Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows Vista Recovery Trojan


  • Please log in to reply

#1
opihi

opihi

    New Member

  • Member
  • Pip
  • 7 posts
Hi, somehow I have gotten another virus. A scan started and said I was infected. The title was "Windows Vista Recovery". Also all my files are missing or hidden, all I have is internet explorer on my desktop. I have no earlier restore points. I'm currently in safe mode.

I have ran OTL and malwarebytes on the computer. These are my logs. I would greatly appreciate any help.


OTL LOG:

OTL logfile created on: 5/24/2011 9:58:10 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = F:\
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 2.80 Gb Available Physical Memory | 71.79% Memory free
7.98 Gb Paging File | 6.82 Gb Available in Paging File | 85.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.62 Gb Total Space | 155.60 Gb Free Space | 54.48% Space Free | Partition Type: NTFS
Drive D: | 12.47 Gb Total Space | 1.97 Gb Free Space | 15.84% Space Free | Partition Type: NTFS
Drive F: | 14.92 Gb Total Space | 12.74 Gb Free Space | 85.38% Space Free | Partition Type: FAT32
Drive G: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/24 21:49:18 | 000,580,096 | ---- | M] (OldTimer Tools) -- F:\OTL.scr
PRC - [2011/05/24 21:47:32 | 000,746,899 | ---- | M] (maliprog @ Geekstogo) -- F:\explorer.exe
PRC - [2011/03/09 22:49:22 | 000,350,064 | ---- | M] (Microsoft Corporation) -- c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\Silverlight.Configuration.exe
PRC - [2010/02/02 22:35:08 | 001,009,032 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\16.8.0.41\CLTLMH.EXE
PRC - [2009/08/21 20:37:15 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
PRC - [2009/04/22 19:53:22 | 000,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2009/04/22 19:53:22 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2008/09/23 09:18:52 | 000,365,904 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2008/01/20 16:48:06 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2006/11/01 23:44:50 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\attrib.exe


========== Modules (SafeList) ==========

MOD - [2011/05/24 21:49:18 | 000,580,096 | ---- | M] (OldTimer Tools) -- F:\OTL.scr
MOD - [2010/08/31 05:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/09/11 01:53:00 | 000,279,040 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/06/27 05:53:06 | 000,089,088 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/03/18 14:25:40 | 000,023,040 | ---- | M] (Hewlett-Packard Corporation) [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2008/01/20 16:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/11 10:11:30 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/21 20:37:15 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe -- (Norton AntiVirus)
SRV - [2009/04/22 19:53:22 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2009/04/22 19:53:22 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
SRV - [2009/03/29 18:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/23 09:18:52 | 000,365,904 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2006/12/15 04:01:00 | 000,126,464 | -H-- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/02 22:35:08 | 000,583,296 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NAVx64\1008000.029\ccHPx64.sys -- (ccHP)
DRV:64bit: - [2009/09/30 14:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/08/21 20:37:16 | 000,476,720 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NAVx64\1008000.029\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2009/08/21 20:37:16 | 000,402,992 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2009/08/21 20:37:16 | 000,334,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NAVx64\1008000.029\BHDrvx64.sys -- (BHDrvx64)
DRV:64bit: - [2009/08/21 20:37:16 | 000,278,576 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NAVx64\1008000.029\SYMTDI.SYS -- (SYMTDI)
DRV:64bit: - [2009/08/21 20:37:16 | 000,120,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NAVx64\1008000.029\SYMFW.SYS -- (SYMFW)
DRV:64bit: - [2009/08/21 20:37:16 | 000,056,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NAVx64\1008000.029\SYMNDISV.SYS -- (SYMNDISV)
DRV:64bit: - [2009/08/21 20:37:16 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2009/08/19 23:36:14 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2009/08/18 08:59:44 | 000,031,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\SymIMv.sys -- (SymIM)
DRV:64bit: - [2009/03/06 06:06:18 | 000,197,120 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/03/03 22:19:04 | 001,522,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008/09/19 15:43:58 | 000,068,096 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/09/11 01:54:44 | 000,465,408 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/09/04 07:48:00 | 000,064,000 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/07/14 22:20:42 | 000,126,464 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2008/06/19 15:37:42 | 000,325,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/03/27 10:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008/03/27 10:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2008/02/29 13:59:32 | 001,252,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/20 16:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64) Intel®
DRV:64bit: - [2008/01/20 16:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/06/18 14:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2006/10/03 15:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2006/09/18 11:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2010/04/11 01:27:24 | 001,742,896 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100411.005\ex64.sys -- (NAVEX15)
DRV - [2010/04/11 01:27:24 | 000,116,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100411.005\eng64.sys -- (NAVENG)
DRV - [2009/10/28 12:37:21 | 000,466,992 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100402.001\IDSviA64.sys -- (IDSVia64)
DRV - [2009/08/25 22:00:00 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2008/09/26 00:36:34 | 000,027,632 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\..\URLSearchHook: {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files (x86)\TorrentMan\tbTorr.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...m/home?AF=15627
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files (x86)\TorrentMan\tbTorr.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://search.babylo...earch&AF=15627"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co...en-US:official"
FF - prefs.js..extensions.enabledItems: [email protected]:3.12.1.16460
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.5
FF - prefs.js..extensions.enabledItems: {BCF767FF-5800-4997-93F9-64A503F57ADB}:1.9.1
FF - prefs.js..keyword.URL: "http://websearch.ask...=YYYYYYYYUS&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/10/18 13:46:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.15\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/02/18 20:26:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.15\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/29 16:30:10 | 000,000,000 | ---D | M]

[2009/04/25 11:33:15 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2011/05/19 12:03:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\k9g1w1i6.default\extensions
[2011/05/19 13:04:03 | 000,000,000 | -H-D | M] (Babylon) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\k9g1w1i6.default\extensions\[email protected]
[2011/05/19 13:04:03 | 000,000,000 | -H-D | M] (Personas) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\k9g1w1i6.default\extensions\[email protected]
[2011/05/19 13:04:04 | 000,000,000 | -H-D | M] (Ask Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\k9g1w1i6.default\extensions\[email protected]
[2011/05/19 11:38:30 | 000,002,569 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\k9g1w1i6.default\searchplugins\askcom.xml
[2011/05/24 12:16:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/05/24 12:16:33 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\IPSFFPLGN
[2011/05/19 11:46:36 | 000,000,000 | -H-D | M] (XULRunner) -- C:\USERS\OWNER\APPDATA\LOCAL\{BCF767FF-5800-4997-93F9-64A503F57ADB}
[2010/11/11 19:14:03 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

O1 HOSTS File: ([2006/09/18 11:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.15.10\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (TorrentMan Toolbar) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files (x86)\TorrentMan\tbTorr.dll (Conduit Ltd.)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (TorrentMan Toolbar) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files (x86)\TorrentMan\tbTorr.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (TorrentMan Toolbar) - {7C5C0F58-E061-457D-9033-77307F5ED00C} - C:\Program Files (x86)\TorrentMan\tbTorr.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [Babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)
O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarsrv.exe (Babylon Ltd.)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [EPSON Stylus CX4800 Series] File not found
O4 - HKCU..\Run: [Erogokowucaf] C:\Users\Owner\AppData\Local\vd181010.dll (CyberLink Corp.)
O4 - HKCU..\Run: [ieswqMPFEaliD] C:\ProgramData\ieswqMPFEaliD.exe (QNP)
O4 - HKCU..\Run: [Lmodacosuw] C:\Users\Owner\AppData\Local\udasiqaquz.dll (Silicon Integrated Systems Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O8:64bit: - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8:64bit: - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (maliprog @ Geekstogo)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (maliprog @ Geekstogo)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/06 02:26:23 | 000,000,309 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{eaff844e-86a3-11e0-8d1c-00238b859685}\Shell - "" = AutoRun
O33 - MountPoints2\{eaff844e-86a3-11e0-8d1c-00238b859685}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- [2007/10/22 21:45:39 | 001,336,632 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/05/19 11:53:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery
[2011/05/19 11:46:36 | 000,000,000 | -H-D | C] -- C:\Users\Owner\AppData\Local\{BCF767FF-5800-4997-93F9-64A503F57ADB}
[2011/05/19 11:44:06 | 000,431,104 | -H-- | C] (QNP) -- C:\ProgramData\ieswqMPFEaliD.exe
[2011/04/29 03:24:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2011/04/29 03:24:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Portable Devices
[2011/04/29 03:24:47 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011/04/28 16:43:50 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\SmartDraw
[2011/04/28 16:43:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartDraw VP
[2011/04/28 16:42:15 | 000,000,000 | -H-D | C] -- C:\SmartDraw VP
[2011/04/28 13:46:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\vi-VN
[2011/04/28 13:46:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\vi-VN
[2011/04/28 13:46:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\eu-ES
[2011/04/28 13:46:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\eu-ES
[2011/04/28 13:46:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ca-ES
[2011/04/28 13:46:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ca-ES
[2011/04/28 13:21:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2009/12/02 23:26:48 | 000,266,240 | -H-- | C] (Silicon Integrated Systems Corporation) -- C:\Users\Owner\AppData\Local\udasiqaquz.dll
[2009/12/02 23:26:48 | 000,114,688 | -H-- | C] (CyberLink Corp.) -- C:\Users\Owner\AppData\Local\vd181010.dll

========== Files - Modified Within 30 Days ==========

[2011/05/24 21:57:40 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/05/24 21:57:40 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/05/24 21:57:40 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/05/24 21:52:59 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/24 21:52:59 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/24 21:52:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/24 21:52:44 | 4193,472,512 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/24 12:04:07 | 000,000,000 | -H-- | M] () -- C:\Users\Owner\AppData\Local\Fgocopevoganid.bin
[2011/05/19 14:04:10 | 000,000,120 | -H-- | M] () -- C:\Users\Owner\AppData\Local\Nnawavarow.dat
[2011/05/19 11:53:33 | 000,000,136 | ---- | M] () -- C:\ProgramData\~45276920r
[2011/05/19 11:53:33 | 000,000,112 | ---- | M] () -- C:\ProgramData\~45276920
[2011/05/19 11:53:30 | 000,000,595 | -H-- | M] () -- C:\Users\Owner\Desktop\Windows Vista Recovery.lnk
[2011/05/19 11:53:27 | 000,000,344 | -H-- | M] () -- C:\ProgramData\45276920
[2011/05/19 11:53:24 | 000,376,320 | -H-- | M] () -- C:\ProgramData\45276920.exe
[2011/05/19 11:44:06 | 000,431,104 | -H-- | M] (QNP) -- C:\ProgramData\ieswqMPFEaliD.exe
[2011/05/10 14:13:39 | 000,054,784 | -H-- | M] () -- C:\Users\Owner\Documents\Final cheat sheet.wps
[2011/05/10 14:13:39 | 000,003,304 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2011/05/03 14:56:29 | 000,044,544 | -H-- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/03 14:56:23 | 000,000,370 | -H-- | M] () -- C:\Users\Owner\Documents\Pictures - Shortcut.lnk
[2011/05/01 15:27:39 | 000,246,784 | -H-- | M] () -- C:\Users\Owner\Documents\Night Owl Flier.wps
[2011/04/29 03:24:16 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/04/29 03:24:05 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/04/28 19:13:46 | 000,016,224 | -H-- | M] () -- C:\Users\Owner\Documents\flier pic2.jpg
[2011/04/28 19:11:39 | 000,018,831 | -H-- | M] () -- C:\Users\Owner\Documents\flier pic.jpg
[2011/04/28 17:36:48 | 000,029,104 | -H-- | M] () -- C:\Users\Owner\Documents\photo 2.jpg
[2011/04/28 17:33:10 | 000,033,143 | -H-- | M] () -- C:\Users\Owner\Documents\photo 1.jpg
[2011/04/28 16:43:44 | 000,000,559 | -H-- | M] () -- C:\Users\Owner\Desktop\SmartDraw VP.lnk
[2011/04/28 16:14:00 | 000,347,101 | -H-- | M] () -- C:\Users\Owner\Desktop\nightowl wallpaper.jpg
[2011/04/28 13:51:35 | 000,316,224 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/04/27 16:26:14 | 000,036,884 | -H-- | M] () -- C:\Users\Owner\Desktop\nightowlcrop.jpg
[2011/04/26 21:57:43 | 000,091,118 | -H-- | M] () -- C:\Users\Owner\Desktop\nightowl4crop.jpg

========== Files Created - No Company Name ==========

[2011/05/19 11:53:33 | 000,000,136 | ---- | C] () -- C:\ProgramData\~45276920r
[2011/05/19 11:53:32 | 000,000,112 | ---- | C] () -- C:\ProgramData\~45276920
[2011/05/19 11:53:30 | 000,000,595 | -H-- | C] () -- C:\Users\Owner\Desktop\Windows Vista Recovery.lnk
[2011/05/19 11:53:25 | 000,000,344 | -H-- | C] () -- C:\ProgramData\45276920
[2011/05/19 11:53:24 | 000,376,320 | -H-- | C] () -- C:\ProgramData\45276920.exe
[2011/05/19 11:46:37 | 000,000,120 | -H-- | C] () -- C:\Users\Owner\AppData\Local\Nnawavarow.dat
[2011/05/19 11:46:37 | 000,000,000 | -H-- | C] () -- C:\Users\Owner\AppData\Local\Fgocopevoganid.bin
[2011/05/10 09:21:20 | 000,054,784 | -H-- | C] () -- C:\Users\Owner\Documents\Final cheat sheet.wps
[2011/05/03 14:56:23 | 000,000,370 | -H-- | C] () -- C:\Users\Owner\Documents\Pictures - Shortcut.lnk
[2011/04/29 03:24:16 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/04/29 03:24:05 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/04/28 19:13:46 | 000,016,224 | -H-- | C] () -- C:\Users\Owner\Documents\flier pic2.jpg
[2011/04/28 19:11:39 | 000,018,831 | -H-- | C] () -- C:\Users\Owner\Documents\flier pic.jpg
[2011/04/28 17:36:48 | 000,029,104 | -H-- | C] () -- C:\Users\Owner\Documents\photo 2.jpg
[2011/04/28 17:33:10 | 000,033,143 | -H-- | C] () -- C:\Users\Owner\Documents\photo 1.jpg
[2011/04/28 16:43:44 | 000,000,559 | -H-- | C] () -- C:\Users\Owner\Desktop\SmartDraw VP.lnk
[2011/04/28 16:14:00 | 000,347,101 | -H-- | C] () -- C:\Users\Owner\Desktop\nightowl wallpaper.jpg
[2011/04/27 17:01:17 | 000,246,784 | -H-- | C] () -- C:\Users\Owner\Documents\Night Owl Flier.wps
[2011/04/26 21:57:42 | 000,091,118 | -H-- | C] () -- C:\Users\Owner\Desktop\nightowl4crop.jpg
[2011/04/26 21:52:46 | 000,036,884 | -H-- | C] () -- C:\Users\Owner\Desktop\nightowlcrop.jpg
[2010/10/05 11:53:11 | 000,001,940 | -H-- | C] () -- C:\Users\Owner\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/08/25 19:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 19:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 19:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/05/23 09:15:00 | 000,000,552 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d8caps.dat
[2009/12/02 23:27:06 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/02 23:26:18 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/12/02 23:25:29 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/12 08:39:36 | 000,044,544 | -H-- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/08 00:46:18 | 000,000,133 | -H-- | C] () -- C:\Windows\SysWow64\VersionInfo.dat
[2009/06/07 18:00:30 | 000,043,335 | ---- | C] () -- C:\Windows\SysWow64\streamset.dat
[2009/04/30 17:05:03 | 000,003,304 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2009/04/13 01:23:51 | 000,006,080 | -H-- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2008/10/18 12:50:18 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/10/18 12:46:31 | 000,218,480 | ---- | C] () -- C:\ProgramData\SymUpdate.exe
[2008/08/14 00:17:20 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
[2008/01/20 16:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 05:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 02:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 02:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 02:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/01 23:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2010/11/11 19:14:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Babylon
[2011/05/19 13:04:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\IrfanView
[2009/10/11 15:10:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Ludia
[2011/05/19 13:04:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SmartDraw
[2010/11/11 18:26:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SmartDVDCreator
[2009/04/30 17:05:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template
[2011/05/19 13:04:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent
[2009/04/13 01:29:25 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\WildTangent
[2011/05/24 21:52:55 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/12/15 03:24:14 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{10AA868C-9783-47CA-9F88-5FD68B557A62}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/10/28 20:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008/10/28 20:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008/10/28 20:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008/10/29 17:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/10 21:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/10 21:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008/10/27 16:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008/10/28 20:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/10 20:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/10 20:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008/10/29 19:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008/10/27 16:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/20 16:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 16:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 16:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/20 16:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2008/01/20 16:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe
[2008/01/20 16:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 16:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 16:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/20 16:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008/01/20 16:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2010/10/29 16:30:09 | 000,553,720 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2010/10/29 16:30:09 | 000,553,720 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010/10/29 16:30:09 | 000,553,720 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2011/02/18 20:26:07 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2011/02/18 20:26:07 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2011/02/18 20:26:07 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -hide [2008/01/20 16:49:18 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -show [2008/01/20 16:49:18 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -reinstall [2008/01/20 16:49:18 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2009/04/10 20:27:44 | 000,636,080 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2008/01/20 16:48:18 | 000,084,992 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2008/01/20 16:48:18 | 000,084,992 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2008/01/20 16:48:18 | 000,084,992 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2009/04/10 20:27:44 | 000,636,080 | ---- | M] (Microsoft Corporation)

< End of report >




***********************************************************************

Here is the EXTRAS log:

OTL Extras logfile created on: 5/24/2011 9:58:10 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = F:\
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 2.80 Gb Available Physical Memory | 71.79% Memory free
7.98 Gb Paging File | 6.82 Gb Available in Paging File | 85.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.62 Gb Total Space | 155.60 Gb Free Space | 54.48% Space Free | Partition Type: NTFS
Drive D: | 12.47 Gb Total Space | 1.97 Gb Free Space | 15.84% Space Free | Partition Type: NTFS
Drive F: | 14.92 Gb Total Space | 12.74 Gb Free Space | 85.38% Space Free | Partition Type: FAT32
Drive G: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l File not found
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = BD 77 D3 99 FF 05 CC 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A408678-9A27-4768-BE80-365EF874F90E}" = rport=445 | protocol=6 | dir=out | app=system |
"{0C8053DE-0E1D-4EC9-BA19-54B3D711730B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0E453C5F-F503-4BFA-9AAE-4D2A6898E26F}" = rport=138 | protocol=17 | dir=out | app=system |
"{131EB99E-630B-42BC-806D-5EAD68A1D24B}" = lport=139 | protocol=6 | dir=in | app=system |
"{182C002B-AF89-4B67-86A0-7F4FAAF1958A}" = lport=138 | protocol=17 | dir=in | app=system |
"{6468D245-0FBC-4F43-9D7D-3F27F6E68D2D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{9F71949B-E0D7-4089-88D3-04C6191698E1}" = lport=445 | protocol=6 | dir=in | app=system |
"{A77140C5-471B-4C6F-84FC-D07D9909AC34}" = rport=137 | protocol=17 | dir=out | app=system |
"{BF825FB3-650C-41E7-BC89-3CF62CA2480F}" = lport=137 | protocol=17 | dir=in | app=system |
"{FFDB2BD0-D673-4E78-8723-F6C531E39367}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03590473-CF9C-41FF-8EBC-39ECEF88B9FE}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{174E26F3-6D39-4992-810C-7D6DF80A7668}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{1B3396CC-4B13-4328-863B-D4950B3ECE4D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{1BAF0EE4-5289-46E7-AAC5-F9F2B8D56A0F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{1C1BB300-73FE-40B7-A3A2-6FD2B5585815}" = protocol=1 | dir=out | [email protected],-28544 |
"{224ED05C-0482-421E-A1B5-8426B3021F81}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{2440CD8B-4FC6-45CA-9A4C-D8E0D30CD7CD}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{2B59B420-DA6D-4288-954A-0A35378B669C}" = protocol=1 | dir=in | [email protected],-28543 |
"{2CE5C2ED-4ACE-4916-9261-523CDC884A51}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{315668FE-7403-4949-AAD6-9BF83799AC46}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{39A4BC73-BECE-415B-9256-9337F5846246}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{405214CF-E5EA-4DDE-8E11-3313228DE451}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe |
"{4B4DF052-55DD-4651-B531-D1F2D62D8544}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{659E4B0C-F8ED-4950-82E5-C957045D85B9}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{7286AE5E-C63B-41AC-9B78-74CFCA0EC4C0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{75933859-50EC-4FE1-8D14-B3A715068528}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{77EEC583-25DA-4305-B6D5-0253E68D5AA8}" = protocol=58 | dir=out | [email protected],-28546 |
"{8E127BD4-330C-41AA-9D59-12984B16E65D}" = protocol=58 | dir=in | [email protected],-28545 |
"{8EEEB75F-5556-4A66-89C7-BCE585415388}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{96B534BD-D896-482E-B254-8828B3F0928E}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{BCF50383-376B-4C0C-8B14-1F1392AADC4A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{F77A105A-21B5-446D-A550-89585A6BFF79}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe |
"TCP Query User{5B0A5E0D-C0A7-4AB5-A1FF-CFE1C677F5E2}C:\program files (x86)\bitlord\bitlord.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bitlord\bitlord.exe |
"TCP Query User{C078D660-904B-4FFA-9A7D-DA67E41976BF}C:\users\owner\appdata\local\temp\b.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\b.exe |
"UDP Query User{8DF97FB5-DDDB-46BC-843A-0B6ABDAF9715}C:\program files (x86)\bitlord\bitlord.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bitlord\bitlord.exe |
"UDP Query User{E7C4CD8D-F46A-45AB-9E64-CADEAAB327A5}C:\users\owner\appdata\local\temp\b.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\b.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}" = HP MediaSmart SmartMenu
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"07B260955637F1FF7587ED2AA87459040DD09BF7" = Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"EPSON Printer and Utilities" = EPSON Printer Software
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{07A5026D-5F9F-43D1-9073-C2F882D417E7}" = HP User Guides 0128
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{30D3B7BC-5798-45D9-822D-05CA18F39E99}" = HPTCSSetup
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{4EB7E778-1E95-433F-8919-C323D5483363}" = HP Smart Web Printing
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B798B31-2F33-4DC8-BDA4-D36488E86636}" = Slingbox - Watch Your TV Anywhere
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Babylon" = Babylon
"BabylonToolbar" = Babylon toolbar
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"IrfanView" = IrfanView (remove only)
"Million-Volt Xmas" = Million-Volt Xmas
"Mozilla Firefox (3.5.15)" = Mozilla Firefox (3.5.15)
"NAV" = Norton AntiVirus
"Smart DVD Creator_is1" = Smart DVD Creator
"TorrentMan Toolbar" = TorrentMan Toolbar
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.2
"WildTangent hp Master Uninstall" = My HP Games

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/10/2011 5:55:54 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application wkswp.exe, version 9.7.613.0, time stamp 0x466fad27,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x00000000, process id 0x11c0, application start time 0x01cc0f418ee8af6d.

Error - 5/10/2011 5:57:48 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application WksWP.exe, version 9.7.613.0, time stamp 0x466fad27,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x00000000, process id 0x584, application start time 0x01cc0f5d12e88a4d.

Error - 5/10/2011 11:40:42 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/11/2011 12:49:49 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/12/2011 7:46:37 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/13/2011 4:07:57 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/18/2011 4:20:23 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/18/2011 7:26:43 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/19/2011 5:57:30 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/19/2011 6:12:00 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 6/11/2009 1:28:18 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 8/18/2009 12:08:56 AM | Computer Name = Owner-PC | Source = HTTP | ID = 15016
Description =

Error - 8/18/2009 12:09:17 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/18/2009 10:56:28 AM | Computer Name = Owner-PC | Source = HTTP | ID = 15016
Description =

Error - 8/18/2009 10:56:30 AM | Computer Name = Owner-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.102 for the Network Card with network
address 002100BC1E5C has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 8/18/2009 10:56:39 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/18/2009 4:04:21 PM | Computer Name = Owner-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.100 for the Network Card with network
address 002100BC1E5C has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 8/18/2009 4:09:19 PM | Computer Name = Owner-PC | Source = HTTP | ID = 15016
Description =

Error - 8/18/2009 4:09:32 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/18/2009 8:18:37 PM | Computer Name = Owner-PC | Source = HTTP | ID = 15016
Description =

Error - 8/18/2009 8:18:48 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >





*******************************************************************************

Here is the malwarebytes log with a quick scan:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6670

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.6002.18005

5/24/2011 10:27:11 PM
mbam-log-2011-05-24 (22-27-11).txt

Scan type: Quick scan
Objects scanned: 162902
Time elapsed: 3 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 3
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{9233C3C0-1472-4091-A505-5580A23BB4AC} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500BCA15-57A7-4EAF-8143-8C619470B13D} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\XML.XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\XML.XML.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PopRock (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ieswqMPFEaliD (Rogue.Installer.Gen) -> Value: ieswqMPFEaliD -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Erogokowucaf (Trojan.Hiloti) -> Value: Erogokowucaf -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Lmodacosuw (Trojan.Agent.U) -> Value: Lmodacosuw -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\ieswqmpfealid.exe (Rogue.Installer.Gen) -> Quarantined and deleted successfully.
c:\Users\Owner\AppData\Local\vd181010.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\programdata\45276920.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\Users\Owner\AppData\Local\Temp\0.17040095349227946.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Owner\AppData\Local\Temp\0.794452036561596.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Owner\AppData\Local\Temp\1F59.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
c:\Users\Owner\AppData\Local\Temp\adobe_flash_player.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Owner\AppData\Local\Temp\setup2931863040.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
c:\Users\Owner\AppData\Local\Temp\setup4214758592.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
c:\Users\Owner\AppData\Local\Temp\tmp7F33.tmp (Rogue.Installer.Gen) -> Quarantined and deleted successfully.
c:\Users\Owner\AppData\Local\Temp\update.exe (Trojan.Sasfis) -> Quarantined and deleted successfully.
c:\Windows\Temp\Ado504C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\set41C9.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
c:\Users\Owner\local settings\vd181010.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\Users\Owner\local settings\application data\vd181010.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\Users\Owner\AppData\Roaming\Adobe\plugs\mmc251.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Owner\AppData\Local\udasiqaquz.dll (Trojan.Agent.U) -> Quarantined and deleted successfully.
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Uninstall
Java™ 6 Update 7
Ask Toolbar
Conduit Engine
TorrentMan Toolbar
µTorrent
Microsoft Live Search Toolbar

Copy the text between the lines of stars by highlighting and Ctrl + c


********************************************************************

:OTL
PRC - [2008/01/20 16:48:06 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2006/11/01 23:44:50 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\attrib.exe
IE - HKLM\..\URLSearchHook: {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files (x86)\TorrentMan\tbTorr.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files (x86)\TorrentMan\tbTorr.dll (Conduit Ltd.)
FF - prefs.js..extensions.enabledItems: {BCF767FF-5800-4997-93F9-64A503F57ADB}:1.9.1
FF - prefs.js..keyword.URL: "http://websearch.ask...=YYYYYYYYUS&q="
[2011/05/19 13:04:04 | 000,000,000 | -H-D | M] (Ask Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\k9g1w1i6.default\extensions\[email protected]
[2011/05/19 11:38:30 | 000,002,569 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\k9g1w1i6.default\searchplugins\askcom.xml
[2011/05/19 11:46:36 | 000,000,000 | -H-D | M] (XULRunner) -- C:\USERS\OWNER\APPDATA\LOCAL\{BCF767FF-5800-4997-93F9-64A503F57ADB}
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (TorrentMan Toolbar) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files (x86)\TorrentMan\tbTorr.dll (Conduit Ltd.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (TorrentMan Toolbar) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files (x86)\TorrentMan\tbTorr.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (TorrentMan Toolbar) - {7C5C0F58-E061-457D-9033-77307F5ED00C} - C:\Program Files (x86)\TorrentMan\tbTorr.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKCU..\Run: [EPSON Stylus CX4800 Series] File not found
O4 - HKCU..\Run: [Erogokowucaf] C:\Users\Owner\AppData\Local\vd181010.dll (CyberLink Corp.)
O4 - HKCU..\Run: [ieswqMPFEaliD] C:\ProgramData\ieswqMPFEaliD.exe (QNP)
O4 - HKCU..\Run: [Lmodacosuw] C:\Users\Owner\AppData\Local\udasiqaquz.dll (Silicon Integrated Systems Corporation)
O33 - MountPoints2\{eaff844e-86a3-11e0-8d1c-00238b859685}\Shell - "" = AutoRun
O33 - MountPoints2\{eaff844e-86a3-11e0-8d1c-00238b859685}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- [2007/10/22 21:45:39 | 001,336,632 | R--- | M] ()
[2011/05/19 11:53:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery
[2011/05/19 11:46:36 | 000,000,000 | -H-D | C] -- C:\Users\Owner\AppData\Local\{BCF767FF-5800-4997-93F9-64A503F57ADB}
[2011/05/24 12:04:07 | 000,000,000 | -H-- | M] () -- C:\Users\Owner\AppData\Local\Fgocopevoganid.bin
[2011/05/19 14:04:10 | 000,000,120 | -H-- | M] () -- C:\Users\Owner\AppData\Local\Nnawavarow.dat
[2011/05/19 11:53:33 | 000,000,136 | ---- | M] () -- C:\ProgramData\~45276920r
[2011/05/19 11:53:33 | 000,000,112 | ---- | M] () -- C:\ProgramData\~45276920
[2011/05/19 11:53:30 | 000,000,595 | -H-- | M] () -- C:\Users\Owner\Desktop\Windows Vista Recovery.lnk
[2011/05/19 11:53:27 | 000,000,344 | -H-- | M] () -- C:\ProgramData\45276920
[2011/05/19 11:53:24 | 000,376,320 | -H-- | M] () -- C:\ProgramData\45276920.exe
[2011/05/19 11:44:06 | 000,431,104 | -H-- | M] (QNP) -- C:\ProgramData\ieswqMPFEaliD.exe

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

:Commands
[purity]
[Reboot]


*******************************************************************

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Download, Save and Right click on unhide.exe and Run As Administrator from

http://download.blee...nler/unhide.exe


Open OTL again and select the All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix

You must first uninstall AVG before running Combofix then download and run the AVG removal tool.
http://download.avg....6_2011_1322.exe

:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply
Posted Image


Ron
  • 0

#3
opihi

opihi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi Ron,

I really appreciate your help. I have followed all of your steps successfully, however the last step running aswMBR.exe, when I click 'scan' I get a blue screen, saying the computer has been shutdown to prevent any damage. I did try it again and I had the same blue screen. So anyways, here are the following logs.


OTL LOG:



OTL logfile created on: 5/25/2011 5:45:05 PM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Owner\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 58.46% Memory free
7.98 Gb Paging File | 6.32 Gb Available in Paging File | 79.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.62 Gb Total Space | 155.17 Gb Free Space | 54.33% Space Free | Partition Type: NTFS
Drive D: | 12.47 Gb Total Space | 1.97 Gb Free Space | 15.84% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/24 21:49:18 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.scr
PRC - [2011/02/18 20:26:07 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/08/10 17:40:30 | 003,824,056 | ---- | M] (Babylon Ltd.) -- C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe
PRC - [2009/04/22 20:06:52 | 000,206,120 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
PRC - [2009/04/22 19:53:22 | 000,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2009/04/22 19:53:22 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2008/09/26 00:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/09/25 16:42:24 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/09/25 16:41:44 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/09/23 09:18:52 | 000,365,904 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe


========== Modules (SafeList) ==========

MOD - [2011/05/24 21:49:18 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.scr
MOD - [2010/08/31 05:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/09/11 01:53:00 | 000,279,040 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/06/27 05:53:06 | 000,089,088 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/03/18 14:25:40 | 000,023,040 | ---- | M] (Hewlett-Packard Corporation) [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2008/01/20 16:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/11 10:11:30 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/04/22 19:53:22 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2009/04/22 19:53:22 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
SRV - [2009/03/29 18:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/23 09:18:52 | 000,365,904 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2006/12/15 04:01:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/09/30 14:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/03/06 06:06:18 | 000,197,120 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/03/03 22:19:04 | 001,522,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008/09/19 15:43:58 | 000,068,096 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/09/11 01:54:44 | 000,465,408 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/09/04 07:48:00 | 000,064,000 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/07/14 22:20:42 | 000,126,464 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2008/06/19 15:37:42 | 000,325,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/03/27 10:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008/03/27 10:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2008/02/29 13:59:32 | 001,252,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/20 16:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64) Intel®
DRV:64bit: - [2008/01/20 16:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/06/18 14:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2006/10/03 15:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2006/09/18 11:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2008/09/26 00:36:34 | 000,027,632 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...m/home?AF=15627
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://search.babylo...earch&AF=15627"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.5

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/10/18 13:46:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.15\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/02/18 20:26:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.15\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/29 16:30:10 | 000,000,000 | ---D | M]

[2009/04/25 11:33:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2011/05/25 17:41:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\k9g1w1i6.default\extensions
[2011/05/25 17:11:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\k9g1w1i6.default\extensions\[email protected]
[2011/05/19 13:04:03 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\k9g1w1i6.default\extensions\[email protected]
[2011/05/25 17:15:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/11/11 19:14:03 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

O1 HOSTS File: ([2006/09/18 11:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O8:64bit: - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8:64bit: - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{eaff844e-86a3-11e0-8d1c-00238b859685}\Shell - "" = AutoRun
O33 - MountPoints2\{eaff844e-86a3-11e0-8d1c-00238b859685}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/25 17:28:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/25 17:27:03 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.scr
[2011/05/25 17:26:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\U3
[2011/05/24 22:21:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2011/05/24 22:21:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/24 22:21:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/24 22:21:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/24 22:21:24 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/05/24 22:21:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/04/29 15:37:39 | 001,653,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/04/29 15:37:39 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/04/29 03:24:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2011/04/29 03:24:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Portable Devices
[2011/04/29 03:24:47 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011/04/29 03:07:38 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2011/04/29 03:07:37 | 000,449,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2011/04/29 03:07:35 | 001,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2011/04/29 03:07:35 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2011/04/29 03:07:35 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WindowsCodecsExt.dll
[2011/04/29 03:07:34 | 000,792,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2011/04/29 03:07:34 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2011/04/29 03:07:34 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PhotoMetadataHandler.dll
[2011/04/29 03:07:34 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxdiag.exe
[2011/04/29 03:07:34 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PhotoMetadataHandler.dll
[2011/04/29 03:07:34 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxdiagn.dll
[2011/04/29 03:07:34 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxdiag.exe
[2011/04/29 03:07:34 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxdiagn.dll
[2011/04/29 03:06:49 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDShextAutoplay.exe
[2011/04/29 03:06:48 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BthMtpContextHandler.dll
[2011/04/29 03:06:48 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WPDShextAutoplay.exe
[2011/04/29 03:06:43 | 002,727,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpdshext.dll
[2011/04/29 03:06:43 | 002,537,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wpdshext.dll
[2011/04/29 03:06:43 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpd_ci.dll
[2011/04/29 03:06:43 | 000,295,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WpdMtp.dll
[2011/04/29 03:06:43 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDShServiceObj.dll
[2011/04/29 03:06:43 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceConnectApi.dll
[2011/04/29 03:06:43 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WpdMtpUS.dll
[2011/04/29 03:06:43 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceConnectApi.dll
[2011/04/29 03:06:43 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WpdUsb.sys
[2011/04/29 03:06:43 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WpdConns.dll
[2011/04/29 03:06:42 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceApi.dll
[2011/04/29 03:06:42 | 000,433,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDSp.dll
[2011/04/29 03:06:42 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WPDSp.dll
[2011/04/29 03:06:42 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceApi.dll
[2011/04/29 03:06:42 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceWMDRM.dll
[2011/04/29 03:06:42 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceTypes.dll
[2011/04/29 03:06:42 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceWMDRM.dll
[2011/04/29 03:06:42 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceTypes.dll
[2011/04/29 03:06:42 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceClassExtension.dll
[2011/04/29 03:06:42 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceClassExtension.dll
[2011/04/29 03:05:15 | 000,736,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAutomationCore.dll
[2011/04/29 03:05:15 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAutomationCore.dll
[2011/04/29 03:05:15 | 000,315,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011/04/29 03:05:15 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\oleaccrc.dll
[2011/04/29 03:05:15 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaccrc.dll
[2011/04/29 03:00:50 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2011/04/29 03:00:50 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2011/04/29 03:00:49 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbonRes.dll
[2011/04/29 03:00:49 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbonRes.dll
[2011/04/29 03:00:48 | 003,815,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbon.dll
[2011/04/29 03:00:48 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbon.dll
[2011/04/28 16:43:50 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\SmartDraw
[2011/04/28 16:43:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartDraw VP
[2011/04/28 16:42:15 | 000,000,000 | ---D | C] -- C:\SmartDraw VP
[2011/04/28 14:18:57 | 000,479,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/04/28 14:18:57 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/04/28 14:18:55 | 001,555,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/04/28 14:18:54 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011/04/28 14:18:42 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msshsq.dll
[2011/04/28 14:18:41 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshsq.dll
[2011/04/28 14:18:31 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011/04/28 14:18:31 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011/04/28 14:18:30 | 003,068,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xpsservices.dll
[2011/04/28 14:18:30 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011/04/28 14:18:29 | 001,257,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFH264Dec.dll
[2011/04/28 14:18:29 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2011/04/28 14:18:29 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFH264Dec.dll
[2011/04/28 14:18:28 | 002,002,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011/04/28 14:18:28 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10level9.dll
[2011/04/28 14:18:28 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxgi.dll
[2011/04/28 14:18:28 | 000,287,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2011/04/28 14:18:28 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011/04/28 14:18:27 | 000,625,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2011/04/28 14:18:27 | 000,566,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2011/04/28 14:18:27 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2011/04/28 14:18:26 | 001,461,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OpcServices.dll
[2011/04/28 14:18:26 | 001,268,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2011/04/28 14:18:26 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011/04/28 14:18:25 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xpsservices.dll
[2011/04/28 14:18:25 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10.dll
[2011/04/28 14:18:25 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2011/04/28 14:18:25 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10core.dll
[2011/04/28 14:18:25 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2011/04/28 14:18:25 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011/04/28 14:18:24 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\OpcServices.dll
[2011/04/28 14:18:24 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFHEAACdec.dll
[2011/04/28 14:18:24 | 000,377,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfmp4src.dll
[2011/04/28 14:18:24 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFHEAACdec.dll
[2011/04/28 14:18:24 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2011/04/28 14:18:24 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfmp4src.dll
[2011/04/28 14:18:24 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2011/04/28 14:18:23 | 003,548,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2011/04/28 14:18:23 | 001,032,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelinesvc.exe
[2011/04/28 14:18:23 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winspool.drv
[2011/04/28 14:18:22 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2011/04/28 14:18:22 | 001,204,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2011/04/28 14:18:21 | 000,748,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\stobject.dll
[2011/04/28 14:18:21 | 000,278,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfplat.dll
[2011/04/28 14:18:21 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfplat.dll
[2011/04/28 14:18:20 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2011/04/28 14:18:20 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelineprxy.dll
[2011/04/28 14:18:18 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfps.dll
[2011/04/28 14:18:18 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfpmp.exe
[2011/04/28 13:46:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\vi-VN
[2011/04/28 13:46:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\vi-VN
[2011/04/28 13:46:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\eu-ES
[2011/04/28 13:46:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\eu-ES
[2011/04/28 13:46:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ca-ES
[2011/04/28 13:46:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ca-ES
[2011/04/28 13:21:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2011/04/26 19:36:24 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll
[2011/04/26 19:36:23 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2011/04/26 19:36:23 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2011/04/26 19:36:23 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll

========== Files - Modified Within 30 Days ==========

[2011/05/25 17:32:17 | 000,606,104 | ---- | M] () -- C:\Users\Owner\Desktop\unhide.exe
[2011/05/25 17:29:17 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/25 17:29:17 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/25 17:29:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/25 17:29:01 | 4193,472,512 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/24 22:21:28 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/24 21:57:40 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/05/24 21:57:40 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/05/24 21:57:40 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/05/24 21:49:18 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.scr
[2011/05/10 14:13:39 | 000,054,784 | ---- | M] () -- C:\Users\Owner\Documents\Final cheat sheet.wps
[2011/05/10 14:13:39 | 000,003,304 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2011/05/03 14:56:29 | 000,044,544 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/03 14:56:23 | 000,000,370 | ---- | M] () -- C:\Users\Owner\Documents\Pictures - Shortcut.lnk
[2011/05/01 15:27:39 | 000,246,784 | ---- | M] () -- C:\Users\Owner\Documents\Night Owl Flier.wps
[2011/04/29 03:24:16 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/04/29 03:24:05 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/04/28 19:13:46 | 000,016,224 | ---- | M] () -- C:\Users\Owner\Documents\flier pic2.jpg
[2011/04/28 19:11:39 | 000,018,831 | ---- | M] () -- C:\Users\Owner\Documents\flier pic.jpg
[2011/04/28 17:36:48 | 000,029,104 | ---- | M] () -- C:\Users\Owner\Documents\photo 2.jpg
[2011/04/28 17:33:10 | 000,033,143 | ---- | M] () -- C:\Users\Owner\Documents\photo 1.jpg
[2011/04/28 16:43:44 | 000,000,559 | ---- | M] () -- C:\Users\Owner\Desktop\SmartDraw VP.lnk
[2011/04/28 16:14:00 | 000,347,101 | ---- | M] () -- C:\Users\Owner\Desktop\nightowl wallpaper.jpg
[2011/04/28 13:56:43 | 000,000,973 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/28 13:51:35 | 000,316,224 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/04/27 16:26:14 | 000,036,884 | ---- | M] () -- C:\Users\Owner\Desktop\nightowlcrop.jpg
[2011/04/26 21:57:43 | 000,091,118 | ---- | M] () -- C:\Users\Owner\Desktop\nightowl4crop.jpg

========== Files Created - No Company Name ==========

[2011/05/25 17:32:15 | 000,606,104 | ---- | C] () -- C:\Users\Owner\Desktop\unhide.exe
[2011/05/25 17:28:08 | 000,001,802 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/25 17:28:08 | 000,000,968 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/05/25 17:28:08 | 000,000,806 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/05/25 17:28:08 | 000,000,258 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/05/25 17:28:08 | 000,000,240 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/05/25 17:28:07 | 000,001,004 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Babylon.lnk
[2011/05/25 17:28:07 | 000,000,973 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/24 22:36:53 | 4193,472,512 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/24 22:21:28 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/10 09:21:20 | 000,054,784 | ---- | C] () -- C:\Users\Owner\Documents\Final cheat sheet.wps
[2011/05/03 14:56:23 | 000,000,370 | ---- | C] () -- C:\Users\Owner\Documents\Pictures - Shortcut.lnk
[2011/04/29 03:24:16 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/04/29 03:24:05 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/04/28 19:13:46 | 000,016,224 | ---- | C] () -- C:\Users\Owner\Documents\flier pic2.jpg
[2011/04/28 19:11:39 | 000,018,831 | ---- | C] () -- C:\Users\Owner\Documents\flier pic.jpg
[2011/04/28 17:36:48 | 000,029,104 | ---- | C] () -- C:\Users\Owner\Documents\photo 2.jpg
[2011/04/28 17:33:10 | 000,033,143 | ---- | C] () -- C:\Users\Owner\Documents\photo 1.jpg
[2011/04/28 16:43:44 | 000,000,559 | ---- | C] () -- C:\Users\Owner\Desktop\SmartDraw VP.lnk
[2011/04/28 16:14:00 | 000,347,101 | ---- | C] () -- C:\Users\Owner\Desktop\nightowl wallpaper.jpg
[2011/04/27 17:01:17 | 000,246,784 | ---- | C] () -- C:\Users\Owner\Documents\Night Owl Flier.wps
[2011/04/26 21:57:42 | 000,091,118 | ---- | C] () -- C:\Users\Owner\Desktop\nightowl4crop.jpg
[2011/04/26 21:52:46 | 000,036,884 | ---- | C] () -- C:\Users\Owner\Desktop\nightowlcrop.jpg
[2010/10/05 11:53:11 | 000,001,940 | ---- | C] () -- C:\Users\Owner\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/08/25 19:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 19:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 19:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/05/23 09:15:00 | 000,000,552 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d8caps.dat
[2009/12/02 23:27:06 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/02 23:26:18 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/12/02 23:25:29 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/12 08:39:36 | 000,044,544 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/08 00:46:18 | 000,000,133 | ---- | C] () -- C:\Windows\SysWow64\VersionInfo.dat
[2009/06/07 18:00:30 | 000,043,335 | ---- | C] () -- C:\Windows\SysWow64\streamset.dat
[2009/04/30 17:05:03 | 000,003,304 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2009/04/13 01:23:51 | 000,006,080 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2008/10/18 12:50:18 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/10/18 12:46:31 | 000,218,480 | ---- | C] () -- C:\ProgramData\SymUpdate.exe
[2008/08/14 00:17:20 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
[2008/01/20 16:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 05:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 02:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 02:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 02:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/01 23:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

< End of report >



EXTRAS LOG:

OTL Extras logfile created on: 5/25/2011 5:45:05 PM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Owner\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 58.46% Memory free
7.98 Gb Paging File | 6.32 Gb Available in Paging File | 79.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.62 Gb Total Space | 155.17 Gb Free Space | 54.33% Space Free | Partition Type: NTFS
Drive D: | 12.47 Gb Total Space | 1.97 Gb Free Space | 15.84% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %* File not found
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l File not found
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\Windows\SysWOW64\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = BD 77 D3 99 FF 05 CC 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A408678-9A27-4768-BE80-365EF874F90E}" = rport=445 | protocol=6 | dir=out | app=system |
"{0C8053DE-0E1D-4EC9-BA19-54B3D711730B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0E453C5F-F503-4BFA-9AAE-4D2A6898E26F}" = rport=138 | protocol=17 | dir=out | app=system |
"{131EB99E-630B-42BC-806D-5EAD68A1D24B}" = lport=139 | protocol=6 | dir=in | app=system |
"{182C002B-AF89-4B67-86A0-7F4FAAF1958A}" = lport=138 | protocol=17 | dir=in | app=system |
"{6468D245-0FBC-4F43-9D7D-3F27F6E68D2D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{9F71949B-E0D7-4089-88D3-04C6191698E1}" = lport=445 | protocol=6 | dir=in | app=system |
"{A77140C5-471B-4C6F-84FC-D07D9909AC34}" = rport=137 | protocol=17 | dir=out | app=system |
"{BF825FB3-650C-41E7-BC89-3CF62CA2480F}" = lport=137 | protocol=17 | dir=in | app=system |
"{FFDB2BD0-D673-4E78-8723-F6C531E39367}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03590473-CF9C-41FF-8EBC-39ECEF88B9FE}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{174E26F3-6D39-4992-810C-7D6DF80A7668}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{1B3396CC-4B13-4328-863B-D4950B3ECE4D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{1BAF0EE4-5289-46E7-AAC5-F9F2B8D56A0F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{1C1BB300-73FE-40B7-A3A2-6FD2B5585815}" = protocol=1 | dir=out | [email protected],-28544 |
"{224ED05C-0482-421E-A1B5-8426B3021F81}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{2440CD8B-4FC6-45CA-9A4C-D8E0D30CD7CD}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{2B59B420-DA6D-4288-954A-0A35378B669C}" = protocol=1 | dir=in | [email protected],-28543 |
"{2CE5C2ED-4ACE-4916-9261-523CDC884A51}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{39A4BC73-BECE-415B-9256-9337F5846246}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{405214CF-E5EA-4DDE-8E11-3313228DE451}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe |
"{659E4B0C-F8ED-4950-82E5-C957045D85B9}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{7286AE5E-C63B-41AC-9B78-74CFCA0EC4C0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{75933859-50EC-4FE1-8D14-B3A715068528}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{77EEC583-25DA-4305-B6D5-0253E68D5AA8}" = protocol=58 | dir=out | [email protected],-28546 |
"{8E127BD4-330C-41AA-9D59-12984B16E65D}" = protocol=58 | dir=in | [email protected],-28545 |
"{8EEEB75F-5556-4A66-89C7-BCE585415388}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{96B534BD-D896-482E-B254-8828B3F0928E}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{BCF50383-376B-4C0C-8B14-1F1392AADC4A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{F77A105A-21B5-446D-A550-89585A6BFF79}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe |
"TCP Query User{5B0A5E0D-C0A7-4AB5-A1FF-CFE1C677F5E2}C:\program files (x86)\bitlord\bitlord.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bitlord\bitlord.exe |
"TCP Query User{C078D660-904B-4FFA-9A7D-DA67E41976BF}C:\users\owner\appdata\local\temp\b.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\b.exe |
"UDP Query User{8DF97FB5-DDDB-46BC-843A-0B6ABDAF9715}C:\program files (x86)\bitlord\bitlord.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bitlord\bitlord.exe |
"UDP Query User{E7C4CD8D-F46A-45AB-9E64-CADEAAB327A5}C:\users\owner\appdata\local\temp\b.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\b.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}" = HP MediaSmart SmartMenu
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"07B260955637F1FF7587ED2AA87459040DD09BF7" = Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"EPSON Printer and Utilities" = EPSON Printer Software
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{07A5026D-5F9F-43D1-9073-C2F882D417E7}" = HP User Guides 0128
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{30D3B7BC-5798-45D9-822D-05CA18F39E99}" = HPTCSSetup
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{4EB7E778-1E95-433F-8919-C323D5483363}" = HP Smart Web Printing
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B798B31-2F33-4DC8-BDA4-D36488E86636}" = Slingbox - Watch Your TV Anywhere
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Babylon" = Babylon
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Million-Volt Xmas" = Million-Volt Xmas
"Mozilla Firefox (3.5.15)" = Mozilla Firefox (3.5.15)
"Smart DVD Creator_is1" = Smart DVD Creator
"VLC media player" = VLC media player 1.1.2
"WildTangent hp Master Uninstall" = My HP Games

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/18/2011 7:26:43 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/19/2011 5:57:30 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/19/2011 6:12:00 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/19/2011 6:42:00 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/19/2011 7:09:17 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/19/2011 7:12:49 PM | Computer Name = Owner-PC | Source = System Restore | ID = 8209
Description =

Error - 5/19/2011 7:41:14 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/19/2011 8:01:55 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.1.3951, time stamp 0x4cc7a96f,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x00200073, process id 0xff4, application start time 0x01cc16808acc4f8d.

Error - 5/19/2011 8:04:30 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/24/2011 6:04:41 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 6/11/2009 1:28:18 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 8/18/2009 12:08:56 AM | Computer Name = Owner-PC | Source = HTTP | ID = 15016
Description =

Error - 8/18/2009 12:09:17 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/18/2009 10:56:28 AM | Computer Name = Owner-PC | Source = HTTP | ID = 15016
Description =

Error - 8/18/2009 10:56:30 AM | Computer Name = Owner-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.102 for the Network Card with network
address 002100BC1E5C has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 8/18/2009 10:56:39 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/18/2009 4:04:21 PM | Computer Name = Owner-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.100 for the Network Card with network
address 002100BC1E5C has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 8/18/2009 4:09:19 PM | Computer Name = Owner-PC | Source = HTTP | ID = 15016
Description =

Error - 8/18/2009 4:09:32 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/18/2009 8:18:37 PM | Computer Name = Owner-PC | Source = HTTP | ID = 15016
Description =

Error - 8/18/2009 8:18:48 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >



COMBOFIX LOG ::::


ComboFix 11-05-25.01 - Owner 05/25/2011 18:21:44.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3998.2536 [GMT -10:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe
c:\programdata\SymUpdate.exe
c:\users\Owner\AppData\Roaming\Adobe\plugs
c:\users\Owner\AppData\Roaming\Adobe\plugs\mmc123515336.txt
c:\users\Owner\AppData\Roaming\Adobe\shed
c:\users\Owner\AppData\Roaming\Adobe\shed\thr1.chm
.
.
((((((((((((((((((((((((( Files Created from 2011-04-26 to 2011-05-26 )))))))))))))))))))))))))))))))
.
.
2011-05-26 04:27 . 2011-05-26 04:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-26 04:19 . 2011-05-26 04:19 -------- d-----w- C:\32788R22FWJFW
2011-05-26 04:07 . 2010-12-21 04:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-26 03:28 . 2011-05-26 03:28 -------- d-----w- C:\_OTL
2011-05-26 03:26 . 2011-05-26 03:26 -------- d-----w- c:\users\Owner\AppData\Roaming\U3
2011-05-25 08:21 . 2011-05-25 08:21 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2011-05-25 08:21 . 2011-05-25 08:21 -------- d-----w- c:\programdata\Malwarebytes
2011-05-25 08:21 . 2010-12-21 04:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-25 08:21 . 2011-05-26 04:07 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-05-11 03:49 . 2011-04-07 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-05-11 03:49 . 2011-04-07 12:01 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-04-30 01:37 . 2011-03-12 22:52 1653760 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-30 01:37 . 2011-03-12 21:55 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-04-29 13:24 . 2011-04-29 13:24 -------- d-----w- c:\windows\SysWow64\spool
2011-04-29 13:24 . 2011-04-29 13:24 -------- d-----w- c:\program files (x86)\Windows Portable Devices
2011-04-29 13:24 . 2011-04-29 13:24 -------- d-----w- c:\program files\Windows Portable Devices
2011-04-29 13:06 . 2009-10-01 00:52 34816 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2011-04-29 13:05 . 2009-10-08 21:08 736256 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-04-29 13:05 . 2009-10-08 21:08 555520 ----a-w- c:\windows\SysWow64\UIAutomationCore.dll
2011-04-29 13:05 . 2009-10-08 21:08 234496 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-04-29 13:05 . 2009-10-08 21:07 4096 ----a-w- c:\windows\SysWow64\oleaccrc.dll
2011-04-29 13:05 . 2009-10-08 21:07 315904 ----a-w- c:\windows\system32\oleacc.dll
2011-04-29 13:05 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-04-29 13:00 . 2009-09-10 02:05 103424 ----a-w- c:\windows\system32\UIAnimation.dll
2011-04-29 13:00 . 2009-09-10 02:00 92672 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2011-04-29 13:00 . 2009-09-10 02:06 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-04-29 13:00 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll
2011-04-29 13:00 . 2009-09-10 02:07 3815424 ----a-w- c:\windows\system32\UIRibbon.dll
2011-04-29 13:00 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\SysWow64\UIRibbon.dll
2011-04-29 02:43 . 2011-05-19 23:04 -------- d-----w- c:\users\Owner\AppData\Roaming\SmartDraw
2011-04-29 02:42 . 2011-05-19 23:03 -------- d-----w- C:\SmartDraw VP
2011-04-28 23:46 . 2011-04-28 23:47 -------- d-----w- c:\windows\SysWow64\ca-ES
2011-04-28 23:46 . 2011-04-28 23:47 -------- d-----w- c:\windows\SysWow64\eu-ES
2011-04-28 23:46 . 2011-04-28 23:47 -------- d-----w- c:\windows\SysWow64\vi-VN
2011-04-28 23:46 . 2011-04-28 23:47 -------- d-----w- c:\windows\system32\ca-ES
2011-04-28 23:46 . 2011-04-28 23:47 -------- d-----w- c:\windows\system32\eu-ES
2011-04-28 23:46 . 2011-04-28 23:47 -------- d-----w- c:\windows\system32\vi-VN
2011-04-28 23:21 . 2011-04-28 23:21 -------- d-----w- c:\windows\system32\EventProviders
2011-04-27 05:36 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{46204DEF-FA25-43B2-86D2-2B09591D065B}\mpengine.dll
2011-04-27 05:36 . 2011-03-03 15:59 32256 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-27 05:36 . 2011-03-03 15:40 28672 ----a-w- c:\windows\SysWow64\Apphlpdm.dll
2011-04-27 05:36 . 2011-03-03 14:00 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 05:36 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\SysWow64\GameUXLegacyGDFs.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-10 17:18 . 2011-04-14 23:30 1360384 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:18 . 2011-04-14 23:30 1398784 ----a-w- c:\windows\system32\mfc42.dll
2011-03-10 17:03 . 2011-04-14 23:30 1162240 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-03-10 17:03 . 2011-04-14 23:30 1136640 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-03-03 16:02 . 2011-04-14 23:57 975872 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:59 . 2011-04-27 05:36 100352 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2011-03-03 15:59 . 2011-04-27 05:36 331776 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 15:59 . 2011-04-27 05:36 284672 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2011-03-03 15:42 . 2011-04-14 23:57 739328 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-03-03 15:40 . 2011-04-27 05:36 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-27 05:36 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-27 05:36 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-27 05:36 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:46 . 2011-04-14 23:54 2762240 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 16:12 . 2011-04-14 23:53 117760 ----a-w- c:\windows\system32\dnsrslvr.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
"Sidebar"="c:\program files\Windows Sidebar\Sidebar.exe" [2009-04-11 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-09-26 189736]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-09-26 1152296]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-09-26 1148200]
"TVAgent"="c:\program files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-04-23 206120]
"Babylon Client"="c:\program files (x86)\Babylon\Babylon-Pro\Babylon.exe" [2010-08-11 3824056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-21 443728]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 09:38 34672 ----a-w- c:\program files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-06-16 15:03 75008 ----a-w- c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 23:24 54840 ----a-w- c:\program files (x86)\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2008-04-15 21:51 488752 ----a-w- c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-19 138576]
R2 Norton Internet Security;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [x]
R3 NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw3v64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-19 1020768]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-09-26 27632]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files (x86)\SMINST\BLService.exe [2008-09-23 365904]
S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2009-04-23 296320]
S2 TVSched;TV Task Scheduler (TVTS);c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2009-04-23 116104]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 20:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-20 c:\windows\Tasks\HPCeeScheduleForOwner.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-18 18:34]
.
2010-12-15 c:\windows\Tasks\User_Feed_Synchronization-{10AA868C-9783-47CA-9F88-5FD68B557A62}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1533736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/home?AF=15627
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mLocal Page = %SystemRoot%\system32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Translate this web page with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\k9g1w1i6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15627
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Personas: [email protected] - %profile%\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-UCam_Menu - c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files (x86)\Java\jre1.6.0_07\bin\jusched.exe
MSConfigStartUp-UpdateLBPShortCut - c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
MSConfigStartUp-UpdateP2GoShortCut - c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
MSConfigStartUp-UpdatePDIRShortCut - c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
MSConfigStartUp-UpdatePSTShortCut - c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@SACL=
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@SACL=
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@SACL=
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-05-25 18:30:10
ComboFix-quarantined-files.txt 2011-05-26 04:30
.
Pre-Run: 166,135,947,264 bytes free
Post-Run: 167,000,236,032 bytes free
.
- - End Of File - - EB2E53F719EE73B0A48D6FCEF8DEA279


MALWARE BYTES LOG:::

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6682

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

5/25/2011 6:14:06 PM
mbam-log-2011-05-25 (18-14-06).txt

Scan type: Quick scan
Objects scanned: 164164
Time elapsed: 4 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



TDSS KILLER LOG::::
2011/05/25 18:33:35.0375 3160 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/25 18:33:35.0847 3160 ================================================================================
2011/05/25 18:33:35.0847 3160 SystemInfo:
2011/05/25 18:33:35.0847 3160
2011/05/25 18:33:35.0848 3160 OS Version: 6.0.6002 ServicePack: 2.0
2011/05/25 18:33:35.0848 3160 Product type: Workstation
2011/05/25 18:33:35.0848 3160 ComputerName: OWNER-PC
2011/05/25 18:33:35.0848 3160 UserName: Owner
2011/05/25 18:33:35.0848 3160 Windows directory: C:\Windows
2011/05/25 18:33:35.0848 3160 System windows directory: C:\Windows
2011/05/25 18:33:35.0848 3160 Running under WOW64
2011/05/25 18:33:35.0848 3160 Processor architecture: Intel x64
2011/05/25 18:33:35.0848 3160 Number of processors: 2
2011/05/25 18:33:35.0848 3160 Page size: 0x1000
2011/05/25 18:33:35.0848 3160 Boot type: Normal boot
2011/05/25 18:33:35.0848 3160 ================================================================================
2011/05/25 18:33:37.0192 3160 Initialize success
2011/05/25 18:33:44.0139 0888 ================================================================================
2011/05/25 18:33:44.0139 0888 Scan started
2011/05/25 18:33:44.0139 0888 Mode: Manual;
2011/05/25 18:33:44.0139 0888 ================================================================================
2011/05/25 18:33:45.0498 0888 Accelerometer (60fbb29ccce48b4c3a6517caf42c3496) C:\Windows\system32\DRIVERS\Accelerometer.sys
2011/05/25 18:33:45.0799 0888 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
2011/05/25 18:33:45.0922 0888 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2011/05/25 18:33:46.0008 0888 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2011/05/25 18:33:46.0116 0888 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2011/05/25 18:33:46.0260 0888 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2011/05/25 18:33:46.0494 0888 AFD (12415ccfd3e7cec55b5184e67b039fe4) C:\Windows\system32\drivers\afd.sys
2011/05/25 18:33:46.0643 0888 AgereSoftModem (3627a62b10284ffbf862bfd49928edf4) C:\Windows\system32\DRIVERS\agrsm64.sys
2011/05/25 18:33:46.0757 0888 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2011/05/25 18:33:46.0811 0888 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2011/05/25 18:33:46.0920 0888 aliide (e0ca5bb8e6c79533dc6b1da7361a201e) C:\Windows\system32\drivers\aliide.sys
2011/05/25 18:33:46.0951 0888 amdide (7034f8d1b9703d711d3f92c95deb377d) C:\Windows\system32\drivers\amdide.sys
2011/05/25 18:33:46.0991 0888 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
2011/05/25 18:33:47.0109 0888 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2011/05/25 18:33:47.0155 0888 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2011/05/25 18:33:47.0289 0888 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/25 18:33:47.0360 0888 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
2011/05/25 18:33:47.0580 0888 BCM43XX (a4815907b039121d8d9221695cdc35f7) C:\Windows\system32\DRIVERS\bcmwl664.sys
2011/05/25 18:33:47.0791 0888 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2011/05/25 18:33:47.0835 0888 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/25 18:33:47.0947 0888 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/25 18:33:47.0982 0888 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2011/05/25 18:33:48.0112 0888 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2011/05/25 18:33:48.0165 0888 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2011/05/25 18:33:48.0189 0888 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/25 18:33:48.0353 0888 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2011/05/25 18:33:48.0572 0888 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2011/05/25 18:33:48.0704 0888 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/25 18:33:48.0789 0888 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/25 18:33:48.0889 0888 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/25 18:33:48.0968 0888 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
2011/05/25 18:33:49.0113 0888 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/25 18:33:49.0138 0888 cmdide (8c6aa24c1d7273a02284588426ab8ce3) C:\Windows\system32\drivers\cmdide.sys
2011/05/25 18:33:49.0273 0888 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/25 18:33:49.0322 0888 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2011/05/25 18:33:49.0686 0888 DfsC (36cd31121f228e7e79bae60aa45764c6) C:\Windows\system32\Drivers\dfsc.sys
2011/05/25 18:33:49.0852 0888 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
2011/05/25 18:33:49.0995 0888 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2011/05/25 18:33:50.0071 0888 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/25 18:33:50.0198 0888 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2011/05/25 18:33:50.0298 0888 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
2011/05/25 18:33:50.0495 0888 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2011/05/25 18:33:50.0696 0888 enecir (f218a3a27ed6592c0e22ec3595554447) C:\Windows\system32\DRIVERS\enecir.sys
2011/05/25 18:33:50.0752 0888 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
2011/05/25 18:33:50.0900 0888 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
2011/05/25 18:33:50.0991 0888 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
2011/05/25 18:33:51.0102 0888 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/25 18:33:51.0159 0888 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2011/05/25 18:33:51.0186 0888 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2011/05/25 18:33:51.0234 0888 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/25 18:33:51.0303 0888 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
2011/05/25 18:33:51.0431 0888 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/25 18:33:51.0477 0888 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/25 18:33:51.0659 0888 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
2011/05/25 18:33:51.0768 0888 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/25 18:33:51.0905 0888 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2011/05/25 18:33:51.0994 0888 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/25 18:33:52.0100 0888 HidUsb (d02c82cb3a20f391c8aeff94e8e0baa1) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/25 18:33:52.0155 0888 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2011/05/25 18:33:52.0193 0888 hpdskflt (4a435ca815a54639ca09ddf75d751ebc) C:\Windows\system32\DRIVERS\hpdskflt.sys
2011/05/25 18:33:52.0282 0888 HpqKbFiltr (0ecc54fd34d6a089c300846b011e81d6) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2011/05/25 18:33:52.0369 0888 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
2011/05/25 18:33:52.0494 0888 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2011/05/25 18:33:52.0584 0888 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/25 18:33:52.0761 0888 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2011/05/25 18:33:53.0130 0888 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/05/25 18:33:53.0303 0888 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2011/05/25 18:33:53.0362 0888 IntcHdmiAddService (dea2ab452b4fa773187369c4b6517320) C:\Windows\system32\drivers\IntcHdmi.sys
2011/05/25 18:33:53.0500 0888 intelide (475490caf376e55e6e8b37bbdfeb2e81) C:\Windows\system32\drivers\intelide.sys
2011/05/25 18:33:53.0541 0888 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/25 18:33:53.0714 0888 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/25 18:33:53.0834 0888 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/25 18:33:53.0950 0888 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/25 18:33:54.0015 0888 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2011/05/25 18:33:54.0095 0888 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2011/05/25 18:33:54.0247 0888 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/25 18:33:54.0281 0888 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2011/05/25 18:33:54.0384 0888 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2011/05/25 18:33:54.0411 0888 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/25 18:33:54.0481 0888 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/25 18:33:54.0608 0888 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/25 18:33:54.0649 0888 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2011/05/25 18:33:54.0832 0888 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/25 18:33:54.0898 0888 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/25 18:33:54.0955 0888 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/25 18:33:55.0129 0888 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/25 18:33:55.0150 0888 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2011/05/25 18:33:55.0226 0888 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2011/05/25 18:33:55.0324 0888 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2011/05/25 18:33:55.0381 0888 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2011/05/25 18:33:55.0474 0888 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/25 18:33:55.0535 0888 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/25 18:33:55.0628 0888 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/25 18:33:55.0702 0888 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2011/05/25 18:33:55.0797 0888 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2011/05/25 18:33:55.0847 0888 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/25 18:33:55.0937 0888 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/25 18:33:56.0071 0888 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
2011/05/25 18:33:56.0125 0888 mrxsmb (dc434b4769e18da09ce1b7755d4c64e9) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/25 18:33:56.0208 0888 mrxsmb10 (64713fcfe3de8881d62f8f3f2f794241) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/25 18:33:56.0262 0888 mrxsmb20 (0005c599a2abf767a815afcd32e523e3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/25 18:33:56.0354 0888 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
2011/05/25 18:33:56.0433 0888 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2011/05/25 18:33:56.0497 0888 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2011/05/25 18:33:56.0598 0888 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2011/05/25 18:33:56.0670 0888 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/25 18:33:56.0700 0888 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/25 18:33:56.0796 0888 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2011/05/25 18:33:56.0913 0888 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
2011/05/25 18:33:57.0004 0888 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/25 18:33:57.0066 0888 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2011/05/25 18:33:57.0181 0888 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
2011/05/25 18:33:57.0273 0888 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/25 18:33:57.0456 0888 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
2011/05/25 18:33:57.0550 0888 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/25 18:33:57.0607 0888 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/25 18:33:57.0669 0888 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/25 18:33:57.0771 0888 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2011/05/25 18:33:57.0814 0888 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/25 18:33:57.0944 0888 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/25 18:33:58.0135 0888 NETw3v64 (c86984aee87900c1eeb6942ede3bf4b6) C:\Windows\system32\DRIVERS\NETw3v64.sys
2011/05/25 18:33:58.0262 0888 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2011/05/25 18:33:58.0325 0888 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
2011/05/25 18:33:58.0485 0888 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/25 18:33:58.0581 0888 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
2011/05/25 18:33:58.0684 0888 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2011/05/25 18:33:58.0712 0888 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2011/05/25 18:33:58.0739 0888 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2011/05/25 18:33:58.0841 0888 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2011/05/25 18:33:59.0038 0888 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/25 18:33:59.0154 0888 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2011/05/25 18:33:59.0298 0888 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
2011/05/25 18:33:59.0378 0888 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
2011/05/25 18:33:59.0451 0888 pciide (15e5c3f89a3452efbda3b39816dbc4ee) C:\Windows\system32\drivers\pciide.sys
2011/05/25 18:33:59.0607 0888 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2011/05/25 18:33:59.0686 0888 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2011/05/25 18:33:59.0930 0888 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/25 18:33:59.0995 0888 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
2011/05/25 18:34:00.0120 0888 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/25 18:34:00.0191 0888 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2011/05/25 18:34:00.0291 0888 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2011/05/25 18:34:00.0351 0888 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/25 18:34:00.0528 0888 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/25 18:34:00.0691 0888 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/25 18:34:00.0762 0888 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/25 18:34:00.0889 0888 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/25 18:34:00.0982 0888 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/25 18:34:01.0085 0888 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/25 18:34:01.0125 0888 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
2011/05/25 18:34:01.0219 0888 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/25 18:34:01.0292 0888 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
2011/05/25 18:34:01.0543 0888 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/25 18:34:01.0714 0888 RTL8169 (af7074e1d6a8a66204067ee8b2a8327a) C:\Windows\system32\DRIVERS\Rtlh64.sys
2011/05/25 18:34:01.0756 0888 RTSTOR (aa3987386cf7d9005c42bc974634bd56) C:\Windows\system32\drivers\RTSTOR64.SYS
2011/05/25 18:34:01.0874 0888 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2011/05/25 18:34:01.0973 0888 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
2011/05/25 18:34:02.0020 0888 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/05/25 18:34:02.0116 0888 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
2011/05/25 18:34:02.0179 0888 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
2011/05/25 18:34:02.0211 0888 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2011/05/25 18:34:02.0301 0888 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
2011/05/25 18:34:02.0341 0888 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/25 18:34:02.0374 0888 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/25 18:34:02.0481 0888 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2011/05/25 18:34:02.0538 0888 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2011/05/25 18:34:02.0597 0888 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2011/05/25 18:34:02.0728 0888 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
2011/05/25 18:34:02.0846 0888 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
2011/05/25 18:34:02.0935 0888 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
2011/05/25 18:34:02.0983 0888 srv2 (fa36d119249bf27bc4c0079734e1f33b) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/25 18:34:03.0010 0888 srvnet (cfe7bc92d52c7e79427545909a0182f8) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/25 18:34:03.0157 0888 STHDA (e01797a54f8a61512b7e590fde6d1988) C:\Windows\system32\DRIVERS\stwrt64.sys
2011/05/25 18:34:03.0501 0888 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/25 18:34:03.0733 0888 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2011/05/25 18:34:03.0766 0888 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2011/05/25 18:34:03.0806 0888 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2011/05/25 18:34:03.0931 0888 SynTP (c851305e2bcfce8aaa53342f912ddd7f) C:\Windows\system32\DRIVERS\SynTP.sys
2011/05/25 18:34:04.0042 0888 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys
2011/05/25 18:34:04.0186 0888 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/25 18:34:04.0306 0888 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/25 18:34:04.0341 0888 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2011/05/25 18:34:04.0408 0888 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2011/05/25 18:34:04.0520 0888 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/25 18:34:04.0633 0888 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/25 18:34:04.0809 0888 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/25 18:34:04.0899 0888 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/25 18:34:05.0004 0888 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/25 18:34:05.0096 0888 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2011/05/25 18:34:05.0229 0888 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/25 18:34:05.0296 0888 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/25 18:34:05.0371 0888 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2011/05/25 18:34:05.0500 0888 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2011/05/25 18:34:05.0613 0888 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2011/05/25 18:34:05.0656 0888 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/25 18:34:05.0806 0888 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/25 18:34:05.0855 0888 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2011/05/25 18:34:06.0021 0888 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/25 18:34:06.0057 0888 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/25 18:34:06.0101 0888 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
2011/05/25 18:34:06.0210 0888 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/25 18:34:06.0287 0888 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/25 18:34:06.0401 0888 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/25 18:34:06.0452 0888 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
2011/05/25 18:34:06.0584 0888 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/25 18:34:06.0621 0888 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2011/05/25 18:34:06.0651 0888 viaide (4f964e6828156f0ef3fa8d3a9a7895de) C:\Windows\system32\drivers\viaide.sys
2011/05/25 18:34:06.0778 0888 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
2011/05/25 18:34:06.0838 0888 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
2011/05/25 18:34:07.0084 0888 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
2011/05/25 18:34:07.0134 0888 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2011/05/25 18:34:07.0227 0888 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2011/05/25 18:34:07.0296 0888 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/25 18:34:07.0315 0888 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/25 18:34:07.0380 0888 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2011/05/25 18:34:07.0451 0888 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/25 18:34:07.0745 0888 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/25 18:34:07.0914 0888 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/25 18:34:08.0012 0888 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/25 18:34:08.0157 0888 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/25 18:34:08.0229 0888 yukonx64 (07f7285220307aafb755d890295f0f9a) C:\Windows\system32\DRIVERS\yk60x64.sys
2011/05/25 18:34:08.0338 0888 {55662437-DA8C-40c0-AADA-2C816A897A49} (15cc7077d2dc28776cd430ecabbffd66) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
2011/05/25 18:34:08.0415 0888 MBR (0x1B8) (5c86adec17b739c437e145e3b3fc2e6d) \Device\Harddisk0\DR0
2011/05/25 18:34:08.0422 0888 ================================================================================
2011/05/25 18:34:08.0422 0888 Scan finished
2011/05/25 18:34:08.0422 0888 ================================================================================
2011/05/25 18:34:08.0439 3284 Detected object count: 0
2011/05/25 18:34:08.0439 3284 Actual detected object count: 0



*******************************

Thanks again for your help Ron. It appears I have all my files back and no longer have a scan in process saying I'm infected. But knowing trojans these days I don't know if it's over yet.

Thank you so much....
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
As trojans go this one is fairly simple to remove. The problem is undoing the damage it causes but in your case we got lucky. It started out just making all of your files hidden which was easy to undo but recently it has been moving all of the Program links to a folder with a temp folder. If this folder gets deleted then it's really hard to get your links back. They have to be created one at a time.

Don't know why aswmbr didn't work for you but perhaps it has something to do with yours being a 64 bit system. TDSS says you are clean so I think we are good to go.

You can remove or uninstall the tools. If you run OTL again and press the Cleanup button it will do it for you.

We need to clean up System Restore.

The best way is to follow Jim's procedure here http://aumha.net/vie...581099691bf108f
tho it hasn't been updated for Vista or Win 7 yet so To create a Restore Point try this:
right click on Computer and select Properties and System Protection (Continue) and then Create (at the bottom). OK Give it a name like Clean and then Create. OK. OK.

Once you have created a Restore Point:

Now Start (Windows Logo Button), Programs, Accessories, Right click on Command Prompt and select Run As Administrator,
cleanmgr

Select "Files from All Users."
Continue

Select OS (C:)
OK

It will think for a few minutes.

Then come up with a few suggestions. Ignore those and press More Options. Under System Restore and Shadow Copies, click Clean Up and let it do its thing.


You do not have the latest Java (Java™ 6 Update 25). Get the latest at:

http://javadl.sun.co...?BundleId=41723

Save it to your PC then close all browsers and install it.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Flash Player recently came out with a new version which fixes an exploit hole. See http://aumha.net/vie...&st=0&sk=t&sd=a Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. It seems to work best if you reboot right after running it. You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP