Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Alureon.DX Rootkit + Antivirus problems

Started by Itachirumon , Jul 10 2011 03:46 AM

  • This topic is locked This topic is locked

#1
Itachirumon
Posted 10 July 2011 - 03:46 AM

Itachirumon

    Member

  • Member
  • PipPip
  • 77 posts
Hello everyone, been awhile since I was here last. About a year ago this site helped me clean up the Alureon.A (or .E, I forget which) rootkit after my computer was reimaged (following sending it into HP for a simple hinge-repair issue...dv9208nr model, factory defect). Long story short... about a two weeks or so ago (longer for the other exploits) I began noticing Microsoft Security Essentials was picking up the Alureon.DX rootkit amongst other Java exploits. I removed and reinstalled Java and that fixed the other exploits but Alureon.DX kept coming back. Finally I decided to try and hit it with Webroot antivirus (we've recently bought the 3-computer protection), I planned to uninstall Trend antivirus after getting webroot safely on here. Unfortunately they've both glitched now - I can neither remove Trend (or use it) or finish putting Webroot on the computer. Alureon.DX is still popping up about every 2 days and being hit with MSE. TDSSKiller comes back clean, I've even run it moments after MSE detects a problem. On Monday during a google search for the rootkit I found a website called the Tech Guy Support Forums but after a week (with 3 post bumps at ~36-48 hours each time) there's been no response, so I'm going to give up and focus on advice from here alone (I only used them in the first place because I'd forgotten the name of this website after a year). Please don't close my topic, any help that can be given would be greatly appreciated. I'll post the same information I gave them here, minus the GMER logs and such until they're requested.
-------------------------
Post via 7/4/11 - This Alureon.DX virus has been popping in and out for about a week or so now, Microsoft Security Essentials seems to catch it every single time but it's gotten where it keeps popping up during scans so I felt I should come in. Just in the last 24 hours the computer has really begun bogging down (after I tried updating MSE). I tried hitting it with TDSSKiller and it doesn't seem to see it.

I'm not getting any of the redirects I was getting the last time I was hit with Alureon.X (or was it E) about this time last year so I'm not sure if MSE was successful in getting it off or not. On a related issue - I'm trying to get Trend off my computer and Webroot on, every time I try to install it it appears to fail so I'm not sure if this is the rootkit doing something or just Trend being a bugger. Now I can't access Trend OR uninstall it to put Webroot on there.

Also, I dunno if this is relevant but for about 2-3 weeks, the website Stickam hasn't been letting me "go live" - I'm wondering if maybe the virus is affecting the webcam driver?

----------------------------
Post via 7/8/11 - Providing an information update - I tried again to remove/reinstall Trend (again, preferribly remove because mom's paid for a 3-computer Webroot and it's actually able to find rootkits).. trying to install Trend Titanium... force Trend uninstall program.. both end up glitching as soon as they try to uninstall Trend antivirus 2010 itself. I'm wondering if maybe the virus found a way to corrupt the antivirus software or something. It also occurs to me that Windows Update may not be working anymore since everytime I reboot the computer it says it has to update but it never does. Hopefully we'll be able to get to the bottom of this thing.

---------------------
OTL -

OTL logfile created on: 7/10/2011 2:23:14 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\TEST\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 0.89 Gb Available Physical Memory | 45.88% Memory free
4.11 Gb Paging File | 2.65 Gb Available in Paging File | 64.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 105.20 Gb Total Space | 41.38 Gb Free Space | 39.34% Space Free | Partition Type: NTFS
Drive D: | 6.59 Gb Total Space | 0.61 Gb Free Space | 9.30% Space Free | Partition Type: NTFS
Drive E: | 167.07 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: JAKE | User Name: TEST | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/10 02:22:24 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\TEST\Desktop\OTL.exe
PRC - [2011/01/05 10:11:04 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2010/09/15 04:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2010/01/26 17:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\System32\Macromed\Flash\FlashUtil10e.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008/04/17 14:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/04/17 14:14:00 | 000,098,616 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2008/02/21 22:00:00 | 000,188,928 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\spool\drivers\w32x86\3\E_FATIEQA.EXE
PRC - [2006/11/24 16:34:20 | 000,118,877 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
PRC - [2006/11/24 16:34:16 | 000,270,431 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
PRC - [2006/10/10 17:44:10 | 000,034,520 | ---- | M] (Hewlett Packard) -- C:\Program Files\HP Connections\6811507\Program\HP Connections.exe


========== Modules (SafeList) ==========

MOD - [2011/07/10 02:22:24 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\TEST\Desktop\OTL.exe
MOD - [2010/08/31 08:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2011/06/28 17:45:37 | 003,435,096 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_e477fed.dll -- (Akamai)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/04/17 14:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/11/24 16:34:20 | 000,118,877 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006/11/24 16:34:16 | 000,270,431 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2006/06/26 10:50:08 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2004/10/22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2011/07/10 02:16:28 | 000,041,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\apuvmbsz.sys -- (apuvmbsz)
DRV - [2011/07/10 02:01:27 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{812F0368-0543-4E4F-88CB-68CC9BBA1C51}\MpKsl9d19e823.sys -- (MpKsl9d19e823)
DRV - [2010/03/25 21:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/02/25 00:03:16 | 000,014,904 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2010/01/18 16:39:06 | 000,003,200 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\rcmirror.sys -- (rcmirror)
DRV - [2009/06/24 06:08:00 | 007,542,208 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/03/03 05:10:44 | 000,182,272 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/07/10 06:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/11/18 12:32:16 | 000,145,920 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2006/11/15 10:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/15 05:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/15 03:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/09/15 01:44:18 | 000,011,520 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvsmu.sys -- (nvsmu)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/16 22:50:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/16 22:50:48 | 000,000,000 | ---D | M]

[2010/10/08 16:14:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TEST\AppData\Roaming\mozilla\Extensions
[2011/06/19 02:27:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TEST\AppData\Roaming\mozilla\Firefox\Profiles\rpx2zr01.default\extensions
[2010/10/15 03:09:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\TEST\AppData\Roaming\mozilla\Firefox\Profiles\rpx2zr01.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/26 00:54:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/07 02:59:24 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/06/26 00:54:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/06/26 00:53:11 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON WorkForce 500 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEQA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img36.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/19 08:45:18 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 07:18:54 | 000,000,340 | -H-- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2010/06/23 12:19:29 | 000,000,049 | R--- | M] () - E:\AUTORUN.INF -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/10 02:22:13 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\TEST\Desktop\OTL.exe
[2011/07/08 15:57:57 | 000,000,000 | ---D | C] -- C:\Users\TEST\Desktop\tdsskiller
[2011/07/08 15:46:17 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/07/05 20:51:57 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\{58620F0F-D8BF-422D-89AC-0F99907EF7FB}
[2011/07/04 00:25:17 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\TEST\Desktop\HijackThis.exe
[2011/07/03 19:53:24 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\Trend Micro
[2011/07/03 19:10:37 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\lptmp31350
[2011/07/03 18:59:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\{94E7A161-5A7B-460F-BD45-76DE70D977A9}
[2011/07/03 18:58:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Webroot
[2011/07/03 18:58:27 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\PackageAware
[2011/06/29 20:32:41 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\{3A31061A-BDDF-4289-8267-69A33278C7CA}
[2011/06/26 22:25:02 | 000,000,000 | ---D | C] -- C:\Program Files\BrainWave Generator
[2011/06/26 00:54:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/06/21 00:04:12 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\{4F142BAE-08FF-41D9-989A-6773DE038679}
[2011/06/20 12:03:17 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\{4223E5E8-AB54-4073-8B20-C1CA3911F78A}
[2011/06/20 00:02:42 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\{BA2E0AFB-6584-4CB3-BEE2-D56160935430}
[2011/06/19 14:26:14 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\{1780D503-6F03-4B9C-9BD9-E53297449C66}
[2011/06/19 01:18:21 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\{2B462EFD-A6B5-4430-AB95-0182479C7CD3}
[2011/06/18 13:18:03 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\{A86B9B44-0231-460C-AE7F-E93C8D17F898}
[2011/06/18 01:17:57 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\{081167D4-0030-4FC3-9561-62D67AC75C32}
[2011/06/17 13:17:39 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\{0ED99981-F7C4-4CBE-A245-53D88E57D5A7}
[2011/06/17 01:17:07 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\{6E60BBE3-1FBC-4D69-9B8D-3D76477B3DC6}
[2011/06/16 13:16:47 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\{65157CF7-92C8-4BB4-BB81-782AEEA28DD1}
[2011/06/16 01:16:22 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\{23C90654-E412-45DC-B5A9-970EFD093C79}
[2011/06/15 13:15:47 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\{D3CFBFCE-148E-492E-A911-F04E99D3EA26}
[2011/06/14 21:32:21 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\{2FED5398-DC6D-4416-A27B-DCA641D13EDE}
[2011/06/14 09:32:04 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\{AB6FEDEC-69FD-4C84-9CA3-3F97FCD4639D}
[2011/06/13 21:31:47 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\{AAEC998E-21F5-4166-90A8-38A1BE32CC35}
[2011/06/13 09:31:16 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\{5EB1C7D1-FD89-427F-AFD8-98E8AC42D685}
[2011/06/12 21:29:40 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
[2011/06/12 21:19:24 | 000,000,000 | ---D | C] -- C:\AeriaGames
[2011/06/12 21:16:51 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\{01809178-40BC-4E99-A1C2-60B614071B20}
[2011/06/12 19:20:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai
[2011/06/12 09:16:37 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\{F0EEF657-BEAA-40D7-932D-78E46590696E}
[2011/06/11 21:16:06 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\{8C394661-B7DB-444F-AE50-71FAB723A612}
[2011/06/11 09:15:47 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\{E9D9CB0F-7322-4CB1-B1EB-D08842743D34}
[2011/06/10 21:15:25 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\{6F775895-4E82-4144-A77D-489DF3F1D0FC}
[2011/06/10 09:15:04 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\{E90448F8-249A-4288-8D0B-E4DBC840E52E}

========== Files - Modified Within 30 Days ==========

[2011/07/10 02:22:24 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\TEST\Desktop\OTL.exe
[2011/07/10 01:02:11 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/10 01:02:11 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/09 17:02:27 | 000,091,044 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/07/09 17:02:27 | 000,091,044 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/07/09 17:02:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/08 15:34:26 | 000,000,146 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/07/08 15:32:28 | 2078,916,608 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/08 15:30:08 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/07/04 20:00:12 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTEST.job
[2011/07/04 00:26:53 | 000,009,927 | ---- | M] () -- C:\Users\TEST\Desktop\hijackthis 6.4.11 12.26 AM
[2011/07/04 00:25:39 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\TEST\Desktop\HijackThis.exe
[2011/06/30 01:26:08 | 000,437,952 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/06/30 01:08:22 | 000,102,400 | ---- | M] () -- C:\Windows\RegBootClean.exe
[2011/06/12 21:29:40 | 000,000,720 | ---- | M] () -- C:\Users\TEST\Desktop\EdenEternal.lnk

========== Files Created - No Company Name ==========

[2011/07/04 00:26:53 | 000,009,927 | ---- | C] () -- C:\Users\TEST\Desktop\hijackthis 6.4.11 12.26 AM
[2011/07/03 20:01:46 | 2078,916,608 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/26 22:25:04 | 000,000,874 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrainWave Generator.lnk
[2011/06/12 21:29:40 | 000,000,720 | ---- | C] () -- C:\Users\TEST\Desktop\EdenEternal.lnk
[2011/04/27 22:31:02 | 000,102,400 | ---- | C] () -- C:\Windows\RegBootClean.exe
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/03/07 03:00:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/11/29 02:14:51 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/11/29 02:14:51 | 000,000,088 | RHS- | C] () -- C:\ProgramData\C68E9900AD.sys
[2010/10/14 02:49:18 | 000,011,264 | ---- | C] () -- C:\Windows\DCEBoot.exe
[2010/09/06 22:57:30 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/09/06 22:57:29 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010/09/06 22:57:29 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010/09/06 22:57:29 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010/09/06 22:57:29 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010/09/06 22:57:29 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010/09/06 22:57:29 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010/09/06 22:57:29 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010/09/06 22:57:29 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010/09/06 22:57:29 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010/09/06 22:57:29 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010/09/06 22:57:29 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010/09/06 22:57:29 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010/09/06 22:57:29 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010/09/06 22:57:29 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010/09/06 22:57:28 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010/09/06 22:49:23 | 000,000,044 | ---- | C] () -- C:\Windows\EPWF500.ini
[2010/07/14 00:29:48 | 000,164,352 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2010/07/14 00:29:48 | 000,001,251 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-HypnoStudio1.dat
[2010/06/30 18:58:16 | 000,007,168 | ---- | C] () -- C:\Users\TEST\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/04 16:11:23 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/05/29 15:00:46 | 000,000,036 | ---- | C] () -- C:\Users\TEST\AppData\Local\housecall.guid.cache
[2010/05/27 03:21:16 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/05/26 04:06:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/05/26 04:06:38 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/05/24 02:23:27 | 000,091,044 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/05/24 02:23:27 | 000,091,044 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/05/24 02:14:27 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/05/23 18:58:25 | 000,000,112 | ---- | C] () -- C:\Users\TEST\AppData\Roaming\wklnhst.dat
[2010/05/21 22:52:38 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010/05/21 17:53:22 | 000,006,944 | ---- | C] () -- C:\Users\TEST\AppData\Local\d3d9caps.dat
[2010/01/18 16:38:46 | 000,010,496 | ---- | C] () -- C:\Windows\System32\rcmirror.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/01/14 17:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2006/12/19 07:46:03 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2006/11/29 00:32:42 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:47:37 | 000,437,952 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,658,206 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,125,686 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/19 00:02:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/19 00:02:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/03/09 16:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/01/01 00:05:05 | 000,048,926 | ---- | C] () -- C:\Users\TEST\AppData\Roaming\nvModes.001
[2006/01/01 00:03:49 | 000,048,926 | ---- | C] () -- C:\Users\TEST\AppData\Roaming\nvModes.dat
[2005/08/30 01:00:00 | 000,781,312 | ---- | C] () -- C:\Windows\System32\RGSS102J.dll
[2005/08/30 01:00:00 | 000,778,752 | ---- | C] () -- C:\Windows\System32\RGSS102E.dll
[2005/08/30 01:00:00 | 000,771,584 | ---- | C] () -- C:\Windows\System32\RGSS100J.dll
[2005/08/26 15:28:34 | 000,143,360 | ---- | C] () -- C:\Windows\unzip.exe
[2005/08/26 15:28:20 | 000,024,576 | ---- | C] () -- C:\Windows\shortcut.exe
[2005/08/26 15:27:58 | 000,045,056 | ---- | C] () -- C:\Windows\devenum.exe
[2005/05/07 05:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2004/09/16 13:24:26 | 003,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll
[1999/01/12 11:40:22 | 000,029,184 | ---- | C] () -- C:\Windows\rmud.exe

========== LOP Check ==========

[2010/05/28 16:45:56 | 000,000,000 | ---D | M] -- C:\Users\TEST\AppData\Roaming\acccore
[2010/09/06 23:03:59 | 000,000,000 | ---D | M] -- C:\Users\TEST\AppData\Roaming\Leadertech
[2010/09/14 21:46:05 | 000,000,000 | ---D | M] -- C:\Users\TEST\AppData\Roaming\RenPy
[2010/05/25 18:33:02 | 000,000,000 | ---D | M] -- C:\Users\TEST\AppData\Roaming\SecondLife
[2010/05/23 18:58:27 | 000,000,000 | ---D | M] -- C:\Users\TEST\AppData\Roaming\Template
[2011/07/08 15:30:23 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 924 bytes -> C:\Windows\System32\drivers\apuvmbsz.sys:changelist
@Alternate Data Stream - 200 bytes -> C:\ProgramData\TEMP:B1FBBD09
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

OTL Extras logfile created on: 7/10/2011 2:23:14 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\TEST\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 0.89 Gb Available Physical Memory | 45.88% Memory free
4.11 Gb Paging File | 2.65 Gb Available in Paging File | 64.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 105.20 Gb Total Space | 41.38 Gb Free Space | 39.34% Space Free | Partition Type: NTFS
Drive D: | 6.59 Gb Total Space | 0.61 Gb Free Space | 9.30% Space Free | Partition Type: NTFS
Drive E: | 167.07 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: JAKE | User Name: TEST | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{037E2BC0-66A3-4A05-A819-4F80A2D2D42B}" = rport=139 | protocol=6 | dir=out | app=system |
"{120C51B4-7666-47D2-B1CA-8391EECA1809}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{14C386B0-C0FF-47EC-8DCF-02378C422FE1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{1B98D8BD-761B-4E04-9C1F-9AA6AD2CABEC}" = lport=138 | protocol=17 | dir=in | app=system |
"{22DEAD76-BB7F-4E47-9858-9C1E8F014F5F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{25F3006C-FDA3-4BFE-9415-EEE259AC243E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{494BBB27-2F1B-4FEA-ADA7-9165A4F11F96}" = rport=137 | protocol=17 | dir=out | app=system |
"{5B6A86D4-530E-4035-A60B-2556DED45C84}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{61B1AA08-9CAB-4E93-A90B-B75921D4BF0D}" = lport=139 | protocol=6 | dir=in | app=system |
"{7DDDD4FE-54F7-4C0A-BD30-A13D0753A134}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{7FE6BA08-B9E5-4E75-A5A3-636B7334E077}" = lport=49160 | protocol=6 | dir=in | name=akamai netsession interface |
"{A00C7035-6927-4725-B286-BE04217650D5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{B3069FC9-843B-4E87-AE49-9543C31A1D1D}" = lport=445 | protocol=6 | dir=in | app=system |
"{D490A94E-032C-4B50-A983-4FCA2970D7F5}" = rport=138 | protocol=17 | dir=out | app=system |
"{D5B900DB-6BDA-450E-8588-FE7758C1AB38}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{DCDE102F-C1B5-42D8-9F2D-24C9EFA0A0EB}" = rport=445 | protocol=6 | dir=out | app=system |
"{FA110429-9441-405F-B682-BB54A5D20C19}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A60D78C-8615-468E-B5DF-35D0519E8CD4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0F6884F8-0177-44B7-9EF8-71B5D152521E}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal\_launcher.exe |
"{1F129598-9E55-4C67-9E21-0F70FFDBE5A9}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{2AFC187B-7AF4-4EBE-AB6D-7989BF1C595C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2C661351-696E-49A1-B90D-A37E190B9B6C}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal\launcher.exe |
"{2FF32C75-75C7-443E-B4B7-3DB5200F63E8}" = protocol=58 | dir=in | [email protected],-28545 |
"{315C6BBB-32CA-416E-BEF9-DA8D10D154FD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{370D3126-80CF-4581-A39C-9BB2F7C91351}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{42B3EBC5-5617-4D9F-B9E2-492D5D72B147}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{4818D23F-1DAD-4222-B74B-69599BDE38FA}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{53603BD5-EDCD-42C8-A1E1-45A69CB4E43A}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{55BD112C-5BEB-4B06-B257-B7A5B45995D3}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal\launcher.exe |
"{6740508C-9802-4F3C-824B-AEF23C363805}" = protocol=17 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{6E3273CD-5E5E-40D5-B5AC-078E4418AA60}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal\_launcher.exe |
"{76C5B98F-E6AA-42F3-A332-1458E3C64FE4}" = protocol=6 | dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{79356EB1-27F8-4320-8C04-B9331C4B252C}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{7D5A52B9-20E0-4F41-B880-388850D1D1B6}" = protocol=1 | dir=out | [email protected],-28544 |
"{8912A1BC-E885-4AEE-8D53-15CABA8F9111}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{8A797C5A-C872-4DBC-8F69-E8725C37DCD9}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{8ABEC5EA-1E3E-4A63-AB20-09EE895D60E9}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{94F97279-1463-4FEE-97A2-A18B778E385A}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{966946D9-E09E-44D5-A286-DA4583286CCD}" = protocol=1 | dir=in | [email protected],-28543 |
"{A058C8F2-981D-4F1E-86E3-AA1D88FFA5B5}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{A41F8896-BEA7-496D-B566-E88E99708941}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{AE903308-19C0-4D4F-ADAE-CA341A258368}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{AFA52BB0-A0ED-4E79-82CB-F22A4AF79B66}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{B4F50AAC-D49B-4065-8F08-51B35141A1F3}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{B7359019-F8BB-422B-BC76-BD9EBEAFF4C3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C0CF6D8B-590D-407D-A3A6-E15BB6AD5C21}" = protocol=58 | dir=out | [email protected],-28546 |
"{C63840E6-1C87-4B86-84F2-6A6D771EB1B2}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{D08A38F4-8CA0-4979-8021-58773561345F}" = protocol=17 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{D47EEFA3-BF95-464E-B729-631996DBFBF3}" = dir=in | app=c:\program files\hp connections\6811507\program\hp connections |
"{DA70F032-0410-47A5-A1A8-8AC3263769EC}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{DA88E613-CDDC-447F-B269-6E997CF77C3D}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{DE0A8A78-9F7E-4BB2-9C18-0F88A696B8EB}" = protocol=17 | dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{E08BCE2F-D455-430E-8BA8-A0D1D00F2EF8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E7B66B2D-4225-4383-8C50-495E33342EB3}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{EE3FB4DB-6D6B-4BE4-A8CE-5F74DFD27AC1}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{F1A52E91-A3D8-445E-AACF-E3AD8E27DBEA}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{F2D9572C-6F9F-4401-B782-C5868CF22CE5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F44BA3B9-4616-451A-AF66-1A14A93135F0}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"TCP Query User{5E2ECD6C-91CA-4603-919E-3B82CDB49C04}C:\program files\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"TCP Query User{7E9ED192-A46E-4FC5-9A3A-0D6C6C9CB42C}C:\program files\secondlifeviewer2\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlifeviewer2\slvoice.exe |
"TCP Query User{C680BB1D-7FDF-43BE-BC10-BECE2D0B43B0}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{F61A4CE9-54B0-4DCE-B45C-B1BA0EBCBE68}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{41625E46-40AE-418D-B3EE-F6EA9E16EF2B}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{502F5CC2-CD06-48D0-BA09-BF020EDA9359}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{CED56A31-D656-4BAA-ABA5-EB53DA039682}C:\program files\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"UDP Query User{EEFC008B-6655-47A8-A7D2-5E2BE8BA2FDE}C:\program files\secondlifeviewer2\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlifeviewer2\slvoice.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01A1A019-E1D8-482A-BE17-5E118D17C0A0}" = ArcSoft Print Creations - Brochure
"{02F33FB0-F7D5-4C0A-B4AD-8CE5CE230BBE}" = HP Wireless Assistant
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C2AF762-0565-4C91-9F55-B8B53BB82A38}" = Microsoft Office Accounting 2008 Equifax Addin
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21E62565-8639-457C-B64C-A3FF0A8B4D80}" = HP Active Support Library
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{26ED4308-E0A5-4AE2-A1BC-7A55BC7DD32C}" = The Silver Lining
"{270940EA-C235-40D9-B2AE-2D450356DF8E}" = Microsoft Office Accounting 2008
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}" = RGSS-RTP Standard
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5CA81D12-9EC2-4082-972B-43ECA63F41F2}" = HP Pavilion Webcam Driver for Vista v061.001.00005
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro AntiVirus
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99C5770C-1C90-42E7-9B74-D47CFAF14621}" = muvee autoProducer 5.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B34CAC6-738F-4A20-B428-A115C3E3474C}" = RPGXP
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro AntiVirus
"{A12A3DED-CCDA-4F29-A1BA-00F0C6521CD5}" = HP Total Care Advisor
"{A29549FD-65F3-440C-A552-6B8114CF319D}" = Skype Toolbars
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.2
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B0F97FBF-9F98-4522-B65D-8980FE38C726}" = HP User Guide 0042
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B391EECE-DFEA-4FC5-9D40-47FA43E2DBE6}" = Microsoft Office Accounting 2008 PayPal Addin
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E3DF6916-2472-43D9-8B3C-9F2F0AAB01B5}" = Microsoft Office Accounting 2008 Fixed Asset Manager
"{E4DDBA93-769B-49D8-BA33-8814E45ED0C1}" = HP Help and Support
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F626E006-C06C-466A-B133-92C1991385CA}" = ArcSoft Print Creations
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = ASL_HS_Installer32
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEEE8C57-0BE4-42A9-ABCC-D7A4DCFDD26C}" = Billy 4.1
"7-Zip" = 7-Zip 9.20
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"Akamai" = Akamai NetSession Interface
"BFGC" = Big Fish Games: Game Manager
"BFG-Plants vs Zombies" = Plants vs. Zombies
"BrainWave Generator" = BrainWave Generator
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CCleaner" = CCleaner
"Celtx (2.7)" = Celtx (2.7)
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Corby" = Corby
"EdenEternal" = EdenEternal
"EPSON Scanner" = EPSON Scan
"EPSON WorkForce 500 Series" = EPSON WorkForce 500 Series Printer Uninstall
"ESET Online Scanner" = ESET Online Scanner v3
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HPOOVClient-6811507 Uninstaller" = HP Connections (remove only)
"HypnoHouse" = HypnoHouse 0.2
"HypnoStudio1" = HypnoStudio1
"HypnoTrainer_is1" = HypnoTrainer
"LHTTSENG" = L&H TTS3000 British English
"MapleStory" = MapleStory
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Office Accounting 2008" = Microsoft Office Accounting 2008
"Microsoft Security Essentials" = Microsoft Security Essentials
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"MSCSR" = Microsoft Speech Recognition Engine 4.0 (English)
"MSDict" = Microsoft Dictation
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"NVIDIA Drivers" = NVIDIA Drivers
"Plants vs. Zombies" = Plants vs. Zombies
"PROR" = Microsoft Office Professional 2007
"RPG Maker VX RTP_is1" = RPG Maker VX RTP
"RPG Maker VX_is1" = RPG Maker VX
"SecondLifeViewer2" = SecondLifeViewer2 (remove only)
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"TV3D65_is1" = TV3D SDK 6.5 Prerelease
"Virtual Hypnotist" = Virtual Hypnotist 5.8
"Virtual Hypnotist Expansion Pack" = Virtual Hypnotist Expansion Pack 2.0
"WildTangent hplaptop Master Uninstall" = My HP Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar for Internet Explorer
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/7/2011 10:39:56 AM | Computer Name = Jake | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2855

Error - 7/7/2011 10:39:56 AM | Computer Name = Jake | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2855

Error - 7/7/2011 10:39:58 AM | Computer Name = Jake | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/7/2011 10:39:58 AM | Computer Name = Jake | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3978

Error - 7/7/2011 10:39:58 AM | Computer Name = Jake | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3978

Error - 7/7/2011 10:39:59 AM | Computer Name = Jake | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/7/2011 10:39:59 AM | Computer Name = Jake | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4976

Error - 7/7/2011 10:39:59 AM | Computer Name = Jake | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4976

Error - 7/8/2011 5:33:57 PM | Computer Name = Jake | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.19088, time stamp
0x4de07b1b, faulting module mshtml.dll, version 8.0.6001.19088, time stamp 0x4de090ed,
exception code 0xc0000005, fault offset 0x001093db, process id 0x10dc, application
start time 0x01cc3db5a755b280.

Error - 7/8/2011 6:26:57 PM | Computer Name = Jake | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.19088, time stamp
0x4de07b1b, faulting module mshtml.dll, version 8.0.6001.19088, time stamp 0x4de090ed,
exception code 0xc0000005, fault offset 0x001093db, process id 0x133c, application
start time 0x01cc3dbe055c2ff0.

[ OSession Events ]
Error - 10/26/2010 4:48:09 AM | Computer Name = Jake | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 62
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/6/2011 6:02:35 AM | Computer Name = Jake | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 7/7/2011 6:01:13 AM | Computer Name = Jake | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 7/7/2011 6:07:31 AM | Computer Name = Jake | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 7/7/2011 11:38:29 AM | Computer Name = Jake | Source = Schannel | ID = 36874
Description = An SSL connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 7/8/2011 6:01:15 AM | Computer Name = Jake | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 7/8/2011 6:03:59 AM | Computer Name = Jake | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 7/8/2011 6:29:36 PM | Computer Name = Jake | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 7/8/2011 6:29:50 PM | Computer Name = Jake | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 7/9/2011 6:00:53 AM | Computer Name = Jake | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 7/9/2011 6:02:53 AM | Computer Name = Jake | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =


< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 10 July 2011 - 07:52 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets try this first and see what results we get

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    DRV - [2011/07/10 02:16:28 | 000,041,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\apuvmbsz.sys -- (apuvmbsz)
    @Alternate Data Stream - 924 bytes -> C:\Windows\System32\drivers\apuvmbsz.sys:changelist

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#3
Itachirumon
Posted 10 July 2011 - 10:31 AM

Itachirumon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
Wow, thank you so much for getting back to me so fast!

--------------------------------

OTL logfile created on: 7/10/2011 9:22:29 AM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\TEST\Desktop\Rootkit Wars 2011
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 47.92% Memory free
4.11 Gb Paging File | 2.89 Gb Available in Paging File | 70.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 105.20 Gb Total Space | 42.13 Gb Free Space | 40.04% Space Free | Partition Type: NTFS
Drive D: | 6.59 Gb Total Space | 0.61 Gb Free Space | 9.30% Space Free | Partition Type: NTFS
Drive E: | 167.07 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: JAKE | User Name: TEST | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/10 02:22:24 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\TEST\Desktop\Rootkit Wars 2011\OTL.exe
PRC - [2010/09/15 04:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2010/01/26 17:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\System32\Macromed\Flash\FlashUtil10e.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008/04/17 14:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/04/17 14:14:00 | 000,098,616 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2008/02/21 22:00:00 | 000,188,928 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\spool\drivers\w32x86\3\E_FATIEQA.EXE
PRC - [2006/11/24 16:34:20 | 000,118,877 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
PRC - [2006/11/24 16:34:16 | 000,270,431 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
PRC - [2006/10/10 17:44:10 | 000,034,520 | ---- | M] (Hewlett Packard) -- C:\Program Files\HP Connections\6811507\Program\HP Connections.exe


========== Modules (SafeList) ==========

MOD - [2011/07/10 02:22:24 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\TEST\Desktop\Rootkit Wars 2011\OTL.exe
MOD - [2010/08/31 08:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2011/06/28 17:45:37 | 003,435,096 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_e477fed.dll -- (Akamai)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/04/17 14:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/11/24 16:34:20 | 000,118,877 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006/11/24 16:34:16 | 000,270,431 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2006/06/26 10:50:08 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2004/10/22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2011/07/10 09:16:27 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{812F0368-0543-4E4F-88CB-68CC9BBA1C51}\MpKsl6e7886d4.sys -- (MpKsl6e7886d4)
DRV - [2010/03/25 21:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/02/25 00:03:16 | 000,014,904 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2010/01/18 16:39:06 | 000,003,200 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\rcmirror.sys -- (rcmirror)
DRV - [2009/06/24 06:08:00 | 007,542,208 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/03/03 05:10:44 | 000,182,272 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/07/10 06:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/11/18 12:32:16 | 000,145,920 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2006/11/15 10:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/15 05:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/15 03:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/09/15 01:44:18 | 000,011,520 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvsmu.sys -- (nvsmu)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/16 22:50:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/16 22:50:48 | 000,000,000 | ---D | M]

[2010/10/08 16:14:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TEST\AppData\Roaming\mozilla\Extensions
[2011/06/19 02:27:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TEST\AppData\Roaming\mozilla\Firefox\Profiles\rpx2zr01.default\extensions
[2010/10/15 03:09:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\TEST\AppData\Roaming\mozilla\Firefox\Profiles\rpx2zr01.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/26 00:54:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/07 02:59:24 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/06/26 00:54:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/06/26 00:53:11 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/07/10 08:58:04 | 000,000,098 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON WorkForce 500 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEQA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img36.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/19 08:45:18 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 07:18:54 | 000,000,340 | -H-- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2010/06/23 12:19:29 | 000,000,049 | R--- | M] () - E:\AUTORUN.INF -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/10 08:57:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/10 03:10:28 | 000,000,000 | ---D | C] -- C:\Users\TEST\Desktop\Rootkit Wars 2011
[2011/07/08 15:46:17 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/07/05 20:51:57 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\{58620F0F-D8BF-422D-89AC-0F99907EF7FB}
[2011/07/03 19:53:24 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\Trend Micro
[2011/07/03 19:10:37 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\lptmp31350
[2011/07/03 18:59:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\{94E7A161-5A7B-460F-BD45-76DE70D977A9}
[2011/07/03 18:58:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Webroot
[2011/07/03 18:58:27 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\PackageAware
[2011/06/29 20:32:41 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\{3A31061A-BDDF-4289-8267-69A33278C7CA}
[2011/06/26 22:25:02 | 000,000,000 | ---D | C] -- C:\Program Files\BrainWave Generator
[2011/06/26 00:54:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/06/21 00:04:12 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\{4F142BAE-08FF-41D9-989A-6773DE038679}
[2011/06/20 12:03:17 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\{4223E5E8-AB54-4073-8B20-C1CA3911F78A}
[2011/06/20 00:02:42 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\{BA2E0AFB-6584-4CB3-BEE2-D56160935430}
[2011/06/19 14:26:14 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\{1780D503-6F03-4B9C-9BD9-E53297449C66}
[2011/06/19 01:18:21 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\{2B462EFD-A6B5-4430-AB95-0182479C7CD3}
[2011/06/18 13:18:03 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\{A86B9B44-0231-460C-AE7F-E93C8D17F898}
[2011/06/18 01:17:57 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\{081167D4-0030-4FC3-9561-62D67AC75C32}
[2011/06/17 13:17:39 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\{0ED99981-F7C4-4CBE-A245-53D88E57D5A7}
[2011/06/17 01:17:07 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\{6E60BBE3-1FBC-4D69-9B8D-3D76477B3DC6}
[2011/06/16 13:16:47 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\{65157CF7-92C8-4BB4-BB81-782AEEA28DD1}
[2011/06/16 01:16:22 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\{23C90654-E412-45DC-B5A9-970EFD093C79}
[2011/06/15 13:15:47 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\{D3CFBFCE-148E-492E-A911-F04E99D3EA26}
[2011/06/14 21:32:21 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\{2FED5398-DC6D-4416-A27B-DCA641D13EDE}
[2011/06/14 09:32:04 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\{AB6FEDEC-69FD-4C84-9CA3-3F97FCD4639D}
[2011/06/13 21:31:47 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\{AAEC998E-21F5-4166-90A8-38A1BE32CC35}
[2011/06/13 09:31:16 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\{5EB1C7D1-FD89-427F-AFD8-98E8AC42D685}
[2011/06/12 21:29:40 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
[2011/06/12 21:19:24 | 000,000,000 | ---D | C] -- C:\AeriaGames
[2011/06/12 21:16:51 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\{01809178-40BC-4E99-A1C2-60B614071B20}
[2011/06/12 19:20:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai
[2011/06/12 09:16:37 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\{F0EEF657-BEAA-40D7-932D-78E46590696E}
[2011/06/11 21:16:06 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\{8C394661-B7DB-444F-AE50-71FAB723A612}
[2011/06/11 09:15:47 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\{E9D9CB0F-7322-4CB1-B1EB-D08842743D34}
[2011/06/10 21:15:25 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\{6F775895-4E82-4144-A77D-489DF3F1D0FC}

========== Files - Modified Within 30 Days ==========

[2011/07/10 09:19:04 | 000,091,044 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/07/10 09:18:59 | 000,000,146 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/07/10 09:16:25 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/10 09:16:24 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/10 09:16:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/10 09:16:12 | 2078,916,608 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/10 09:14:36 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/07/10 08:58:04 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/07/09 17:02:27 | 000,091,044 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/07/04 20:00:12 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTEST.job
[2011/06/30 01:26:08 | 000,437,952 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/06/30 01:08:22 | 000,102,400 | ---- | M] () -- C:\Windows\RegBootClean.exe
[2011/06/12 21:29:40 | 000,000,720 | ---- | M] () -- C:\Users\TEST\Desktop\EdenEternal.lnk

========== Files Created - No Company Name ==========

[2011/07/03 20:01:46 | 2078,916,608 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/26 22:25:04 | 000,000,874 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrainWave Generator.lnk
[2011/06/12 21:29:40 | 000,000,720 | ---- | C] () -- C:\Users\TEST\Desktop\EdenEternal.lnk
[2011/04/27 22:31:02 | 000,102,400 | ---- | C] () -- C:\Windows\RegBootClean.exe
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/03/07 03:00:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/11/29 02:14:51 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/11/29 02:14:51 | 000,000,088 | RHS- | C] () -- C:\ProgramData\C68E9900AD.sys
[2010/10/14 02:49:18 | 000,011,264 | ---- | C] () -- C:\Windows\DCEBoot.exe
[2010/09/06 22:57:30 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/09/06 22:57:29 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010/09/06 22:57:29 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010/09/06 22:57:29 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010/09/06 22:57:29 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010/09/06 22:57:29 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010/09/06 22:57:29 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010/09/06 22:57:29 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010/09/06 22:57:29 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010/09/06 22:57:29 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010/09/06 22:57:29 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010/09/06 22:57:29 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010/09/06 22:57:29 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010/09/06 22:57:29 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010/09/06 22:57:29 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010/09/06 22:57:28 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010/09/06 22:49:23 | 000,000,044 | ---- | C] () -- C:\Windows\EPWF500.ini
[2010/07/14 00:29:48 | 000,164,352 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2010/07/14 00:29:48 | 000,001,251 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-HypnoStudio1.dat
[2010/06/30 18:58:16 | 000,007,168 | ---- | C] () -- C:\Users\TEST\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/04 16:11:23 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/05/29 15:00:46 | 000,000,036 | ---- | C] () -- C:\Users\TEST\AppData\Local\housecall.guid.cache
[2010/05/27 03:21:16 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/05/26 04:06:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/05/26 04:06:38 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/05/24 02:23:27 | 000,091,044 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/05/24 02:23:27 | 000,091,044 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/05/24 02:14:27 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/05/23 18:58:25 | 000,000,112 | ---- | C] () -- C:\Users\TEST\AppData\Roaming\wklnhst.dat
[2010/05/21 22:52:38 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010/05/21 17:53:22 | 000,006,944 | ---- | C] () -- C:\Users\TEST\AppData\Local\d3d9caps.dat
[2010/01/18 16:38:46 | 000,010,496 | ---- | C] () -- C:\Windows\System32\rcmirror.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/01/14 17:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2006/12/19 07:46:03 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2006/11/29 00:32:42 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:47:37 | 000,437,952 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,658,206 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,125,686 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/19 00:02:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/19 00:02:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/03/09 16:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/01/01 00:05:05 | 000,048,926 | ---- | C] () -- C:\Users\TEST\AppData\Roaming\nvModes.001
[2006/01/01 00:03:49 | 000,048,926 | ---- | C] () -- C:\Users\TEST\AppData\Roaming\nvModes.dat
[2005/08/30 01:00:00 | 000,781,312 | ---- | C] () -- C:\Windows\System32\RGSS102J.dll
[2005/08/30 01:00:00 | 000,778,752 | ---- | C] () -- C:\Windows\System32\RGSS102E.dll
[2005/08/30 01:00:00 | 000,771,584 | ---- | C] () -- C:\Windows\System32\RGSS100J.dll
[2005/08/26 15:28:34 | 000,143,360 | ---- | C] () -- C:\Windows\unzip.exe
[2005/08/26 15:28:20 | 000,024,576 | ---- | C] () -- C:\Windows\shortcut.exe
[2005/08/26 15:27:58 | 000,045,056 | ---- | C] () -- C:\Windows\devenum.exe
[2005/05/07 05:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2004/09/16 13:24:26 | 003,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll
[1999/01/12 11:40:22 | 000,029,184 | ---- | C] () -- C:\Windows\rmud.exe

========== LOP Check ==========

[2010/05/28 16:45:56 | 000,000,000 | ---D | M] -- C:\Users\TEST\AppData\Roaming\acccore
[2010/09/06 23:03:59 | 000,000,000 | ---D | M] -- C:\Users\TEST\AppData\Roaming\Leadertech
[2010/09/14 21:46:05 | 000,000,000 | ---D | M] -- C:\Users\TEST\AppData\Roaming\RenPy
[2010/05/25 18:33:02 | 000,000,000 | ---D | M] -- C:\Users\TEST\AppData\Roaming\SecondLife
[2010/05/23 18:58:27 | 000,000,000 | ---D | M] -- C:\Users\TEST\AppData\Roaming\Template
[2011/07/10 09:14:42 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 200 bytes -> C:\ProgramData\TEMP:B1FBBD09
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >


2011/07/10 09:27:23.0070 2624 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21
2011/07/10 09:27:23.0601 2624 ================================================================================
2011/07/10 09:27:23.0601 2624 SystemInfo:
2011/07/10 09:27:23.0601 2624
2011/07/10 09:27:23.0601 2624 OS Version: 6.0.6002 ServicePack: 2.0
2011/07/10 09:27:23.0601 2624 Product type: Workstation
2011/07/10 09:27:23.0601 2624 ComputerName: JAKE
2011/07/10 09:27:23.0601 2624 UserName: TEST
2011/07/10 09:27:23.0601 2624 Windows directory: C:\Windows
2011/07/10 09:27:23.0601 2624 System windows directory: C:\Windows
2011/07/10 09:27:23.0601 2624 Processor architecture: Intel x86
2011/07/10 09:27:23.0601 2624 Number of processors: 2
2011/07/10 09:27:23.0601 2624 Page size: 0x1000
2011/07/10 09:27:23.0601 2624 Boot type: Normal boot
2011/07/10 09:27:23.0601 2624 ================================================================================
2011/07/10 09:27:24.0864 2624 Initialize success
2011/07/10 09:27:32.0050 1424 ================================================================================
2011/07/10 09:27:32.0050 1424 Scan started
2011/07/10 09:27:32.0050 1424 Mode: Manual;
2011/07/10 09:27:32.0050 1424 ================================================================================
2011/07/10 09:27:32.0923 1424 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/07/10 09:27:33.0048 1424 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/07/10 09:27:33.0126 1424 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/07/10 09:27:33.0251 1424 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/07/10 09:27:33.0313 1424 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/07/10 09:27:33.0438 1424 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/07/10 09:27:33.0547 1424 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/07/10 09:27:33.0657 1424 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/07/10 09:27:33.0781 1424 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/07/10 09:27:33.0859 1424 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/07/10 09:27:33.0937 1424 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/07/10 09:27:34.0078 1424 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/07/10 09:27:34.0171 1424 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/10 09:27:34.0281 1424 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/07/10 09:27:34.0421 1424 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/07/10 09:27:34.0702 1424 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/10 09:27:34.0795 1424 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/07/10 09:27:34.0998 1424 BCM43XV (34a0a6386256080f52c74076c6157026) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/07/10 09:27:35.0123 1424 BCM43XX (34a0a6386256080f52c74076c6157026) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/07/10 09:27:35.0248 1424 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/07/10 09:27:35.0482 1424 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/10 09:27:35.0560 1424 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/07/10 09:27:35.0622 1424 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/07/10 09:27:35.0700 1424 Bridge (b1564976d98e91fc764d5dc28a0297da) C:\Windows\system32\DRIVERS\bridge.sys
2011/07/10 09:27:35.0716 1424 BridgeMP (b1564976d98e91fc764d5dc28a0297da) C:\Windows\system32\DRIVERS\bridge.sys
2011/07/10 09:27:35.0872 1424 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/07/10 09:27:35.0934 1424 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/07/10 09:27:36.0043 1424 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/07/10 09:27:36.0137 1424 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/07/10 09:27:36.0215 1424 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/07/10 09:27:36.0340 1424 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/07/10 09:27:36.0433 1424 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/07/10 09:27:36.0543 1424 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
2011/07/10 09:27:36.0683 1424 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
2011/07/10 09:27:36.0855 1424 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/10 09:27:36.0948 1424 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/10 09:27:37.0026 1424 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/07/10 09:27:37.0120 1424 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/07/10 09:27:37.0323 1424 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/10 09:27:37.0401 1424 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/07/10 09:27:37.0479 1424 CnxtHdAudService (a4d44ab8423791db757b38150ec599a4) C:\Windows\system32\drivers\CHDRT32.sys
2011/07/10 09:27:37.0650 1424 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/10 09:27:37.0728 1424 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/07/10 09:27:37.0791 1424 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/07/10 09:27:37.0931 1424 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/07/10 09:27:38.0118 1424 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/07/10 09:27:38.0212 1424 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/07/10 09:27:38.0337 1424 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/10 09:27:38.0461 1424 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
2011/07/10 09:27:38.0586 1424 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/07/10 09:27:38.0773 1424 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/07/10 09:27:38.0898 1424 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/07/10 09:27:39.0070 1424 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/07/10 09:27:39.0226 1424 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/07/10 09:27:39.0304 1424 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/10 09:27:39.0429 1424 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/07/10 09:27:39.0553 1424 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/07/10 09:27:39.0616 1424 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/10 09:27:39.0756 1424 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/07/10 09:27:39.0834 1424 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/10 09:27:39.0928 1424 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/07/10 09:27:40.0068 1424 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/07/10 09:27:40.0224 1424 HBtnKey (93aee3434935fc2f805fefd8dc5ed1b4) C:\Windows\system32\DRIVERS\cpqbttn.sys
2011/07/10 09:27:40.0302 1424 HdAudAddService (de4020f928a2f8a6327f5687f36d361b) C:\Windows\system32\drivers\CHDART.sys
2011/07/10 09:27:40.0427 1424 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/10 09:27:40.0552 1424 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/07/10 09:27:40.0661 1424 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/07/10 09:27:40.0770 1424 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/10 09:27:40.0879 1424 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/07/10 09:27:40.0973 1424 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2011/07/10 09:27:41.0113 1424 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/07/10 09:27:41.0238 1424 HSF_DPV (1882827f41dee51c70e24c567c35bfb5) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/07/10 09:27:41.0379 1424 HSXHWAZL (a44ddf3ba83e4664bf4de9220097578c) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/07/10 09:27:41.0472 1424 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/07/10 09:27:41.0581 1424 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/07/10 09:27:41.0675 1424 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/10 09:27:41.0815 1424 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/07/10 09:27:41.0971 1424 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/07/10 09:27:42.0081 1424 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/07/10 09:27:42.0159 1424 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/07/10 09:27:42.0283 1424 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/10 09:27:42.0377 1424 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/10 09:27:42.0502 1424 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/07/10 09:27:42.0595 1424 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/07/10 09:27:42.0720 1424 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/07/10 09:27:42.0783 1424 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/07/10 09:27:42.0907 1424 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/10 09:27:43.0017 1424 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/07/10 09:27:43.0079 1424 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/07/10 09:27:43.0173 1424 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/10 09:27:43.0266 1424 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/10 09:27:43.0375 1424 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/10 09:27:43.0500 1424 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/10 09:27:43.0609 1424 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/07/10 09:27:43.0703 1424 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/07/10 09:27:43.0797 1424 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/07/10 09:27:43.0890 1424 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/07/10 09:27:44.0015 1424 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/07/10 09:27:44.0155 1424 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/07/10 09:27:44.0265 1424 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/07/10 09:27:44.0374 1424 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/10 09:27:44.0499 1424 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/10 09:27:44.0592 1424 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/10 09:27:44.0701 1424 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/07/10 09:27:44.0811 1424 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/07/10 09:27:44.0889 1424 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/07/10 09:27:45.0185 1424 MpKsl6e7886d4 (5f53edfead46fa7adb78eee9ecce8fdf) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{812F0368-0543-4E4F-88CB-68CC9BBA1C51}\MpKsl6e7886d4.sys
2011/07/10 09:27:45.0481 1424 MpNWMon (aeb186afff5d9cfed823c15d846aac3b) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/07/10 09:27:45.0559 1424 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/10 09:27:45.0653 1424 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/07/10 09:27:45.0715 1424 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/07/10 09:27:45.0825 1424 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/10 09:27:45.0949 1424 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/10 09:27:46.0012 1424 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/10 09:27:46.0090 1424 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/07/10 09:27:46.0152 1424 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/07/10 09:27:46.0246 1424 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/07/10 09:27:46.0402 1424 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/07/10 09:27:46.0511 1424 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/10 09:27:46.0605 1424 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/10 09:27:46.0683 1424 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/07/10 09:27:46.0761 1424 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/07/10 09:27:46.0901 1424 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/10 09:27:47.0010 1424 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/07/10 09:27:47.0088 1424 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/07/10 09:27:47.0197 1424 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/10 09:27:47.0338 1424 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/07/10 09:27:47.0509 1424 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/10 09:27:47.0603 1424 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/10 09:27:47.0712 1424 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/10 09:27:47.0790 1424 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/07/10 09:27:47.0915 1424 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/10 09:27:48.0009 1424 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/10 09:27:48.0149 1424 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/07/10 09:27:48.0274 1424 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/07/10 09:27:48.0430 1424 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/10 09:27:48.0586 1424 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/07/10 09:27:48.0726 1424 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/07/10 09:27:48.0820 1424 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/07/10 09:27:48.0929 1424 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/07/10 09:27:49.0319 1424 nvlddmkm (d65bc32c1795191b7f2b028351ab4fe2) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/07/10 09:27:49.0662 1424 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/07/10 09:27:49.0771 1424 nvsmu (adfdd343b1d3a9e061f17c730f1e83dc) C:\Windows\system32\DRIVERS\nvsmu.sys
2011/07/10 09:27:49.0849 1424 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/07/10 09:27:49.0959 1424 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/07/10 09:27:50.0208 1424 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/10 09:27:50.0349 1424 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/07/10 09:27:50.0458 1424 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/07/10 09:27:50.0536 1424 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/07/10 09:27:50.0614 1424 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/07/10 09:27:50.0707 1424 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/07/10 09:27:50.0785 1424 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/07/10 09:27:50.0988 1424 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/07/10 09:27:51.0191 1424 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/10 09:27:51.0253 1424 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/07/10 09:27:51.0378 1424 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/10 09:27:51.0472 1424 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys
2011/07/10 09:27:51.0597 1424 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/07/10 09:27:51.0690 1424 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/07/10 09:27:51.0784 1424 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/10 09:27:51.0893 1424 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/10 09:27:52.0002 1424 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/10 09:27:52.0080 1424 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/10 09:27:52.0174 1424 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/10 09:27:52.0283 1424 rcmirror (a7bad9853a70e2e7808be027efe0522a) C:\Windows\system32\DRIVERS\rcmirror.sys
2011/07/10 09:27:52.0423 1424 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/10 09:27:52.0501 1424 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/10 09:27:52.0657 1424 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/07/10 09:27:52.0704 1424 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/10 09:27:52.0813 1424 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/07/10 09:27:52.0954 1424 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/07/10 09:27:53.0063 1424 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/07/10 09:27:53.0125 1424 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/07/10 09:27:53.0219 1424 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/07/10 09:27:53.0328 1424 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/10 09:27:53.0437 1424 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/07/10 09:27:53.0562 1424 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2011/07/10 09:27:53.0656 1424 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/10 09:27:53.0734 1424 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/07/10 09:27:53.0796 1424 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/07/10 09:27:53.0905 1424 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/07/10 09:27:54.0030 1424 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/07/10 09:27:54.0124 1424 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/10 09:27:54.0202 1424 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/07/10 09:27:54.0249 1424 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/07/10 09:27:54.0342 1424 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/07/10 09:27:54.0467 1424 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/07/10 09:27:54.0529 1424 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/07/10 09:27:54.0654 1424 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/07/10 09:27:54.0763 1424 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/07/10 09:27:54.0888 1424 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/07/10 09:27:55.0013 1424 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/10 09:27:55.0153 1424 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/10 09:27:55.0294 1424 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/10 09:27:55.0372 1424 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/07/10 09:27:55.0450 1424 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/07/10 09:27:55.0497 1424 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/07/10 09:27:55.0637 1424 SynTP (f5d926807bd9bc0af68f9376144de425) C:\Windows\system32\DRIVERS\SynTP.sys
2011/07/10 09:27:55.0809 1424 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/07/10 09:27:55.0933 1424 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/10 09:27:55.0980 1424 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/10 09:27:56.0105 1424 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/07/10 09:27:56.0230 1424 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/07/10 09:27:56.0339 1424 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/10 09:27:56.0448 1424 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/10 09:27:56.0635 1424 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/10 09:27:56.0745 1424 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/07/10 09:27:56.0838 1424 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/10 09:27:56.0932 1424 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/07/10 09:27:57.0057 1424 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/10 09:27:57.0275 1424 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/10 09:27:57.0353 1424 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/07/10 09:27:57.0431 1424 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/07/10 09:27:57.0525 1424 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/07/10 09:27:57.0618 1424 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/10 09:27:57.0727 1424 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/10 09:27:57.0805 1424 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/07/10 09:27:57.0899 1424 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/10 09:27:58.0024 1424 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/10 09:27:58.0086 1424 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/07/10 09:27:58.0195 1424 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/10 09:27:58.0289 1424 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/07/10 09:27:58.0445 1424 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/10 09:27:58.0539 1424 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/10 09:27:58.0632 1424 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/07/10 09:27:58.0757 1424 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/10 09:27:58.0835 1424 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/07/10 09:27:58.0944 1424 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/07/10 09:27:59.0022 1424 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/07/10 09:27:59.0100 1424 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/07/10 09:27:59.0194 1424 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/07/10 09:27:59.0319 1424 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/07/10 09:27:59.0428 1424 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/07/10 09:27:59.0506 1424 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/07/10 09:27:59.0615 1424 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/07/10 09:27:59.0740 1424 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/10 09:27:59.0787 1424 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/10 09:27:59.0911 1424 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/07/10 09:27:59.0989 1424 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/10 09:28:00.0208 1424 winachsf (e096ffb754f1e45ae1bddac1275ae2c5) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/07/10 09:28:00.0457 1424 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/07/10 09:28:00.0598 1424 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/10 09:28:00.0723 1424 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/10 09:28:00.0801 1424 XAudio (19e7c173b6242ad7521e537ae54768bf) C:\Windows\system32\DRIVERS\xaudio.sys
2011/07/10 09:28:00.0894 1424 MBR (0x1B8) (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0
2011/07/10 09:28:00.0941 1424 Boot (0x1200) (ffa6380a649133c5bc9c6d8775e0cabf) \Device\Harddisk0\DR0\Partition0
2011/07/10 09:28:00.0972 1424 Boot (0x1200) (3f1a6ccaa00cf9964fc8246311b7ea2c) \Device\Harddisk0\DR0\Partition1
2011/07/10 09:28:00.0972 1424 ================================================================================
2011/07/10 09:28:00.0972 1424 Scan finished
2011/07/10 09:28:00.0972 1424 ================================================================================
2011/07/10 09:28:01.0003 5780 Detected object count: 0
2011/07/10 09:28:01.0003 5780 Actual detected object count: 0
2011/07/10 09:28:08.0164 1600 Deinitialize success
  • 0

#4
Essexboy
Posted 10 July 2011 - 11:03 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No sign of aleurion

How is your computer behaving ?
  • 0

#5
Itachirumon
Posted 10 July 2011 - 12:25 PM

Itachirumon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
Seems to be running a bit smoother, horray! It's even letting me run Windows Update again, although the updates failed, Code 66A (it wasn't even getting that far before though). Now I guess the next step is figuring out how to fix the 66A and get Trend working again (or, preferribly, getting it off there and putting Webroot on there). A click-test showed that it won't boot up.
  • 0

#6
Essexboy
Posted 10 July 2011 - 12:30 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you try the trend removal tool from here please

Then make a note of the full error code please, as it may be trend firewall blocking it
  • 0

#7
Itachirumon
Posted 10 July 2011 - 12:53 PM

Itachirumon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
When I run the Trend uninstaller it starts to uninstall for about 3-5 seconds, then becomes unresponsive/crashes. I'm going to try following the instructions on their site and try again in safe mode, I'll post the results as an edit to this post.

The full code for the windows update error is "WindowsUpdate_0000066A"

Edit: No luck, it fails even in safe mode.

Edited by Itachirumon, 10 July 2011 - 01:05 PM.

  • 0

#8
Essexboy
Posted 10 July 2011 - 02:08 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I will try to remove it using a different tool

But first go to this MS website and run the fixit about one third of the way down and then try updates again
If a normal run fails then rerun it in the aggresive mode :)


Download AppRemover .

Run appremover
Click Next >>
Posted Image


Ensure "Remove Security Application" is collected and click Next >>
Posted Image


AppRemover will scan all the security applications on your PC
Posted Image

Select Any Trend Micro entries from the applications offered and click Next >> twice.
Posted Image

Follow any further on-screen instructions. If asked to reboot,please do so.
  • 0

#9
Itachirumon
Posted 10 July 2011 - 08:49 PM

Itachirumon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
Back after a long nap! Alright, I ended up having to run the fix in aggressive mode, it appeared to update normally, coming up with the same 3 updates as before the fix, only for them to fail again, same 66A code as above (well, 2 of them anyway, I'm trying to not let it install IE 9.. not thrilled with the format after seeing it on mom's laptop).

The App remover appears to have worked, no sign of Trend in the program files (except for a tiny 64kb log that I don't think was associated with the program).
  • 0

#10
Essexboy
Posted 11 July 2011 - 11:08 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets use the standalone SP1 package. With regards to the netframework updates, they could be a pig to get working but we will see if the SP1 helps first

Download and install the SP1 update from Here

Once done then retry the net updates and let me know what problems remain
  • 0

Advertisements

#11
Itachirumon
Posted 12 July 2011 - 08:03 AM

Itachirumon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
The install unfortunately failed, when it went to install it says it was already installed (I think I have SP2 at this point actually). Just to see, I tried updating again but no luck.
  • 0

#12
Essexboy
Posted 12 July 2011 - 10:52 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I think I am a total numpty as I had it in my head that you had no service packs - even though the log states SP2

What are the KB numbers of the failing updates please - you should be able to get that from windows update history
  • 0

#13
Itachirumon
Posted 12 July 2011 - 11:16 AM

Itachirumon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
lol no worries, I've done that kinda thing myself.

KB2478663 and KB2446708
  • 0

#14
Essexboy
Posted 12 July 2011 - 11:27 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK they are both netframework updates and MS has a history of those going pearshaped. There are several options for this, but the easiest one I have found so far is this. Could you give it a whirl, as the other ways of fixing this are extremely time consuming and painful. Apart from that do you have any other problems

Went to Control Panel> programs and features> framework 4 client profile> uninstall. The dialogue box gives you a choice of repair or uninstall. Chose repair. It took quite a while and thought it had hung half way thru but it completed ok. Reinstalled KB 2446708 and again it also appeared to hang midway but it completed successfully


  • 0

#15
Itachirumon
Posted 12 July 2011 - 12:14 PM

Itachirumon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
It says "the installation is forbidden by system policy. Contact your system administrator" other than that, I'm still trying to get Webroot on there, even with Trend off it doesn't seem like it wants to load the program. It boots up, goes through two "loading bar" boxes and then.. stops. I dunno if that would be a matter best left to another board. And beyond that things seem to be running perfectly, I'm very grateful, this site has helped me so much.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP