
"{2553665F-94E7-460E-BE62-18644D05436D}" = protocol=17 | dir=in | app=c:\users\annah\appdata\local\apps\2.0\boxxj6j8.khp\57bh4ome.owo\curs..tion_eee711038731a406_0004.0000_172b37d8269e5e48\curseclient.exe |
"{26D71EBC-3155-4053-ABF4-FA8E47DE7D63}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{27C4D933-DC9B-4A9B-855F-EF89A2EAB421}" = protocol=17 | dir=in | app=c:\users\annah\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{28379750-4A08-415E-A4EC-7B5BFCDAD00E}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{2C5CFCF6-6779-4B6F-B37F-117DEC237FA6}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{342C320F-226D-4F78-9CAB-2D2745DF7858}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3738C4FA-3D6F-46D1-BC9F-9BC33A424A0B}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{375A6672-FB3E-4C76-840A-477237CCFAA9}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{38455202-C1C7-428A-AF64-316C47126879}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
"{3C51A076-15FB-4204-83CD-0AF95328AD3F}" = protocol=6 | dir=in | app=c:\users\annah\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{3D5093F0-06C3-4099-BBC9-BB9DFF769AE2}" = protocol=17 | dir=in | app=c:\users\annah\appdata\local\apps\2.0\boxxj6j8.khp\57bh4ome.owo\curs..tion_eee711038731a406_0004.0000_172b37d8269e5e48\curseclient.exe |
"{3DE8C74D-0F61-456F-90DD-E961E73B59F0}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{42C75C03-6F9B-4F31-BF02-3F16D197C075}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{46F8CCB3-F362-4C3B-B1D2-AAE325434362}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{4E64377F-284F-4F06-8DBC-C9A6C5F24342}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
"{4EC53FEF-04A3-4E6C-A540-C3D9D107C599}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{55C43613-52D8-4A7F-A37F-F43CE6C9B47C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5818FA2D-54D4-484F-AE04-35DA48B285F2}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"{5977B3BF-CA98-43A9-83D8-97AA157BF0E3}" = dir=in | app=c:\program files (x86)\dell\mediadirect\mediadirect.exe |
"{5A3EAF76-C053-4447-B5BD-D0955CAAAF5C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{5ABF8706-A9F2-4DEA-B887-3657B63E9DA5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{5C47BBD1-61AD-4E8C-AA3A-DA37BCFCB12B}" = protocol=17 | dir=in | app=c:\users\annah\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{5D4D3FE0-C1C4-4A1B-915D-476C7F94BE56}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{60CBEC0B-504A-48DD-BBA5-AE0E7D3C124B}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{64EB9266-458A-49D9-AFAF-6BA1D2305422}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe |
"{65FAA568-0D6F-4042-B27A-CB94D3D2EEA2}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{67EB574F-FD9E-4B51-A09C-E7DAB3367EC0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{69FF95FD-5BEC-417C-818E-D628C1CAE58F}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"{71D24319-BB08-4BF0-9F3C-F8D5469D7017}" = protocol=17 | dir=in | app=c:\users\annah\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{74D8CE99-C85A-4A1F-B75B-68AEFD1633FC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{7901EF6D-A727-4675-9347-F2840FEE7772}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{7BB6A66B-2598-4248-A1D7-6F67C4DF99C0}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{81C14827-8B56-4FB8-BAAC-60AE05B07D99}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"{83FAB32F-0D8F-411C-8B25-16359D85A0CC}" = protocol=6 | dir=in | app=c:\users\annah\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{85790A16-A347-45CC-9F5F-A3013B7FD11E}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
"{8D4E5243-8B19-4380-8F73-F829FA31EB55}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
"{8D87EA2D-67BE-4AD9-8160-9A7D3F4D90F1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8E9375B1-FB12-449E-B4CC-6EC1228C107A}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
"{8F8B04D7-E89B-4005-A43A-1BF1CB172DA8}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
"{90B98ABE-A5B1-4A60-A5A8-B07F44F9AF4F}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{9239C12F-863D-4F5A-98CD-6DF0F4968680}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{92B8221F-D11A-4593-BBA6-242ED5A6376B}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{947B4CD5-CD18-47C8-AA53-DEF719F6C2B1}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{9587174E-E66B-497D-BA41-777A365623C8}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"{97C30103-4733-42CC-8AF9-FEC18199838D}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{A2718798-6451-44C4-9CA8-E2B947180999}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{A2C2AE47-61B7-42B8-8BD7-ADC90A54134B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A31D9D23-FCAE-472E-A255-75EA0BAE1F1E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{A7109F74-A62D-40CB-862F-C90022CB2F5F}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{A9D5E549-4595-477A-BCB4-6FD220AE990F}" = protocol=17 | dir=in | app=c:\users\annah\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{AB88A567-BE9D-4AD9-A006-FB346D3605E9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AEA66ABF-0127-43C0-BFFD-1131F86A778A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B315371D-D575-4C37-9A5A-9BC5737D4A64}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{BCEF8CB0-B4AB-422D-AC28-BE23D8F36684}" = dir=in | app=c:\program files (x86)\dell\mediadirect\kernel\dms\clmsservice.exe |
"{C205CAD9-C21E-4DE0-9F1C-B8634A510211}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{C42CD193-6CBE-4C8D-8381-617981D9C4A0}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{C64F7978-1EC7-4B9E-97AD-72E49EA2821F}" = protocol=6 | dir=in | app=c:\users\annah\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{C741C6BE-CB50-44F9-894B-DB2EA620D19F}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
"{C785CB71-6B12-4F87-832F-56599D82A84F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{C7D2DF21-969A-4FF0-962C-F56DAFB0E9CD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{C8D93D91-E65E-4677-A23F-F502BCC7C745}" = dir=in | app=c:\program files (x86)\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{CDE17E2E-77EC-4D92-9528-0572F69C06D0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{D01BFDCC-0722-4AED-B0EA-59FB0101771D}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{D0829AF4-57C5-4903-BBA6-B4592C24DFA6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{D2236CB2-4FD3-46BD-ACAB-20E3CA6D4511}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
"{D9E0D51A-F757-4EA6-9A42-2AA4DC040B2A}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{DD5CE494-0EF4-43B6-B71F-C500372ABEF6}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{DF242141-00CB-47E2-8772-DC50950128E3}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe |
"{E288F7E5-D5A8-4CD0-809D-DB998A31425D}" = dir=in | app=e:\setup\hpznui40.exe |
"{E75A09A2-915C-4A64-9CE8-EAA28D1F3FA0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E7F4C925-A4BF-414E-90FC-ED6DC483A5E6}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F0879F1B-A10C-4C0F-BD51-9E36666F9343}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{F13D27B1-64DA-49FD-9305-D9E425D88D8E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{F14F2390-6DA4-4DE2-8642-67933C287731}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
"{F21D7B4B-40B1-40BB-A6AB-B82E6D8EBA0D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{F6CF1ECA-FA75-471E-83FB-B1D19D6CC903}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
"{F7AFEF32-BAA9-45D7-80E3-C3D1DD623D29}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{21C61E54-EA30-4AA8-9E4E-916862552797}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{3414F311-9BDF-4CC7-A5B9-0F76484710B5}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"TCP Query User{344CFB58-B5FD-4DFD-86C9-E63E1A2DFFBE}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{3A7BCAA9-FF9B-495F-81FF-52E480004EF3}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{42BE536E-FC94-48FE-A793-81A0B6EA8062}C:\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"TCP Query User{46F564C5-D4F8-4BDB-BFBB-17C4F2320D47}C:\windows\sr882388.exe" = protocol=6 | dir=in | app=c:\windows\sr882388.exe |
"TCP Query User{6C5F0C1D-E767-4460-981A-C1C37FA977CE}C:\program files (x86)\google\google talk\googletalk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"TCP Query User{70FDB165-EC83-44F1-B549-B3AE548EEB1A}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{7F74F5DC-78F6-4FFD-9EFA-979382D3652A}C:\users\annah\appdata\local\temp\blizzard launcher temporary - b64f7e88\launcher.exe" = protocol=6 | dir=in | app=c:\users\annah\appdata\local\temp\blizzard launcher temporary - b64f7e88\launcher.exe |
"TCP Query User{898C67A8-FD4F-4B24-9F7D-4280EFCE9152}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{93AF2160-D2B8-4679-B590-2A8B4950B4E9}C:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe |
"TCP Query User{E0EC1207-9318-4136-961C-8604DB20A198}C:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe |
"TCP Query User{F721253C-9A66-4F1F-B65E-84F1F801EF0A}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{FBFE79C8-AA27-450C-9514-D057FD1CFA78}C:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe |
"UDP Query User{06ACD39E-244A-4A95-ACBF-373B4EE1E692}C:\program files (x86)\google\google talk\googletalk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"UDP Query User{0E6C33D3-A1EA-46AE-A5F1-C98E8F8309CD}C:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe |
"UDP Query User{220B0B07-9791-40A9-8AAF-BF5DA1F4A7AA}C:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe |
"UDP Query User{26C98F21-0ABC-49D2-BA95-26543EC61FAD}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"UDP Query User{3031D39F-CEA1-4C9F-ABC3-6F01DF59C14B}C:\users\annah\appdata\local\temp\blizzard launcher temporary - b64f7e88\launcher.exe" = protocol=17 | dir=in | app=c:\users\annah\appdata\local\temp\blizzard launcher temporary - b64f7e88\launcher.exe |
"UDP Query User{38D9FCBD-D5F0-4B1D-A20D-9B18DD9D63EE}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{56308CCB-2E4E-4504-8AB1-ABC424E541AC}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{5C6F6CD6-D849-42A2-8806-BAD092F5402B}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{6544BC6F-992D-4901-8B17-A23A5A23FE0B}C:\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"UDP Query User{8856C80E-F401-440E-A2FE-66DDFF493692}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{BF7C7225-BFEC-4B5B-BC81-2B2BB2B922C4}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{C4D28B18-12BF-41E5-BC02-2CD36A8A6797}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{C8F4D5F1-8385-4E44-BC5F-A3B0F0134912}C:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe |
"UDP Query User{CF370A62-A1EB-4F83-945C-483F73428DE9}C:\windows\sr882388.exe" = protocol=17 | dir=in | app=c:\windows\sr882388.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{12F5D482-1F43-4708-BCC5-031F10A08949}" = Symantec Endpoint Protection
"{24557DC0-0839-496f-82F9-C4EB72EFE4FA}" = HP Deskjet All-In-One Software 8.0
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{84BC87D4-0480-4E10-B15D-1E7886D55180}" = iTunes
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A2289997-10A3-48F2-AA03-99180D761661}" = Fingerprint Reader Suite 5.6
"{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C84038D7-AB95-478F-85A9-2448CFFF94E4}" = HP Photosmart Prem-Web C309n-s All-In-One Driver Software 13.0 Rel .6
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Dell Touchpad

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{09E2111C-16B1-4DDF-BF0D-F994C9A12350}" = Adobe Setup
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2C294A0B-DF22-4023-B168-8C7645B10019}" = Adobe Setup
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{38F90B6E-A31D-40D0-88D3-D38406FBBF57}" = C309n-s
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4B215C29-1A3E-4736-92AA-10C83FA56EB9}" = Adobe After Effects CS3 Presets
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{582D2A53-F426-4C5E-A2E6-43C1AB36B907}" = Safari
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{65493E89-7966-4008-85DA-FF3D26ADBAC4}" = PS_AIO_06_C309n-s_SW_Min
"{657F8B33-CBBB-45F4-9087-274F22C89400}" = DJ_AIO_ProductContext
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7DDEABFB-0621-4321-B385-CB86D3A6F90F}" = F4100
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AF3FB06-BDA3-42A3-995C-308812D2F094}" = Adobe After Effects CS3
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{922E8525-AC7E-4294-ACAA-43712D4423C0}" = Adobe Flash Player 10 ActiveX
"{946478D4-2BA9-4B88-9AA0-DDD7155455DD}" = DietOrganizer 2.4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9ECB4705-B9CB-405A-B6D4-33BDF707308E}" = DJ_AIO_Software
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{ACE22C48-49D7-4531-BE20-5C3D03393AB6}" = F4100_Help
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
"{BBF08789-06CB-4D2F-9330-CD617AFDE528}" = Fax
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}" = Adobe Creative Suite 3 Design Premium
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DC83F417-8068-4074-BA2F-C4F8AB872556}" = DJ_AIO_Software_min
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.3 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_b7dd24a87e82dcf8af8876fd727b7cf" = Adobe After Effects CS3
"Adobe_c14ac4070fd9614ffe63f4bb533db2c" = Add or Remove Adobe Creative Suite 3 Design Premium
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"Any Video Converter_is1" = Any Video Converter 3.0.7
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.3 (Unicode)
"Audacity_is1" = Audacity 1.2.6
"bgbennyboyCMIReplacementSetup_is1" = Curse Of Monkey Island
"bgbennyboyEMIReplacementSetup_is1" = Escape From Monkey Island
"bgbennyboyGrimReplacementSetup_is1" = Grim Fandango
"CCleaner" = CCleaner
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"EADM" = EA Download Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Finale 2006" = Finale 2006
"foobar2000" = foobar2000 v0.9.5.6
"HijackThis" = HijackThis 2.0.2
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.2.5 (Standard)
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Thunderbird (3.1.2)" = Mozilla Thunderbird (3.1.2)
"Notebook Hardware Control" = Notebook Hardware Control 2.0 Pre-Release-06 Bugfix
"Picasa 3" = Picasa 3
"Puzzle Collection" = Microsoft Entertainment Pack: The Puzzle Collection
"ResNet Registration Wizard_is1" = ResNet Registration Wizard 2.0
"VLC media player" = VLC media player 1.1.3
"Wacom Tablet Driver" = Wacom Tablet
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Facebook Plug-In" = Facebook Plug-In
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/6/2010 3:54:32 PM | Computer Name = SIMON | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 9/6/2010 3:54:32 PM | Computer Name = SIMON | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 9/6/2010 4:38:53 PM | Computer Name = SIMON | Source = Symantec AntiVirus | ID = 16711754
Description = TruScan has generated an error: code 11: description: Whitelist Failure

Error - 9/6/2010 9:34:29 PM | Computer Name = SIMON | Source = Application Error | ID = 1000
Description = Faulting application Rtvscan.exe, version 11.0.4000.2263, time stamp
0x493e005c, faulting module msl.dll, version 5.1.1.0, time stamp 0x47a2be8e, exception
code 0xc0000005, fault offset 0x0001f1b6, process id 0xa28, application start time
0x01cb4dfaf6b4028d.

Error - 9/6/2010 9:43:25 PM | Computer Name = SIMON | Source = WinMgmt | ID = 10
Description =

Error - 9/6/2010 10:13:46 PM | Computer Name = SIMON | Source = WinMgmt | ID = 10
Description =

Error - 9/6/2010 10:49:58 PM | Computer Name = SIMON | Source = WinMgmt | ID = 10
Description =

Error - 9/7/2010 10:44:55 PM | Computer Name = SIMON | Source = WinMgmt | ID = 10
Description =

Error - 9/7/2010 11:46:54 PM | Computer Name = SIMON | Source = Symantec AntiVirus | ID = 16711754
Description = TruScan has generated an error: code 11: description: Whitelist Failure

Error - 9/12/2010 1:03:09 PM | Computer Name = SIMON | Source = WinMgmt | ID = 10
Description =

[ Broadcom Wireless LAN Events ]
Error - 11/11/2008 7:52:26 PM | Computer Name = Babyboy | Source = WLAN-Tray | ID = 0
Description = 17:52:26, Tue, Nov 11, 08 Error - User "" does not have administrative
privileges on this system

Error - 11/11/2008 7:52:26 PM | Computer Name = Babyboy | Source = WLAN-Tray | ID = 0
Description = 17:52:26, Tue, Nov 11, 08 Error - User "" does not have administrative
privileges on this system

Error - 11/12/2008 5:31:55 PM | Computer Name = Babyboy | Source = WLAN-Tray | ID = 0
Description = 15:31:55, Wed, Nov 12, 08 Error - User "" does not have administrative
privileges on this system

Error - 11/12/2008 5:31:55 PM | Computer Name = Babyboy | Source = WLAN-Tray | ID = 0
Description = 15:31:55, Wed, Nov 12, 08 Error - User "" does not have administrative
privileges on this system

Error - 11/13/2008 2:16:29 AM | Computer Name = Babyboy | Source = WLAN-Tray | ID = 0
Description = 00:16:29, Thu, Nov 13, 08 Error - User "" does not have administrative
privileges on this system

Error - 11/13/2008 2:16:29 AM | Computer Name = Babyboy | Source = WLAN-Tray | ID = 0
Description = 00:16:29, Thu, Nov 13, 08 Error - User "" does not have administrative
privileges on this system

Error - 11/13/2008 12:06:15 PM | Computer Name = Babyboy | Source = WLAN-Tray | ID = 0
Description = 10:06:15, Thu, Nov 13, 08 Error - User "" does not have administrative
privileges on this system

Error - 11/13/2008 12:06:15 PM | Computer Name = Babyboy | Source = WLAN-Tray | ID = 0
Description = 10:06:15, Thu, Nov 13, 08 Error - User "" does not have administrative
privileges on this system

Error - 11/13/2008 11:22:09 PM | Computer Name = Babyboy | Source = WLAN-Tray | ID = 0
Description = 21:22:09, Thu, Nov 13, 08 Error - User "" does not have administrative
privileges on this system

Error - 11/13/2008 11:22:09 PM | Computer Name = Babyboy | Source = WLAN-Tray | ID = 0
Description = 21:22:09, Thu, Nov 13, 08 Error - User "" does not have administrative
privileges on this system

[ Media Center Events ]
Error - 12/8/2009 10:41:17 PM | Computer Name = SIMON | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/12/2009 10:51:40 PM | Computer Name = SIMON | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/5/2010 4:27:33 PM | Computer Name = SIMON | Source = Mcx2Dvcs | ID = 401
Description =

Error - 6/5/2010 4:27:53 PM | Computer Name = SIMON | Source = Mcx2Dvcs | ID = 401
Description =

Error - 6/5/2010 4:28:15 PM | Computer Name = SIMON | Source = Mcx2Dvcs | ID = 401
Description =

Error - 6/5/2010 4:30:47 PM | Computer Name = SIMON | Source = Mcx2Dvcs | ID = 401
Description =

Error - 6/5/2010 4:32:37 PM | Computer Name = SIMON | Source = Mcx2Dvcs | ID = 401
Description =

[ OSession Events ]
Error - 7/22/2009 3:26:37 AM | Computer Name = SIMON | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 31642
seconds with 1140 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/6/2010 10:14:50 PM | Computer Name = SIMON | Source = DCOM | ID = 10016
Description =

Error - 9/6/2010 10:49:58 PM | Computer Name = SIMON | Source = Service Control Manager | ID = 7000
Description =

Error - 9/6/2010 10:50:36 PM | Computer Name = SIMON | Source = Service Control Manager | ID = 7022
Description =

Error - 9/6/2010 10:50:38 PM | Computer Name = SIMON | Source = DCOM | ID = 10016
Description =

Error - 9/7/2010 10:44:55 PM | Computer Name = SIMON | Source = Service Control Manager | ID = 7000
Description =

Error - 9/7/2010 10:45:45 PM | Computer Name = SIMON | Source = Service Control Manager | ID = 7022
Description =

Error - 9/7/2010 10:45:48 PM | Computer Name = SIMON | Source = DCOM | ID = 10016
Description =

Error - 9/12/2010 1:03:09 PM | Computer Name = SIMON | Source = Service Control Manager | ID = 7000
Description =

Error - 9/12/2010 1:04:23 PM | Computer Name = SIMON | Source = Service Control Manager | ID = 7022
Description =

Error - 9/12/2010 1:04:27 PM | Computer Name = SIMON | Source = DCOM | ID = 10016
Description =


< End of report >


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-12 13:49:00
Windows 6.0.6002 Service Pack 2
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe2e0fa31
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\[email protected] 0x17 0x24 0x31 0x1B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0xE1 0x88 0x56 0x07 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe2e0fa31 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\[email protected] 0x17 0x24 0x31 0x1B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0xE1 0x88 0x56 0x07 ...

---- EOF - GMER 1.0.15 ----

Thank you again for your help :)
  • 0

#4
azarl

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
» Step 1«
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Processes 
    
    :Services
    
    :OTL
    O4 - HKLM..\Run: [MRIPEUndo] e:\MRI.exe File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O33 - MountPoints2\{0302080b-c089-11dd-9bf9-00219be0aa5f}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\windowsupdate.com
    O33 - MountPoints2\{0302080b-c089-11dd-9bf9-00219be0aa5f}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\windowsupdate.com
    O33 - MountPoints2\{1075dcf2-b19d-11dd-87b9-00219be0aa5f}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\windowsupdate.com
    O33 - MountPoints2\{1075dcf2-b19d-11dd-87b9-00219be0aa5f}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\windowsupdate.com
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\mri.exe -- File not found
    
    
    :Commands
    [purity]
    [emptytemp]
    
    [Reboot]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
» Step 2«
Download CKScanner from here

Important : Save it to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
» Step 3«
Download Rooter.exe to your desktop
  • Then doubleclick it to start the tool
  • A Notepad file containing the report will open, also found at %systemdrive%\Rooter.txt. Post that here
» Step 4«
  • Please download WVCheck by Artellos from one of the mirrors below;

    Artellos.com (exe)
    Artellos.com (zip)

  • After the download, run WVCheck.exe
  • As indicated by the prompt, This program can take a while depending on your hard drive space.
  • Once the program is done, copy the contents of the notepad file as a reply.

  • 0

#5
lunarnomadd

lunarnomadd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thanks for your hard work on this, Azarl!

I have included the OTL quick scan, the ckfiles scan, and the wv check log, however, Rooter doesn't seem to want to work... it sits reading "please wait..." for hours with no real activity. The available logs are below:

OTL logfile created on: 9/13/2010 7:57:25 PM - Run 2
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\Annah\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 68.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.50 Gb Total Space | 89.71 Gb Free Space | 31.42% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.54 Gb Free Space | 35.41% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SIMON
Current User Name: Annah
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/12 13:06:46 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Annah\Desktop\OTL.exe
PRC - [2010/07/26 08:30:31 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/04/08 15:45:54 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/04/08 15:45:52 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/04/08 15:45:40 | 002,440,120 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/10/14 22:38:56 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2008/05/05 08:30:28 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007/01/30 02:08:40 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2007/01/01 17:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Talk\googletalk.exe


========== Modules (SafeList) ==========

MOD - [2010/09/12 13:06:46 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Annah\Desktop\OTL.exe
MOD - [2009/10/14 17:10:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll
MOD - [2009/10/14 17:10:06 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcp80.dll
MOD - [2008/01/20 22:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2007/01/30 02:08:38 | 000,044,544 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\x86\lgscroll.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/10/10 14:07:00 | 003,580,712 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV:64bit: - [2008/07/03 09:43:44 | 000,031,744 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stop_Pending] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/09/07 12:25:18 | 000,119,296 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\STacSV64.exe -- (STacSV)
SRV:64bit: - [2007/08/29 15:25:14 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AESTSr64.exe -- (AESTFilters)
SRV - [2010/03/18 14:27:14 | 001,020,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/05/21 21:35:32 | 000,923,136 | ---- | M] (Hewlett-Packard Co.) [Auto | Stopped] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/04/08 15:45:54 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/04/08 15:45:54 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/04/08 15:45:46 | 000,388,424 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
SRV - [2009/04/08 15:45:42 | 003,081,544 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/04/08 15:45:40 | 002,440,120 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/04/07 21:31:22 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/06/30 16:36:35 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2007/03/20 18:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2010/09/04 22:41:25 | 000,219,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WpsHelper.sys -- (WpsHelper)
DRV:64bit: - [2010/09/04 22:06:04 | 000,172,080 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/03/21 15:12:20 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/11 01:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/04/08 15:46:06 | 000,052,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wpsdrvnt.sys -- (WPS)
DRV:64bit: - [2009/04/08 15:45:56 | 000,480,816 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SRTSPL64.SYS -- (SRTSPL)
DRV:64bit: - [2009/04/08 15:45:56 | 000,441,904 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2009/04/08 15:45:56 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\SRTSPX64.SYS -- (SRTSPX)
DRV:64bit: - [2009/04/08 15:45:50 | 000,062,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\teefer2.sys -- (Teefer2)
DRV:64bit: - [2008/11/07 16:23:30 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2008/10/06 13:53:26 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2008/09/25 09:23:08 | 000,402,456 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/08/20 13:58:58 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2008/07/16 07:08:48 | 000,315,440 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/07/11 13:16:50 | 000,015,272 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2008/07/03 09:43:28 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV:64bit: - [2008/07/03 09:43:08 | 001,374,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008/05/06 01:35:46 | 000,219,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2008/05/05 08:34:04 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008/05/05 08:34:04 | 000,053,760 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008/05/05 08:34:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/05/05 08:30:32 | 000,012,288 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OEM02Vfx.sys -- (OEM02Vfx)
DRV:64bit: - [2008/05/05 08:30:26 | 000,266,624 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OEM02Dev.sys -- (OEM02Dev)
DRV:64bit: - [2008/01/20 22:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 22:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 22:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2008/01/20 22:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2007/09/10 17:50:02 | 000,057,872 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tcusb.sys -- (TcUsb)
DRV:64bit: - [2007/09/07 12:26:06 | 000,392,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2007/06/20 14:57:36 | 000,029,184 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motmodem.sys -- (motmodem)
DRV:64bit: - [2007/02/16 13:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2007/02/16 09:42:28 | 000,022,528 | ---- | M] (Christian Diefer) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\fanio.sys -- (fanio)
DRV:64bit: - [2007/02/15 18:11:26 | 000,012,976 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\WacomVKHid.sys -- (WacomVKHid)
DRV:64bit: - [2007/01/23 15:47:00 | 000,051,984 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2007/01/23 15:47:00 | 000,048,912 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2006/11/06 21:52:50 | 000,086,832 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2006/11/06 19:13:44 | 000,020,016 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2006/11/06 19:13:42 | 000,094,512 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2006/11/02 03:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2010/09/12 13:14:50 | 001,791,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100912.005\EX64.SYS -- (NAVEX15)
DRV - [2010/09/12 13:14:50 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100912.005\ENG64.SYS -- (NAVENG)
DRV - [2010/09/04 22:40:29 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/09/04 22:40:29 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/04/08 15:45:56 | 000,480,816 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2009/04/08 15:45:56 | 000,441,904 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2009/04/08 15:45:56 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=2081006
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=2081006
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=2081006
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=14986&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.5

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/26 08:30:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/26 08:30:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/08/21 19:10:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010/06/10 16:14:28 | 000,000,000 | ---D | M]

[2010/08/21 19:10:40 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\Mozilla\Extensions
[2010/08/21 19:10:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Annah\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/09/12 13:15:02 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\Mozilla\Firefox\Profiles\3sfys25b.default\extensions
[2010/07/30 09:53:28 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Annah\AppData\Roaming\Mozilla\Firefox\Profiles\3sfys25b.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/08/05 14:46:55 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\Mozilla\Firefox\Profiles\3sfys25b.default\extensions\[email protected]
[2009/06/12 13:09:40 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\Mozilla\Sunbird\Profiles\6e9ztz62.default\extensions
[2010/01/25 19:24:11 | 000,001,606 | ---- | M] () -- C:\Users\Annah\AppData\Roaming\Mozilla\Firefox\Profiles\3sfys25b.default\searchplugins\amazondotcom.xml
[2009/07/10 17:26:08 | 000,002,257 | ---- | M] () -- C:\Users\Annah\AppData\Roaming\Mozilla\Firefox\Profiles\3sfys25b.default\searchplugins\askcom.xml
[2009/01/06 11:07:10 | 000,001,595 | ---- | M] () -- C:\Users\Annah\AppData\Roaming\Mozilla\Firefox\Profiles\3sfys25b.default\searchplugins\ebay.xml
[2010/06/26 08:53:28 | 000,002,789 | ---- | M] () -- C:\Users\Annah\AppData\Roaming\Mozilla\Firefox\Profiles\3sfys25b.default\searchplugins\world-of-warcraft-armory.xml
[2010/06/28 09:27:49 | 000,002,048 | ---- | M] () -- C:\Users\Annah\AppData\Roaming\Mozilla\Firefox\Profiles\3sfys25b.default\searchplugins\wowecon.xml
[2010/06/26 08:54:01 | 000,001,548 | ---- | M] () -- C:\Users\Annah\AppData\Roaming\Mozilla\Firefox\Profiles\3sfys25b.default\searchplugins\wowhead.xml
[2010/09/12 13:15:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/01/13 18:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2010/09/06 22:10:13 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SigmatelSysTrayApp] File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - Startup: C:\Users\Annah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: google.com ([docs] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\SysNative\vrlogon.dll (UPEK Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - Reg Error: Key error. - C:\Windows\SysNative\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Users\Annah\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Annah\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/09/13 19:50:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/12 13:05:50 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Annah\Desktop\OTL.exe
[2010/09/06 22:32:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/09/06 22:30:46 | 000,000,000 | ---D | C] -- C:\Users\Annah\Pavark
[2010/09/06 21:24:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSSOAP
[2010/09/06 21:24:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap
[2010/09/06 21:23:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Webroot
[2010/09/06 14:33:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\vi-VN
[2010/09/06 14:33:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\eu-ES
[2010/09/06 14:33:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\eu-ES
[2010/09/06 14:33:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ca-ES
[2010/09/06 14:33:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ca-ES
[2010/09/06 14:33:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\vi-VN
[2010/09/06 13:38:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2010/09/06 02:10:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WindowsPowerShell
[2010/09/06 02:10:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WindowsPowerShell
[2010/09/05 18:48:52 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/09/05 17:40:36 | 000,000,000 | ---D | C] -- C:\Users\Annah\AppData\Roaming\Malwarebytes
[2010/09/05 17:40:26 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/09/05 17:40:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/05 14:15:26 | 000,000,000 | ---D | C] -- C:\Users\Annah\Desktop\Registry
[2010/09/04 22:05:49 | 000,172,080 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/09/04 22:05:48 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/09/04 22:04:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/08/28 19:28:12 | 000,000,000 | ---D | C] -- C:\Users\Annah\Desktop\SystemAnalyzer
[2010/08/28 19:27:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Geek Squad
[2010/08/26 16:56:03 | 000,000,000 | ---D | C] -- C:\Users\Annah\Desktop\Annah's Folder
[2010/08/18 22:57:51 | 000,000,000 | ---D | C] -- C:\Users\Annah\AppData\Roaming\vlc
[2010/08/18 22:57:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2010/06/29 19:45:02 | 000,000,000 | ---D | C] -- C:\Users\Annah\AppData\Local\Deployment
[2010/06/15 21:00:09 | 000,000,000 | ---D | C] -- C:\Users\Annah\AppData\Roaming\foobar2000
[2010/06/15 21:00:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\foobar2000

========== Files - Modified Within 90 Days ==========

[2010/09/13 20:03:18 | 000,707,456 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/09/13 20:03:18 | 000,607,406 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/09/13 20:03:18 | 000,105,014 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/09/13 20:01:34 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/13 19:59:22 | 005,242,880 | -HS- | M] () -- C:\Users\Annah\NTUSER.DAT
[2010/09/13 19:56:09 | 000,136,101 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/09/13 19:55:31 | 000,136,101 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/09/13 19:55:31 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/13 19:55:21 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/13 19:55:21 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/13 19:55:20 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/13 19:55:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/13 19:53:34 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/09/13 19:53:32 | 000,524,288 | -HS- | M] () -- C:\Users\Annah\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/09/13 19:53:32 | 000,065,536 | -HS- | M] () -- C:\Users\Annah\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/09/13 19:53:31 | 006,291,456 | -H-- | M] () -- C:\Users\Annah\AppData\Local\IconCache.db
[2010/09/12 13:06:46 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Annah\Desktop\OTL.exe
[2010/09/06 22:10:13 | 000,000,761 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\HOSTS
[2010/09/06 21:24:56 | 000,000,514 | ---- | M] () -- C:\Windows\win.ini
[2010/09/06 21:19:16 | 000,000,164 | ---- | M] () -- C:\Windows\install.dat
[2010/09/06 15:25:01 | 000,000,975 | ---- | M] () -- C:\Users\Annah\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/06 14:39:44 | 004,198,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/09/06 10:34:53 | 000,216,576 | ---- | M] () -- C:\Users\Annah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/06 10:30:02 | 000,124,704 | ---- | M] () -- C:\Users\Annah\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/09/05 17:10:55 | 000,000,206 | ---- | M] () -- C:\Windows\SysNative\hwmonitorw.ini
[2010/09/04 22:41:25 | 000,219,184 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\WpsHelper.sys
[2010/09/04 22:06:04 | 000,172,080 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/09/04 22:06:04 | 000,010,583 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/09/04 22:06:04 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/09/04 22:03:46 | 000,002,801 | ---- | M] () -- C:\Windows\unins000.dat
[2010/09/04 22:03:27 | 000,685,849 | ---- | M] () -- C:\Windows\unins000.exe
[2010/08/19 10:01:13 | 000,008,412 | ---- | M] () -- C:\Users\Annah\AppData\Local\d3d9caps64.dat
[2010/08/18 15:45:25 | 000,000,090 | ---- | M] () -- C:\Windows\QBChanUtil_Trigger.ini
[2010/08/18 15:41:50 | 000,000,031 | ---- | M] () -- C:\Windows\QUICKEN.INI
[2010/07/06 14:53:39 | 000,000,908 | ---- | M] () -- C:\Users\Annah\Desktop\Music.lnk
[2010/06/29 19:45:49 | 000,000,000 | ---- | M] () -- C:\Users\Annah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip

========== Files Created - No Company Name ==========

[2010/09/12 13:17:56 | 000,293,376 | ---- | C] () -- C:\Users\Annah\Desktop\gmer.exe
[2010/09/06 21:19:13 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat
[2010/09/06 15:25:00 | 000,000,975 | ---- | C] () -- C:\Users\Annah\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/06 13:35:01 | 000,121,856 | ---- | C] () -- C:\Windows\SysNative\EhStorAuthn.dll
[2010/09/06 13:35:01 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/09/06 13:34:52 | 000,262,552 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2010/09/06 13:34:38 | 000,471,992 | ---- | C] () -- C:\Windows\SysNative\dot3.tmf
[2010/09/06 13:34:36 | 000,700,507 | ---- | C] () -- C:\Windows\SysNative\eaphost.tmf
[2010/09/06 13:34:35 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010/09/06 13:34:35 | 000,107,612 | ---- | C] () -- C:\Windows\SysNative\StructuredQuerySchema.bin
[2010/09/06 13:34:32 | 003,662,128 | ---- | C] () -- C:\Windows\SysWow64\locale.nls
[2010/09/06 13:34:32 | 003,662,128 | ---- | C] () -- C:\Windows\SysNative\locale.nls
[2010/09/06 13:34:32 | 000,395,723 | ---- | C] () -- C:\Windows\SysNative\onex.tmf
[2010/09/06 13:34:15 | 000,207,968 | ---- | C] () -- C:\Windows\SysNative\WFP.TMF
[2010/09/06 13:34:13 | 000,092,918 | ---- | C] () -- C:\Windows\SysWow64\slmgr.vbs
[2010/09/06 13:34:13 | 000,092,918 | ---- | C] () -- C:\Windows\SysNative\slmgr.vbs
[2010/09/06 13:34:10 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010/09/06 13:33:52 | 000,009,239 | ---- | C] () -- C:\Windows\SysWow64\spcinstrumentation.man
[2010/09/06 13:33:52 | 000,009,239 | ---- | C] () -- C:\Windows\SysNative\spcinstrumentation.man
[2010/09/06 13:33:38 | 000,009,212 | ---- | C] () -- C:\Windows\SysWow64\RacUR.xml
[2010/09/06 13:33:38 | 000,009,212 | ---- | C] () -- C:\Windows\SysNative\RacUR.xml
[2010/09/06 02:03:29 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2010/09/06 02:03:29 | 000,018,904 | ---- | C] () -- C:\Windows\SysNative\StructuredQuerySchemaTrivial.bin
[2010/09/06 02:03:25 | 011,967,524 | ---- | C] () -- C:\Windows\SysWow64\korwbrkr.lex
[2010/09/06 02:03:25 | 011,967,524 | ---- | C] () -- C:\Windows\SysNative\korwbrkr.lex
[2010/09/06 01:47:57 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\WsmTxt.xsl
[2010/09/06 01:47:57 | 000,002,426 | ---- | C] () -- C:\Windows\SysNative\WsmTxt.xsl
[2010/09/06 01:47:56 | 000,201,184 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs
[2010/09/06 01:47:56 | 000,201,184 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs
[2010/09/06 01:47:56 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml
[2010/09/06 01:47:56 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml
[2010/09/05 18:39:49 | 000,223,344 | ---- | C] () -- C:\Users\Annah\AppData\Local\dd_ATL90SP1_KB973924MSI06B4.txt
[2010/09/05 18:39:48 | 000,012,422 | ---- | C] () -- C:\Users\Annah\AppData\Local\dd_ATL90SP1_KB973924UI06B4.txt
[2010/09/05 18:32:36 | 000,523,398 | ---- | C] () -- C:\Users\Annah\AppData\Local\dd_ATL80SP1_KB973923MSI012E.txt
[2010/09/05 18:32:35 | 000,011,694 | ---- | C] () -- C:\Users\Annah\AppData\Local\dd_ATL80SP1_KB973923UI012E.txt
[2010/09/05 18:11:37 | 002,608,861 | ---- | C] () -- C:\Windows\SysNative\wlan.tmf
[2010/09/04 22:05:49 | 000,010,583 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/09/04 22:05:49 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/06/29 19:45:49 | 000,000,000 | ---- | C] () -- C:\Users\Annah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2010/05/11 10:35:08 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2010/05/11 10:33:47 | 003,065,652 | ---- | C] () -- C:\Users\Annah\AppData\Local\dd_NET_Framework35_x64_MSI5D29.txt
[2010/04/29 19:09:15 | 000,000,792 | ---- | C] () -- C:\Users\Annah\AppData\Local\RAExpertHistory.xml
[2009/11/30 18:35:27 | 000,000,031 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2009/11/07 15:19:33 | 001,879,620 | ---- | C] () -- C:\Users\Annah\AppData\Local\dd_NET_Framework35_x64_MSI4146.txt
[2009/11/07 15:16:36 | 000,400,252 | ---- | C] () -- C:\Users\Annah\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2009/11/07 15:16:33 | 000,383,610 | ---- | C] () -- C:\Users\Annah\AppData\Local\dd_dotnetfx35install.txt
[2009/11/07 15:16:33 | 000,006,284 | ---- | C] () -- C:\Users\Annah\AppData\Local\uxeventlog.txt
[2009/11/07 15:16:33 | 000,000,002 | ---- | C] () -- C:\Users\Annah\AppData\Local\dd_dotnetfx35error.txt
[2009/10/22 19:32:35 | 000,000,261 | ---- | C] () -- C:\Users\Annah\AppData\Roaming\iPod Access v4 Prefs
[2009/10/22 19:24:51 | 000,000,042 | -H-- | C] () -- C:\Users\Annah\AppData\Roaming\iPodAccessv4_OwnerName
[2009/10/22 19:24:51 | 000,000,042 | -H-- | C] () -- C:\ProgramData\iPodAccessv4_OwnerName
[2009/10/22 19:23:03 | 000,000,011 | -H-- | C] () -- C:\Users\Annah\AppData\Roaming\iPodAccess_Time
[2009/07/27 18:13:50 | 000,008,412 | ---- | C] () -- C:\Users\Annah\AppData\Local\d3d9caps64.dat
[2008/12/04 09:01:27 | 000,713,340 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/11/13 02:02:47 | 000,003,725 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/11/13 01:49:22 | 000,000,680 | ---- | C] () -- C:\Users\Annah\AppData\Local\d3d9caps.dat
[2008/11/13 01:15:02 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2008/11/12 16:22:49 | 000,216,576 | ---- | C] () -- C:\Users\Annah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/11 20:06:40 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2008/11/11 20:06:40 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2008/11/11 19:23:22 | 000,136,101 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/11/11 19:22:28 | 000,136,101 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/11/11 18:36:34 | 000,001,834 | ---- | C] () -- C:\Users\Annah\AppData\Roaming\install.dat
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

========== LOP Check ==========

[2008/12/21 21:16:43 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\acccore
[2008/11/24 12:16:54 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\Acreon
[2009/03/05 00:56:57 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\Amazon
[2009/03/17 00:24:01 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\AMPSoft
[2010/02/25 00:10:37 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\AnvSoft
[2010/08/16 16:19:17 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\Audacity
[2009/11/15 14:11:28 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\com.adobe.kuler.Desktop.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/01/16 00:37:32 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\com.myApp.NetBook.3AC0BB277CD6252F403A34D00E555927230DF2EF.1
[2010/03/21 15:32:47 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\DAEMON Tools Lite
[2009/11/15 16:48:52 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\de.betriebsraum.minitask.MiniTask.59043E270734A37363A375013A0E8B7849399976.1
[2009/11/15 19:40:49 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\de.dasplankton.Contrast-A.5DD45AD90B4BAAE78989E28539AB01CA0764F503.1
[2008/12/04 20:17:40 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\ExportTool
[2009/11/09 20:20:55 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\Extensis
[2010/04/14 22:03:06 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\Facebook
[2010/08/15 21:44:33 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\foobar2000
[2008/12/21 21:16:38 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\LAIM
[2009/11/08 00:11:04 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\Obsidium
[2008/11/13 23:26:02 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\OpenOffice.org
[2010/03/13 21:23:22 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\Personal TaskMaster
[2009/11/08 00:11:04 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\Proxima Software
[2008/11/12 21:53:15 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\ScummVM
[2009/01/01 12:07:53 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\SPORE
[2010/08/21 19:10:39 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\Thunderbird
[2008/11/11 19:02:27 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\tmp
[2008/11/30 11:32:05 | 000,000,000 | ---D | M] -- C:\Users\Annah\AppData\Roaming\uTorrent
[2010/09/13 19:53:33 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:DD4DD9B9
< End of report >


CKScanner - Additional Security Risks - These are not necessarily bad
c:\users\annah\desktop\systemanalyzer\antivirus\crack-u.ide
c:\users\annah\downloads\finale 2006\keygen\keygen.exe
c:\users\annah\downloads\typing_of_the_dead_install\crack\todus.exe
scanner sequence 3.AB.11
----- EOF -----


Windows Validation Check
Version: 1.8.8.3
Log Created On: 2034_15-09-2010
------------------------

Windows Information
-----------------------
Windows Version: Windows Vista Service Pack 2
Windows Mode: Normal


WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates automatically, but ask me when I want to install them.
------------------------------
Last Success Time for Update Detection: 2010-09-15 23:59:29
Last Success Time for Update Download: 2010-09-16 00:20:41
Last Success Time for Update Installation: 2010-09-16 00:24:41


WVCheck's File Dump
-------------------
C:\Users\Annah\AppData\Roaming\Adobe\Acrobat\Preflight Acrobat 8\Preferences\Profiles\RMKOFUAMN99AJ39EKHCCAFOKI3G.kfg
Size: 835 bytes
Matched: *cafo*
------------------------------


WVCheck's Dir Dump
-------------------
WVCheck found no known bad files.


WVCheck's Missing File Check
-------------------
WVCheck found no missing Windows files.


WVCheck's MBAM Quarantine Check
-------------------
There were no bad files quarantined by MBAM.


WVCheck's HOSTS File Check
-------------------
WVCheck found no bad lines in the hosts file.


WVCheck's MD5 Check
EXPERIMENTAL!!
-------------------
user32.dll - d29fdb5dedbdc1bd882164dc6dc4dd53


-------- End of File, program close at 2040_15-09-2010 --------
  • 0

#6
azarl

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Don't worry about rooter, that happens sometimes

» Step1 «
Please download DDS and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.
Please include the contents of the following in your next reply:

DDS.txt

Please attach the second file; Attach.txt.
To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the
    Click To Attach Files button. Click on it.
  • Browse for the attachment file you want to upload, then click on the Open button

++++++++++ oOo +++++++++


» Step 2 «
Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

++++++++++ oOo +++++++++


» Step 3 «
Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#7
lunarnomadd

lunarnomadd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thanks again for all your hard work! The files are pasted or attached below :)


DDS (Ver_10-03-17.01) - NTFSX64
Run by Annah at 18:02:42.22 on Thu 09/16/2010
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4093.2222 [GMT -4:00]

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Symantec Endpoint Protection *enabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\STacSV64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\SigmaTel\C-Major Audio\WDM\sttray64.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Windows\OEM02Mon.exe
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Users\Annah\AppData\Local\Apps\2.0\BOXXJ6J8.KHP\57BH4OME.OWO\curs..tion_eee711038731a406_0004.0000_172b37d8269e5e48\CurseClient.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\mcupdate.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Annah\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.ask.com?o=14986&l=dis
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2081006
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2081006
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files (x86)\java\jre1.6.0_07\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [googletalk] "c:\program files (x86)\google\google talk\googletalk.exe" /autostart
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files (x86)\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0EYTHM] "c:\progra~2\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE"
mRun: [ccApp] "c:\program files (x86)\common files\symantec shared\ccApp.exe"
mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe"
mRun: [OEM02Mon.exe] "c:\windows\OEM02Mon.exe"
StartupFolder: c:\users\annah\appdata\roaming\microsoft\windows\start menu\programs\startup\CurseClientStartup.ccip
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~2\java\jre16~2.0_0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files (x86)\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
Trusted Zone: google.com\docs
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli psqlpwd
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
mRun-x64: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun-x64: [Kernel and Hardware Abstraction Layer] "KHALMNPR.EXE"
mRun-x64: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun-x64: [NVHotkey] "rundll32.exe" c:\windows\system32\nvHotkey.dll,Start
mRun-x64: [SigmatelSysTrayApp] "%ProgramFiles(x86)%\SigmaTel\C-Major Audio\WDM\sttray64.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

================= FIREFOX ===================

FF - ProfilePath - c:\users\annah\appdata\roaming\mozilla\firefox\profiles\3sfys25b.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\program files (x86)\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\users\annah\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2008-10-6 55024]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AESTSr64.exe [2008-11-13 86016]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files (x86)\symantec\symantec endpoint protection\Rtvscan.exe [2009-4-8 2440120]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2008-11-11 3580712]
R3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60a.sys [2008-10-6 219136]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-9-4 132656]
S1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [2008-11-11 22528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1c98e292ce19390;Google Update Service (gupdate1c98e292ce19390);c:\program files (x86)\google\update\GoogleUpdate.exe [2009-2-13 133104]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2008-11-7 40448]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2008-11-11 18216]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework64\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 1020768]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 22528]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2010-9-6 89920]

=============== Created Last 30 ================

2010-09-16 01:27:07 0 d-----w- C:\Rooter$
2010-09-16 00:48:46 0 d-----w- c:\users\annah\appdata\roaming\Webroot
2010-09-16 00:20:41 317952 ----a-w- c:\windows\syswow64\MP4SDECD.DLL
2010-09-16 00:20:41 295424 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-16 00:20:40 273920 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-16 00:20:38 975360 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-16 00:20:38 739328 ----a-w- c:\windows\syswow64\inetcomm.dll
2010-09-16 00:20:27 621568 ----a-w- c:\windows\system32\usp10.dll
2010-09-16 00:20:27 502272 ----a-w- c:\windows\syswow64\usp10.dll
2010-09-13 23:50:33 0 d-----w- C:\_OTL
2010-09-07 02:32:34 0 d-----w- c:\program files (x86)\Trend Micro
2010-09-07 02:30:46 0 d-----w- c:\users\annah\Pavark
2010-09-07 02:10:13 0 ---ha-w- C:\ProgramData.LOG2
2010-09-07 02:10:13 0 ---ha-w- C:\ProgramData.LOG1
2010-09-07 01:24:00 0 d-----w- c:\program files (x86)\MSSOAP
2010-09-07 01:24:00 0 d-----w- c:\program files (x86)\common files\MSSoap
2010-09-07 01:23:27 0 d-----w- c:\program files (x86)\Webroot
2010-09-07 01:19:13 164 ----a-w- c:\windows\install.dat
2010-09-06 18:33:08 0 d-----w- c:\windows\syswow64\vi-VN
2010-09-06 18:33:08 0 d-----w- c:\windows\syswow64\eu-ES
2010-09-06 18:33:08 0 d-----w- c:\windows\syswow64\ca-ES
2010-09-06 18:33:08 0 d-----w- c:\windows\system32\eu-ES
2010-09-06 18:33:08 0 d-----w- c:\windows\system32\ca-ES
2010-09-06 18:33:06 0 d-----w- c:\windows\system32\vi-VN
2010-09-06 17:38:56 0 d-----w- c:\windows\system32\EventProviders
2010-09-06 17:34:59 858112 ----a-w- c:\windows\syswow64\kernel32.dll
2010-09-06 17:33:59 89088 ----a-w- c:\windows\system32\regapi.dll
2010-09-06 16:12:42 442368 ----a-w- c:\windows\system32\winhttp.dll
2010-09-06 16:12:42 377344 ----a-w- c:\windows\syswow64\winhttp.dll
2010-09-06 06:10:46 0 d-----w- c:\windows\syswow64\WindowsPowerShell
2010-09-06 06:03:29 18904 ----a-w- c:\windows\syswow64\StructuredQuerySchemaTrivial.bin
2010-09-06 06:03:29 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2010-09-06 06:03:25 11967524 ----a-w- c:\windows\syswow64\korwbrkr.lex
2010-09-06 06:03:25 11967524 ----a-w- c:\windows\system32\korwbrkr.lex
2010-09-06 05:47:57 2426 ----a-w- c:\windows\syswow64\WsmTxt.xsl
2010-09-06 05:46:54 1927680 ----a-w- c:\windows\system32\gameux.dll
2010-09-06 05:46:54 1696256 ----a-w- c:\windows\syswow64\gameux.dll
2010-09-06 05:46:53 4240384 ----a-w- c:\windows\syswow64\GameUXLegacyGDFs.dll
2010-09-06 05:46:53 32256 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-09-06 05:46:53 28672 ----a-w- c:\windows\syswow64\Apphlpdm.dll
2010-09-06 05:46:52 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-09-06 05:46:01 10626560 ----a-w- c:\windows\syswow64\wmp.dll
2010-09-06 05:46:00 372736 ----a-w- c:\windows\system32\unregmp2.exe
2010-09-06 05:46:00 310784 ----a-w- c:\windows\syswow64\unregmp2.exe
2010-09-06 05:45:52 8147456 ----a-w- c:\windows\syswow64\wmploc.DLL
2010-09-06 05:45:51 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-06 05:43:34 880640 ----a-w- c:\windows\system32\timedate.cpl
2010-09-06 05:43:34 714240 ----a-w- c:\windows\syswow64\timedate.cpl
2010-09-05 22:54:58 32768 ----a-w- c:\windows\system32\nshhttp.dll
2010-09-05 22:54:57 24064 ----a-w- c:\windows\syswow64\nshhttp.dll
2010-09-05 22:54:53 620032 ----a-w- c:\windows\system32\drivers\http.sys
2010-09-05 22:54:53 33792 ----a-w- c:\windows\system32\httpapi.dll
2010-09-05 22:54:53 30720 ----a-w- c:\windows\syswow64\httpapi.dll
2010-09-05 22:48:52 0 d-----w- c:\windows\PCHEALTH
2010-09-05 22:46:13 99176 ----a-w- c:\windows\syswow64\PresentationHostProxy.dll
2010-09-05 22:46:13 49472 ----a-w- c:\windows\syswow64\netfxperf.dll
2010-09-05 22:46:13 48960 ----a-w- c:\windows\system32\netfxperf.dll
2010-09-05 22:46:13 444752 ----a-w- c:\windows\system32\mscoree.dll
2010-09-05 22:46:13 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2010-09-05 22:46:13 297808 ----a-w- c:\windows\syswow64\mscoree.dll
2010-09-05 22:46:13 295264 ----a-w- c:\windows\syswow64\PresentationHost.exe
2010-09-05 22:46:13 1942856 ----a-w- c:\windows\system32\dfshim.dll
2010-09-05 22:46:13 1130824 ----a-w- c:\windows\syswow64\dfshim.dll
2010-09-05 22:46:13 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-09-05 22:32:12 81920 ----a-w- c:\windows\syswow64\iccvid.dll
2010-09-05 22:32:11 50688 ----a-w- c:\windows\system32\rtutils.dll
2010-09-05 22:32:11 36864 ----a-w- c:\windows\syswow64\rtutils.dll
2010-09-05 22:32:08 656896 ----a-w- c:\windows\system32\kerberos.dll
2010-09-05 22:32:07 499712 ----a-w- c:\windows\syswow64\kerberos.dll
2010-09-05 22:31:27 280576 ----a-w- c:\windows\system32\rastls.dll
2010-09-05 22:31:27 243712 ----a-w- c:\windows\syswow64\rastls.dll
2010-09-05 22:29:56 441856 ----a-w- c:\windows\system32\WSDApi.dll
2010-09-05 22:28:11 143360 ----a-w- c:\windows\system32\netiohlp.dll
2010-09-05 22:25:56 2452872 ----a-w- c:\windows\syswow64\ieapfltr.dat
2010-09-05 22:24:52 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-09-05 22:24:52 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-05 22:23:22 218624 ----a-w- c:\windows\system32\wintrust.dll
2010-09-05 22:23:22 172032 ----a-w- c:\windows\syswow64\wintrust.dll
2010-09-05 22:22:41 3547136 ----a-w- c:\windows\system32\mf.dll
2010-09-05 22:22:41 2386944 ----a-w- c:\windows\syswow64\WMVCORE.DLL
2010-09-05 22:22:40 2868224 ----a-w- c:\windows\syswow64\mf.dll
2010-09-05 22:22:38 98816 ----a-w- c:\windows\syswow64\mfps.dll
2010-09-05 22:22:38 60416 ----a-w- c:\windows\system32\rrinstaller.exe
2010-09-05 22:22:38 53248 ----a-w- c:\windows\syswow64\rrinstaller.exe
2010-09-05 22:22:38 34304 ----a-w- c:\windows\system32\mfpmp.exe
2010-09-05 22:22:38 24576 ----a-w- c:\windows\syswow64\mfpmp.exe
2010-09-05 22:22:38 194560 ----a-w- c:\windows\system32\mfps.dll
2010-09-05 22:22:37 2048 ----a-w- c:\windows\syswow64\mferror.dll
2010-09-05 22:22:37 2048 ----a-w- c:\windows\system32\mferror.dll
2010-09-05 22:21:09 368128 ----a-w- c:\windows\system32\wmpdxm.dll
2010-09-05 22:21:09 313344 ----a-w- c:\windows\syswow64\wmpdxm.dll
2010-09-05 22:21:08 9216 ----a-w- c:\windows\system32\spwmp.dll
2010-09-05 22:21:07 7680 ----a-w- c:\windows\syswow64\spwmp.dll
2010-09-05 22:21:07 5120 ----a-w- c:\windows\system32\msdxm.ocx
2010-09-05 22:21:07 5120 ----a-w- c:\windows\system32\dxmasf.dll
2010-09-05 22:21:07 4096 ----a-w- c:\windows\syswow64\msdxm.ocx
2010-09-05 22:21:07 4096 ----a-w- c:\windows\syswow64\dxmasf.dll
2010-09-05 22:21:05 43520 ----a-w- c:\windows\syswow64\msdxm.tlb
2010-09-05 22:21:05 43520 ----a-w- c:\windows\system32\msdxm.tlb
2010-09-05 22:21:05 18432 ----a-w- c:\windows\syswow64\amcompat.tlb
2010-09-05 22:21:05 18432 ----a-w- c:\windows\system32\amcompat.tlb
2010-09-05 22:18:49 343040 ----a-w- c:\windows\system32\schannel.dll
2010-09-05 22:18:49 274944 ----a-w- c:\windows\syswow64\schannel.dll
2010-09-05 22:11:37 615936 ----a-w- c:\windows\system32\wlansvc.dll
2010-09-05 22:11:37 353280 ----a-w- c:\windows\system32\wlanmsm.dll
2010-09-05 22:11:37 2608861 ----a-w- c:\windows\system32\wlan.tmf
2010-09-05 22:11:36 97792 ----a-w- c:\windows\system32\wlanhlp.dll
2010-09-05 22:11:36 86528 ----a-w- c:\windows\system32\wlanapi.dll
2010-09-05 22:11:36 68096 ----a-w- c:\windows\syswow64\wlanhlp.dll
2010-09-05 22:11:36 65024 ----a-w- c:\windows\syswow64\wlanapi.dll
2010-09-05 22:11:36 376832 ----a-w- c:\windows\system32\wlansec.dll
2010-09-05 22:11:36 302592 ----a-w- c:\windows\syswow64\wlansec.dll
2010-09-05 22:11:36 293376 ----a-w- c:\windows\syswow64\wlanmsm.dll
2010-09-05 22:11:36 157184 ----a-w- c:\windows\system32\L2SecHC.dll
2010-09-05 22:11:36 127488 ----a-w- c:\windows\syswow64\L2SecHC.dll
2010-09-05 21:40:36 0 d-----w- c:\users\annah\appdata\roaming\Malwarebytes
2010-09-05 21:40:26 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-05 21:40:26 0 d-----w- c:\programdata\Malwarebytes
2010-09-05 02:05:49 854 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.INF
2010-09-05 02:05:49 172080 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2010-09-05 02:05:49 10583 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.CAT
2010-09-05 02:05:48 0 d-----w- c:\program files\Symantec
2010-09-05 02:04:23 0 d-----w- c:\program files\common files\Symantec Shared
2010-08-28 23:27:59 0 d-----w- c:\programdata\Geek Squad
2010-08-19 02:57:10 0 d-----w- c:\program files (x86)\VideoLAN

==================== Find3M ====================

2010-09-16 22:01:45 136101 ----a-w- c:\programdata\nvModes.dat
2010-09-16 00:27:59 2140 ----a-w- c:\windows\bthservsdp.dat
2010-09-06 18:42:37 51200 ----a-w- c:\windows\inf\infpub.dat
2010-09-06 18:42:37 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-09-06 18:42:37 143360 ----a-w- c:\windows\inf\infstor.dat
2010-09-06 18:33:00 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-09-06 18:06:57 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-09-05 02:41:25 219184 ----a-w- c:\windows\system32\drivers\WpsHelper.sys
2010-09-05 02:03:46 2801 ----a-w- c:\windows\unins000.dat
2010-09-05 02:03:27 685849 ----a-w- c:\windows\unins000.exe
2010-07-26 15:51:48 11584512 ----a-w- c:\windows\syswow64\shell32.dll
2010-06-29 16:03:43 1032192 ----a-w- c:\windows\system32\wininet.dll
2010-06-29 15:47:12 834048 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-29 15:46:59 1176064 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-29 15:44:16 477184 ----a-w- c:\windows\syswow64\mshtmled.dll
2010-06-29 15:44:15 3603456 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-29 15:43:04 6080000 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-29 15:43:04 193024 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-29 15:43:00 380928 ----a-w- c:\windows\syswow64\ieapfltr.dll
2010-06-28 16:52:22 86528 ----a-w- c:\windows\system32\ieencode.dll
2010-06-28 16:13:32 78336 ----a-w- c:\windows\syswow64\ieencode.dll
2010-06-21 14:05:22 2752000 ----a-w- c:\windows\system32\win32k.sys
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-10-06 19:02:26 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-10-06 19:02:26 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-10-06 19:02:26 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2008-10-06 09:16:32 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 18:03:06.17 ===============


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: XPS M1330
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 178):
0x0280B000 \SystemRoot\system32\ntoskrnl.exe
0x02D22000 \SystemRoot\system32\hal.dll
0x0060B000 \SystemRoot\system32\kdcom.dll
0x00615000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00650000 \SystemRoot\system32\PSHED.dll
0x00664000 \SystemRoot\system32\CLFS.SYS
0x006C1000 \SystemRoot\system32\CI.dll
0x0080F000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E9000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00A0C000 \SystemRoot\System32\Drivers\spqy.sys
0x00B32000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x00B3B000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x00B69000 \SystemRoot\system32\drivers\acpi.sys
0x00BBF000 \SystemRoot\system32\drivers\msisadrv.sys
0x00BC9000 \SystemRoot\system32\drivers\pci.sys
0x008F7000 \SystemRoot\System32\drivers\partmgr.sys
0x00BF9000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00A00000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x0090C000 \SystemRoot\system32\drivers\volmgr.sys
0x00920000 \SystemRoot\System32\drivers\volmgrx.sys
0x00986000 \SystemRoot\system32\DRIVERS\intelide.sys
0x0098E000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x0099E000 \SystemRoot\system32\drivers\pciide.sys
0x009A5000 \SystemRoot\System32\drivers\mountmgr.sys
0x00C0D000 \SystemRoot\system32\drivers\iastor.sys
0x00D27000 \SystemRoot\system32\drivers\atapi.sys
0x00D2F000 \SystemRoot\system32\drivers\ataport.SYS
0x00D53000 \SystemRoot\system32\drivers\fltmgr.sys
0x00D9A000 \SystemRoot\system32\drivers\fileinfo.sys
0x00DAE000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x00773000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00E01000 \SystemRoot\system32\drivers\ndis.sys
0x01004000 \SystemRoot\system32\drivers\msrpc.sys
0x01054000 \SystemRoot\system32\drivers\NETIO.SYS
0x0120E000 \SystemRoot\System32\drivers\tcpip.sys
0x01384000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0140C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0158C000 \SystemRoot\system32\drivers\volsnap.sys
0x015D0000 \SystemRoot\System32\Drivers\spldr.sys
0x015D8000 \SystemRoot\System32\Drivers\mup.sys
0x013B0000 \SystemRoot\System32\drivers\ecache.sys
0x015EA000 \SystemRoot\system32\drivers\disk.sys
0x010AD000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x01400000 \SystemRoot\system32\drivers\crcdisk.sys
0x013EA000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x013F6000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x00FC4000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x02402000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x02EFA000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x02EFC000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x02FDD000 \SystemRoot\System32\drivers\watchdog.sys
0x02FED000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x00DBA000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x00FD7000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03209000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03404000 \SystemRoot\system32\DRIVERS\bcmwl664.sys
0x03555000 \SystemRoot\system32\DRIVERS\b57nd60a.sys
0x0358F000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x035A1000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x035B1000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x035D1000 \SystemRoot\system32\DRIVERS\rimmpx64.sys
0x035E5000 \SystemRoot\system32\DRIVERS\rimspx64.sys
0x032F6000 \SystemRoot\system32\DRIVERS\rixdpx64.sys
0x0334D000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x03363000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x035FC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x033B7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x033C3000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x033D1000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x033ED000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x033FA000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x03200000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x03400000 \SystemRoot\system32\DRIVERS\wacomvhid.sys
0x00FE8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x01200000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x035FE000 \SystemRoot\system32\DRIVERS\WacomVKHid.sys
0x011F3000 \SystemRoot\system32\DRIVERS\serscan.sys
0x02FF9000 \SystemRoot\system32\drivers\ksthunk.sys
0x009B8000 \SystemRoot\system32\drivers\ks.sys
0x0360D000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x03646000 \SystemRoot\system32\DRIVERS\storport.sys
0x036A3000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x036B0000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x036D3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x036DF000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03710000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03720000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x0373E000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x03756000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03769000 \SystemRoot\system32\DRIVERS\teefer2.sys
0x037A6000 \SystemRoot\system32\DRIVERS\swenum.sys
0x037A8000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x037B3000 \SystemRoot\system32\DRIVERS\umbus.sys
0x03803000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0384B000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x03856000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys
0x0385E000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x03869000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0387D000 \SystemRoot\system32\drivers\stwrt64.sys
0x038E1000 \SystemRoot\system32\drivers\portcls.sys
0x0391C000 \SystemRoot\system32\drivers\drmk.sys
0x0393F000 \SystemRoot\System32\Drivers\SRTSP64.SYS
0x04401000 \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20100915.022\EX64.SYS
0x045BB000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
0x039B2000 \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20100915.022\ENG64.SYS
0x039D2000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x04805000 \SystemRoot\system32\DRIVERS\OEM02Dev.sys
0x04847000 \SystemRoot\system32\DRIVERS\OEM02Vfx.sys
0x04850000 \SystemRoot\System32\Drivers\tcusb.sys
0x04702000 \SystemRoot\System32\Drivers\SRTSPX64.SYS
0x04716000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x04720000 \SystemRoot\System32\Drivers\Null.SYS
0x04729000 \SystemRoot\System32\drivers\vga.sys
0x04737000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0475C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x04765000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0476E000 \SystemRoot\System32\Drivers\Msfs.SYS
0x04779000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0478A000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x04793000 \SystemRoot\system32\DRIVERS\tdx.sys
0x047B0000 \??\C:\Windows\system32\drivers\wpsdrvnt.sys
0x0499C000 \SystemRoot\System32\DRIVERS\netbt.sys
0x047C2000 \SystemRoot\system32\DRIVERS\smb.sys
0x04C06000 \SystemRoot\system32\drivers\afd.sys
0x04C71000 \SystemRoot\system32\DRIVERS\pacer.sys
0x04C8F000 \SystemRoot\system32\DRIVERS\netbios.sys
0x04C9E000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x04CB9000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04D06000 \SystemRoot\system32\drivers\nsiproxy.sys
0x04D12000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
0x04D88000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x04DAD000 \SystemRoot\System32\Drivers\dfsc.sys
0x04DCA000 \SystemRoot\System32\Drivers\crashdmp.sys
0x010D9000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x00060000 \SystemRoot\System32\win32k.sys
0x04DD8000 \SystemRoot\System32\drivers\Dxapi.sys
0x00430000 \SystemRoot\System32\TSDDD.dll
0x00600000 \SystemRoot\System32\cdd.dll
0x047DD000 \SystemRoot\system32\drivers\luafv.sys
0x008A0000 \SystemRoot\System32\ATMFD.DLL
0x08807000 \SystemRoot\system32\drivers\spsys.sys
0x088A1000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x088B5000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x088E9000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x088F4000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0890C000 \SystemRoot\system32\drivers\HTTP.sys
0x089AF000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x089D8000 \SystemRoot\system32\DRIVERS\bowser.sys
0x049E0000 \SystemRoot\System32\drivers\mpsdrv.sys
0x037C3000 \SystemRoot\system32\drivers\mrxdav.sys
0x09203000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0922C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x09275000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x09294000 \SystemRoot\System32\DRIVERS\srv2.sys
0x092C6000 \SystemRoot\System32\DRIVERS\srv.sys
0x09608000 \SystemRoot\system32\drivers\peauth.sys
0x096BE000 \SystemRoot\System32\Drivers\secdrv.SYS
0x096C9000 \??\C:\Windows\system32\drivers\WpsHelper.sys
0x09703000 \SystemRoot\System32\Drivers\fastfat.SYS
0x09738000 \SystemRoot\System32\drivers\tcpipreg.sys
0x09748000 \SystemRoot\system32\drivers\tdtcp.sys
0x09755000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0x09763000 \SystemRoot\System32\Drivers\RDPWD.SYS
0x0979F000 \SystemRoot\system32\drivers\BCM42RLY.sys
0x097A8000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x097EA000 \SystemRoot\system32\DRIVERS\monitor.sys
0x097C4000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x04600000 \SystemRoot\System32\Drivers\bthport.sys
0x09371000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x097D2000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x093A2000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x093C1000 \SystemRoot\system32\DRIVERS\bthmodem.sys
0x093D3000 \SystemRoot\system32\drivers\modem.sys
0x04862000 \SystemRoot\system32\drivers\btwavdt.sys
0x048CD000 \SystemRoot\system32\drivers\btwaudio.sys
0x097DF000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x093E2000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x779D0000 \Windows\System32\ntdll.dll

Processes (total 77):
0 System Idle Process
4 System
552 C:\Windows\System32\smss.exe
640 csrss.exe
692 csrss.exe
700 C:\Windows\System32\wininit.exe
764 C:\Windows\System32\winlogon.exe
788 C:\Windows\System32\services.exe
804 C:\Windows\System32\lsass.exe
812 C:\Windows\System32\lsm.exe
964 C:\Windows\System32\svchost.exe
1008 C:\Windows\System32\nvvsvc.exe
228 C:\Windows\System32\svchost.exe
648 C:\Windows\System32\svchost.exe
952 C:\Windows\System32\svchost.exe
1020 C:\Windows\System32\svchost.exe
1084 C:\Windows\System32\audiodg.exe
1124 C:\Windows\System32\SLsvc.exe
1176 C:\Windows\System32\svchost.exe
1208 C:\Windows\System32\nvvsvc.exe
1368 C:\Windows\System32\wisptis.exe
1420 C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
1448 C:\Windows\System32\svchost.exe
1596 C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
1604 C:\Windows\System32\wlanext.exe
1736 C:\Windows\System32\WLTRYSVC.EXE
1796 C:\Windows\System32\BCMWLTRY.EXE
1888 C:\Windows\System32\spoolsv.exe
1912 C:\Windows\System32\svchost.exe
236 C:\Windows\System32\AESTSr64.exe
1960 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1996 C:\Windows\System32\svchost.exe
2244 C:\Windows\SysWOW64\svchost.exe
2432 C:\Windows\System32\svchost.exe
2484 C:\Windows\System32\stacsv64.exe
2608 C:\Windows\System32\svchost.exe
2672 C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
2788 C:\Windows\System32\Wacom_Tablet.exe
2820 C:\Windows\System32\svchost.exe
2848 C:\Windows\System32\SearchIndexer.exe
2560 C:\Windows\System32\taskeng.exe
3704 C:\Windows\System32\svchost.exe
4088 C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
3924 C:\Windows\System32\taskeng.exe
3992 C:\Windows\System32\wisptis.exe
2776 C:\Windows\System32\dwm.exe
3164 C:\Windows\explorer.exe
3116 C:\Windows\System32\WTablet\Wacom_TabletUser.exe
2424 C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
892 C:\Windows\System32\Wacom_Tablet.exe
2300 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3384 C:\Windows\System32\rundll32.exe
1096 C:\Program Files (x86)\SigmaTel\C-Major Audio\WDM\sttray64.exe
1668 C:\Windows\ehome\ehtray.exe
2700 C:\Program Files\Logitech\SetPoint\SetPoint.exe
3136 C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
3580 C:\Windows\ehome\ehmsas.exe
808 C:\Program Files (x86)\Google\Google Talk\googletalk.exe
416 C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
684 C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
3756 C:\Windows\OEM02Mon.exe
4356 C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
5100 C:\Users\Annah\AppData\Local\Apps\2.0\BOXXJ6J8.KHP\57BH4OME.OWO\curs..tion_eee711038731a406_0004.0000_172b37d8269e5e48\CurseClient.exe
3220 C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
1172 C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
4624 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
6360 C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE
5796 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
5720 taskeng.exe
2444 taskeng.exe
2148 WmiPrvSE.exe
1144 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
6004 C:\Windows\System32\SearchProtocolHost.exe
1220 C:\Windows\System32\VSSVC.exe
2212 C:\Windows\System32\svchost.exe
6480 C:\Windows\System32\SearchFilterHost.exe
3864 C:\Users\Annah\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`85f00000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`05f00000 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-75ZCT2, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!


2010/09/16 18:07:05.0807 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
2010/09/16 18:07:05.0807 ================================================================================
2010/09/16 18:07:05.0807 SystemInfo:
2010/09/16 18:07:05.0807
2010/09/16 18:07:05.0807 OS Version: 6.0.6002 ServicePack: 2.0
2010/09/16 18:07:05.0807 Product type: Workstation
2010/09/16 18:07:05.0807 ComputerName: SIMON
2010/09/16 18:07:05.0807 UserName: Annah
2010/09/16 18:07:05.0807 Windows directory: C:\Windows
2010/09/16 18:07:05.0807 System windows directory: C:\Windows
2010/09/16 18:07:05.0807 Running under WOW64
2010/09/16 18:07:05.0807 Processor architecture: Intel x64
2010/09/16 18:07:05.0807 Number of processors: 2
2010/09/16 18:07:05.0807 Page size: 0x1000
2010/09/16 18:07:05.0807 Boot type: Normal boot
2010/09/16 18:07:05.0807 ================================================================================
2010/09/16 18:07:05.0807 Utility is running under WOW64
2010/09/16 18:07:06.0150 Initialize success
2010/09/16 18:07:09.0114 ================================================================================
2010/09/16 18:07:09.0114 Scan started
2010/09/16 18:07:09.0114 Mode: Manual;
2010/09/16 18:07:09.0114 ================================================================================
2010/09/16 18:07:09.0629 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
2010/09/16 18:07:09.0769 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2010/09/16 18:07:09.0831 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2010/09/16 18:07:09.0847 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2010/09/16 18:07:09.0878 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2010/09/16 18:07:10.0019 AFD (12415ccfd3e7cec55b5184e67b039fe4) C:\Windows\system32\drivers\afd.sys
2010/09/16 18:07:10.0065 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2010/09/16 18:07:10.0143 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2010/09/16 18:07:10.0190 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
2010/09/16 18:07:10.0221 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2010/09/16 18:07:10.0268 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
2010/09/16 18:07:10.0409 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2010/09/16 18:07:10.0455 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2010/09/16 18:07:10.0549 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/09/16 18:07:10.0596 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
2010/09/16 18:07:10.0721 b57nd60a (635868361f9878ea65ab417628f834ef) C:\Windows\system32\DRIVERS\b57nd60a.sys
2010/09/16 18:07:10.0783 BCM42RLY (a0cedcc19b4aa90d40eb18dc55b7c96a) C:\Windows\system32\drivers\BCM42RLY.sys
2010/09/16 18:07:10.0908 BCM43XX (b76505d76984d935214e118753bdb2cb) C:\Windows\system32\DRIVERS\bcmwl664.sys
2010/09/16 18:07:11.0079 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2010/09/16 18:07:11.0189 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys
2010/09/16 18:07:11.0235 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2010/09/16 18:07:11.0267 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2010/09/16 18:07:11.0360 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2010/09/16 18:07:11.0391 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2010/09/16 18:07:11.0407 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2010/09/16 18:07:11.0423 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2010/09/16 18:07:11.0501 BthEnum (09f926a0d9c0bafd8417a4307d2ed13c) C:\Windows\system32\DRIVERS\BthEnum.sys
2010/09/16 18:07:11.0547 BTHMODEM (72f70a38bb15252eb7c4da7ba3bd4ed1) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/09/16 18:07:11.0641 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys
2010/09/16 18:07:11.0719 BTHPORT (2ff122eeb3a712feda238fb331f738b9) C:\Windows\system32\Drivers\BTHport.sys
2010/09/16 18:07:11.0844 BTHUSB (2b668e7c1616c0e931714272934c678b) C:\Windows\system32\Drivers\BTHUSB.sys
2010/09/16 18:07:11.0906 btwaudio (3f9e2fa99c1604ba4d099116c49d2be9) C:\Windows\system32\drivers\btwaudio.sys
2010/09/16 18:07:12.0000 btwavdt (5cff0f47e1372445f7d6cda161ca8269) C:\Windows\system32\drivers\btwavdt.sys
2010/09/16 18:07:12.0015 btwrchid (65864e5020e608bfba6729c11e4ee9e9) C:\Windows\system32\DRIVERS\btwrchid.sys
2010/09/16 18:07:12.0078 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2010/09/16 18:07:12.0156 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
2010/09/16 18:07:12.0203 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
2010/09/16 18:07:12.0312 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
2010/09/16 18:07:12.0499 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/09/16 18:07:12.0546 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2010/09/16 18:07:12.0577 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
2010/09/16 18:07:12.0593 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2010/09/16 18:07:12.0702 DfsC (36cd31121f228e7e79bae60aa45764c6) C:\Windows\system32\Drivers\dfsc.sys
2010/09/16 18:07:12.0764 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
2010/09/16 18:07:12.0858 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
2010/09/16 18:07:12.0873 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2010/09/16 18:07:12.0920 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
2010/09/16 18:07:12.0967 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2010/09/16 18:07:13.0045 DXGKrnl (e828cdca431d1f98d33501dfc390079a) C:\Windows\System32\drivers\dxgkrnl.sys
2010/09/16 18:07:13.0123 e1express (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
2010/09/16 18:07:13.0170 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2010/09/16 18:07:13.0248 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
2010/09/16 18:07:13.0419 eeCtrl (066108ae4c35835081598827a1a7d08d) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
2010/09/16 18:07:13.0544 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2010/09/16 18:07:13.0716 EraserUtilRebootDrv (12866876e3851f1e5d462b2a83e25578) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/09/16 18:07:13.0841 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
2010/09/16 18:07:14.0043 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
2010/09/16 18:07:14.0137 fanio (e80421eaf15298955eadb850293fd6b1) C:\Windows\system32\drivers\fanio.sys
2010/09/16 18:07:14.0215 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
2010/09/16 18:07:14.0262 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2010/09/16 18:07:14.0277 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2010/09/16 18:07:14.0309 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2010/09/16 18:07:14.0324 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/09/16 18:07:14.0371 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
2010/09/16 18:07:14.0402 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2010/09/16 18:07:14.0433 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2010/09/16 18:07:14.0480 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/09/16 18:07:14.0574 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
2010/09/16 18:07:14.0652 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/09/16 18:07:14.0699 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2010/09/16 18:07:14.0730 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
2010/09/16 18:07:14.0792 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
2010/09/16 18:07:14.0839 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2010/09/16 18:07:14.0933 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
2010/09/16 18:07:14.0995 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2010/09/16 18:07:15.0026 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/09/16 18:07:15.0073 iaStor (fc28e90f2204d8fd147fa9bfa8a51c01) C:\Windows\system32\drivers\iastor.sys
2010/09/16 18:07:15.0120 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2010/09/16 18:07:15.0151 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2010/09/16 18:07:15.0198 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\DRIVERS\intelide.sys
2010/09/16 18:07:15.0245 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2010/09/16 18:07:15.0291 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/09/16 18:07:15.0354 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2010/09/16 18:07:15.0385 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2010/09/16 18:07:15.0416 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2010/09/16 18:07:15.0463 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2010/09/16 18:07:15.0525 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/09/16 18:07:15.0572 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2010/09/16 18:07:15.0603 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2010/09/16 18:07:15.0619 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/09/16 18:07:15.0681 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/09/16 18:07:15.0744 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
2010/09/16 18:07:15.0791 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2010/09/16 18:07:15.0869 LHidFilt (2ab5199d61f6c2bbdcaf21acb9276845) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2010/09/16 18:07:15.0978 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2010/09/16 18:07:16.0009 LMouFilt (ed2fd8bbd73478cce7c707fb8103cb56) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2010/09/16 18:07:16.0040 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2010/09/16 18:07:16.0071 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2010/09/16 18:07:16.0103 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2010/09/16 18:07:16.0118 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2010/09/16 18:07:16.0165 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2010/09/16 18:07:16.0212 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2010/09/16 18:07:16.0259 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2010/09/16 18:07:16.0305 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2010/09/16 18:07:16.0352 motmodem (940f4da752e28e6c4b1090d21aeb7b80) C:\Windows\system32\DRIVERS\motmodem.sys
2010/09/16 18:07:16.0383 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2010/09/16 18:07:16.0415 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2010/09/16 18:07:16.0430 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2010/09/16 18:07:16.0477 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2010/09/16 18:07:16.0508 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2010/09/16 18:07:16.0539 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2010/09/16 18:07:16.0586 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
2010/09/16 18:07:16.0633 mrxsmb (d58d129e26705e83a4deba7177eb7972) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/09/16 18:07:16.0664 mrxsmb10 (d5be5c14e0f1dc489f5bb2a67983f630) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/09/16 18:07:16.0711 mrxsmb20 (09a2990c3b293c212816c9bc0d7c200e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/09/16 18:07:16.0773 msahci (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys
2010/09/16 18:07:16.0805 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2010/09/16 18:07:16.0883 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2010/09/16 18:07:16.0914 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2010/09/16 18:07:16.0992 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2010/09/16 18:07:17.0054 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/09/16 18:07:17.0085 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2010/09/16 18:07:17.0132 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
2010/09/16 18:07:17.0163 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/09/16 18:07:17.0179 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2010/09/16 18:07:17.0210 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
2010/09/16 18:07:17.0288 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
2010/09/16 18:07:17.0413 NAVENG (a507b7d1c5f957a1aab98794eb377654) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20100915.022\ENG64.SYS
2010/09/16 18:07:17.0491 NAVEX15 (0d7d6c0fd46f12780c3bab6af891ede3) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20100915.022\EX64.SYS
2010/09/16 18:07:17.0663 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
2010/09/16 18:07:17.0756 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/09/16 18:07:17.0819 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/09/16 18:07:17.0897 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/09/16 18:07:17.0912 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2010/09/16 18:07:17.0990 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2010/09/16 18:07:18.0037 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
2010/09/16 18:07:18.0084 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2010/09/16 18:07:18.0146 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
2010/09/16 18:07:18.0193 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2010/09/16 18:07:18.0287 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
2010/09/16 18:07:18.0333 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2010/09/16 18:07:18.0630 nvlddmkm (1ddbd3ea0967f135086aad9e4aed9af1) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/09/16 18:07:18.0817 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2010/09/16 18:07:18.0848 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2010/09/16 18:07:18.0864 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2010/09/16 18:07:18.0942 OEM02Dev (44a9473d72983dd484b4f1bf0d946571) C:\Windows\system32\DRIVERS\OEM02Dev.sys
2010/09/16 18:07:18.0973 OEM02Vfx (766f689564bc30e5a91f8621ce65ad68) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
2010/09/16 18:07:19.0020 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/09/16 18:07:19.0082 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2010/09/16 18:07:19.0113 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
2010/09/16 18:07:19.0160 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
2010/09/16 18:07:19.0176 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
2010/09/16 18:07:19.0207 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2010/09/16 18:07:19.0254 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2010/09/16 18:07:19.0379 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
2010/09/16 18:07:19.0410 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
2010/09/16 18:07:19.0472 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
2010/09/16 18:07:19.0503 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
2010/09/16 18:07:19.0566 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2010/09/16 18:07:19.0628 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2010/09/16 18:07:19.0659 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2010/09/16 18:07:19.0753 R300 (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/09/16 18:07:19.0831 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2010/09/16 18:07:19.0909 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/09/16 18:07:19.0971 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/09/16 18:07:20.0018 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
2010/09/16 18:07:20.0065 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
2010/09/16 18:07:20.0096 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/09/16 18:07:20.0127 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
2010/09/16 18:07:20.0143 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2010/09/16 18:07:20.0174 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
2010/09/16 18:07:20.0252 RFCOMM (cd71e053d7260e4102d99a28f9196070) C:\Windows\system32\DRIVERS\rfcomm.sys
2010/09/16 18:07:20.0315 rimmptsk (e31960692cbb3a8bcdf300bc1d889e1f) C:\Windows\system32\DRIVERS\rimmpx64.sys
2010/09/16 18:07:20.0346 rimsptsk (82356915157ab59064a24993ae5be8aa) C:\Windows\system32\DRIVERS\rimspx64.sys
2010/09/16 18:07:20.0361 rismxdp (c01a92a546854a3e34103b642f0f94a1) C:\Windows\system32\DRIVERS\rixdpx64.sys
2010/09/16 18:07:20.0424 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2010/09/16 18:07:20.0455 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2010/09/16 18:07:20.0517 sdbus (be100bc2be2513314c717bb2c4cfff10) C:\Windows\system32\DRIVERS\sdbus.sys
2010/09/16 18:07:20.0549 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2010/09/16 18:07:20.0580 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
2010/09/16 18:07:20.0611 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
2010/09/16 18:07:20.0642 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2010/09/16 18:07:20.0705 sffdisk (3a19c899bcf0ea24cfec2038e6a489db) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/09/16 18:07:20.0736 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2010/09/16 18:07:20.0751 sffp_sd (fdca63a2eee528585eb66ceac183ec22) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/09/16 18:07:20.0783 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2010/09/16 18:07:20.0814 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2010/09/16 18:07:20.0845 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2010/09/16 18:07:20.0907 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
2010/09/16 18:07:20.0985 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
2010/09/16 18:07:21.0079 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
2010/09/16 18:07:21.0079 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2010/09/16 18:07:21.0095 sptd - detected Locked file (1)
2010/09/16 18:07:21.0126 SRTSP (569f8d9768a00ab9a5166997c88efe42) C:\Windows\system32\Drivers\SRTSP64.SYS
2010/09/16 18:07:21.0188 SRTSPL (fb283ae148cc4c5a4954daefbb9dfff0) C:\Windows\system32\Drivers\SRTSPL64.SYS
2010/09/16 18:07:21.0251 SRTSPX (c9eca0a26cebade5134ba01fd8ef86a6) C:\Windows\system32\Drivers\SRTSPX64.SYS
2010/09/16 18:07:21.0313 srv (cb5bd298e62aed1b4af3cc44811a30a5) C:\Windows\system32\DRIVERS\srv.sys
2010/09/16 18:07:21.0375 srv2 (26cd9130775c59439b77ece2f6df9c4c) C:\Windows\system32\DRIVERS\srv2.sys
2010/09/16 18:07:21.0438 srvnet (54f34ef396760ec51abf85e12cc72acf) C:\Windows\system32\DRIVERS\srvnet.sys
2010/09/16 18:07:21.0500 STHDA (5467347266cf34c157341670e8d64e7f) C:\Windows\system32\drivers\stwrt64.sys
2010/09/16 18:07:21.0563 StillCam (14b4db4381e4a55f570d8bb699b791d6) C:\Windows\system32\DRIVERS\serscan.sys
2010/09/16 18:07:21.0609 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2010/09/16 18:07:21.0641 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2010/09/16 18:07:21.0719 SymEvent (70c8d165063eb76f1a373b74456d2aab) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2010/09/16 18:07:21.0750 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2010/09/16 18:07:21.0781 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2010/09/16 18:07:21.0828 SynTP (b2a7d0790246e6fcdbdd256c4fcc4975) C:\Windows\system32\DRIVERS\SynTP.sys
2010/09/16 18:07:21.0921 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys
2010/09/16 18:07:21.0999 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys
2010/09/16 18:07:22.0062 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
2010/09/16 18:07:22.0093 TcUsb (c050f120451b08fbf79588f66bf51ccd) C:\Windows\system32\Drivers\tcusb.sys
2010/09/16 18:07:22.0124 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2010/09/16 18:07:22.0155 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2010/09/16 18:07:22.0187 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
2010/09/16 18:07:22.0233 Teefer2 (2972339537c65766fadc48a476465acd) C:\Windows\system32\DRIVERS\teefer2.sys
2010/09/16 18:07:22.0280 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
2010/09/16 18:07:22.0327 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/09/16 18:07:22.0374 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2010/09/16 18:07:22.0421 tunnel (f6a4fba7c03ac2efd00f3301c0c1e067) C:\Windows\system32\DRIVERS\tunnel.sys
2010/09/16 18:07:22.0436 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2010/09/16 18:07:22.0483 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
2010/09/16 18:07:22.0530 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2010/09/16 18:07:22.0561 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2010/09/16 18:07:22.0592 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2010/09/16 18:07:22.0623 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2010/09/16 18:07:22.0670 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2010/09/16 18:07:22.0717 USBAAPL64 (e1da5e7233ca28371506f112b6dc16e2) C:\Windows\system32\Drivers\usbaapl64.sys
2010/09/16 18:07:22.0764 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
2010/09/16 18:07:22.0826 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/09/16 18:07:22.0857 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2010/09/16 18:07:22.0904 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
2010/09/16 18:07:22.0951 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
2010/09/16 18:07:22.0982 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
2010/09/16 18:07:23.0013 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
2010/09/16 18:07:23.0060 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
2010/09/16 18:07:23.0091 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/09/16 18:07:23.0169 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/09/16 18:07:23.0216 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/09/16 18:07:23.0279 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2010/09/16 18:07:23.0310 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2010/09/16 18:07:23.0357 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
2010/09/16 18:07:23.0419 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
2010/09/16 18:07:23.0481 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
2010/09/16 18:07:23.0513 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2010/09/16 18:07:23.0606 wacmoumonitor (f39fc224758290a3193c68c091e6f11a) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
2010/09/16 18:07:23.0700 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
2010/09/16 18:07:23.0731 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2010/09/16 18:07:23.0778 wacomvhid (bb9d431c8d025ba13e60adddcff04f1a) C:\Windows\system32\DRIVERS\wacomvhid.sys
2010/09/16 18:07:23.0793 WacomVKHid (8b4255329edfba3ecfbd0714476fad38) C:\Windows\system32\DRIVERS\WacomVKHid.sys
2010/09/16 18:07:23.0840 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/16 18:07:23.0871 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/16 18:07:23.0903 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2010/09/16 18:07:23.0965 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2010/09/16 18:07:24.0059 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/09/16 18:07:24.0137 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/09/16 18:07:24.0183 WPS (f830405dc28b458b7e03e55bf5822d28) C:\Windows\system32\drivers\wpsdrvnt.sys
2010/09/16 18:07:24.0215 WpsHelper (fefa63f9fcf84ec5c9c4f80ce902ea60) C:\Windows\system32\drivers\WpsHelper.sys
2010/09/16 18:07:24.0246 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2010/09/16 18:07:24.0277 WSDPrintDevice (de5f5212ab34221dd1618b5fefe8db6c) C:\Windows\system32\DRIVERS\WSDPrint.sys
2010/09/16 18:07:24.0355 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/09/16 18:07:24.0417 ================================================================================
2010/09/16 18:07:24.0417 Scan finished
2010/09/16 18:07:24.0417 ================================================================================
2010/09/16 18:07:24.0433 Detected object count: 1
2010/09/16 18:07:48.0239 Locked file(sptd) - User select action: Skip

Attached Files


  • 0

#8
azarl

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Looking OK so far.

» Step 1 «
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Processes 
    
    :Services
    
    :OTL
    O4 - HKLM..\Run: [] File not found
    O4:64bit: - HKLM..\Run: [SigmatelSysTrayApp] File not found
    
    :Commands
    [purity]
    [emptytemp]
    [CREATERESTOREPOINT] 
    [Reboot]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the log it produces in your next reply.

» Step 2 «
Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

» Step 3 «
Kaspersky WebScanner
Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA technology to perform the scan. If you do not have the latest JAVA version, follow the instructions below under Upgrading Java, to download and install the latest vision.

Upgrading Java
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 21.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u21-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u21-windows-i586-p.exe and select "Run as an Administrator.")
Running Kaspersky WebScanner
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Diallers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

  • 0

#9
lunarnomadd

lunarnomadd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hey Azarl, here are the scan results :)

All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SigmatelSysTrayApp deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Annah
->Temp folder emptied: 74257 bytes
->Temporary Internet Files folder emptied: 305997 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 50107657 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 779 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Sarah
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 39909 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 175377 bytes

Total Files Cleaned = 48.00 mb

Error creating restore point.

OTL by OldTimer - Version 3.2.12.0 log created on 09182010_133407

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4646

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

9/18/2010 1:47:29 PM
mbam-log-2010-09-18 (13-47-29).txt

Scan type: Quick scan
Objects scanned: 152875
Time elapsed: 5 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, September 18, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 64-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, September 18, 2010 13:32:12
Records in database: 4220602
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 272434
Threats found: 1
Infected objects found: 0
Suspicious objects found: 1
Scan duration: 04:00:15


File name / Threat / Threats count
C:\Users\Annah\AppData\Roaming\Thunderbird\Profiles\8bfe9wxz.default\ImapMail\imap.gmail.com\INBOX Suspicious: Trojan-Spy.HTML.Fraud.gen 1

Selected area has been scanned.

Thanks again so much!
  • 0

#10
azarl

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
It's a mail item in your inbox - it's only a threat if you open it. We'll try BitDefender, that should clean it

Please run a BitDefender Online Scan
Vista or Windows 7
  • Right-click on Internet Explorer and select Run as Administrator
  • Navigate to http://www.bitdefend...nline/free.html - you must copy and paste this link into the IE window you just opened, clicking on it won't work

  • Click the green Start Scanner button
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.

  • 0

Advertisements


#11
lunarnomadd

lunarnomadd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hey Azarl, thanks for your continued help. Here is the result of the BitDefender:

BitDefender Online Scanner - Real Time Virus Report

Generated at: Sun, Sep 19, 2010 - 13:15:47

Scan Info
Scanned Files
766465
Infected Files
0
Virus Detected
No virus found.
This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.
  • 0

#12
azarl

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Hi lunarnomadd

One of your emails in your Thunderbird inbox appears to have this trojan. Neither Kaspersky or Bitdefender seems to be able to remove it . I can only suggest you transfer some of your emails at a time to a different email folder and rescan. This way you can track it down and delete it. It will almost certainly have an attachment
  • 0

#13
lunarnomadd

lunarnomadd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thanks so much for your hard work, Azarl.

So, question. If this is in an email, does that mean that while the computer is infected, the virus isn't actually active? It is just sitting in an email attachment somewhere, and a deletion of the email would rid the infection?
  • 0

#14
azarl

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts

Thanks so much for your hard work, Azarl.

So, question. If this is in an email, does that mean that while the computer is infected, the virus isn't actually active? It is just sitting in an email attachment somewhere, and a deletion of the email would rid the infection?


Your computer is not actually infected, the trojan is dormant. Remove the email and the threat is gone
  • 0

#15
lunarnomadd

lunarnomadd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi Azarl,
I'm sorry to bump this thread, but here's what occurred. I deleted the contents of the inbox on the computer and removed the email client. I reran Kapersky and it showed no further infection, so it looks like I successful removed the trojan that it had found.
However, I then reran the bestbuy system analyzer that they kept on my machine and it still found the trojan-phisher-snifula (I've attached the results of that scan in html format). I also ran Spy Sweeper (now called Webroot Antivirus with Spy Sweeper) and it also still picks up the Trojan-phisher-snifula. It lists the path of the virus as:

Trojan-phisher-snifula
HKU\S-1-5-21-3494594848-3579487786-3683612834-1000\software\microsoft\inetdata

It doesn't give a printable report, or I would post that as well. Either way, it looks like I'm still infected with the trojan that was initially detected, but it has eluded all of the scans we've done so far.



P.S. The reason that I'm posting the bestbuy scan reports is that my goal is to take this computer in for warranty servicing on an overheating gpu. The problem is, as soon as they see the virus, they refuse to look at anything else on the machine. So, I'm trying to get this trojan off the machine, even though it's likely unrelated, just so they'll respect my warranty.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP