Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

FakeYak Removal Help!


  • This topic is locked This topic is locked

#1
joeveli

joeveli

    Member

  • Member
  • PipPip
  • 14 posts
Hello. My desktop computer recently was infected by several viruses after my son attempted to download a ringtone on the internet. I can typically solve most malware/virus related issues on my own using the self-help guides on your website. On this occasion I was somewhat successful but after several tries I cannot remove all of the infections. Windows Defender is catching the FakeYak trojan upon regular startup and I am having other problems as well such as the computer running slow and high network activity.

I booted in safemode and was able to generate the below OTL logs. Please help!!!!!!

OTL logfile created on: 9/1/2011 10:25:18 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Joey\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 71.25% Memory free
3.98 Gb Paging File | 3.58 Gb Available in Paging File | 89.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 363.75 Gb Total Space | 132.75 Gb Free Space | 36.50% Space Free | Partition Type: NTFS
Drive D: | 8.86 Gb Total Space | 1.21 Gb Free Space | 13.61% Space Free | Partition Type: NTFS

Computer Name: OFFICE | User Name: Joey | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/01 22:10:28 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Joey\Downloads\OTL.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/04/15 23:23:48 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/10/24 22:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/06/30 04:27:08 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2010/04/02 10:11:16 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/12/05 19:12:20] [Kernel | Auto | Stopped] -- C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})
DRV - [2009/04/11 00:45:37 | 000,185,856 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\netbt.sys -- (netbt)
DRV - [2008/05/22 14:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/01/19 02:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/10/26 11:51:22 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/09/07 06:36:08 | 000,156,928 | ---- | M] (ViXS Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xcbda.sys -- (xcbdaNtsc) ViXS Tuner Card (NTSC)
DRV - [2007/05/03 14:29:10 | 001,065,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/04/20 13:21:18 | 000,265,216 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2006/11/28 11:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/12/12 13:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.20.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.2.20080910
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://search.yahoo....-8&fr=ytff-&p="


FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Users\Joey\AppData\Roaming\nprhapengine.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/05 20:38:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B56F951B-30F9-49D5-BB06-FD1EF8026474}: C:\Users\Joey\AppData\Local\{B56F951B-30F9-49D5-BB06-FD1EF8026474}\ [2011/08/29 23:09:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/24 22:53:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/01 22:16:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/05 20:38:53 | 000,000,000 | ---D | M]

[2008/06/20 16:44:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joey\AppData\Roaming\Mozilla\Extensions
[2010/12/27 22:52:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\89owoi6f.default\extensions
[2009/08/07 17:46:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\89owoi6f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/04/03 22:35:47 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\89owoi6f.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/04/03 23:12:58 | 000,000,000 | ---D | M] ("AIM Toolbar") -- C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\89owoi6f.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2009/01/14 22:38:28 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\89owoi6f.default\extensions\[email protected]
[2010/03/14 17:18:53 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\89owoi6f.default\extensions\[email protected]
[2009/04/03 23:13:04 | 000,001,739 | ---- | M] () -- C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\89owoi6f.default\searchplugins\aim-search.xml
[2010/12/27 22:52:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/04 22:58:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/28 18:59:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2009/11/06 12:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/06 12:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [*advauthcfg.exe] C:\Windows\advauthcfg.exe (My© Systems)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{12042BB1-7D46-4DFE-8ECB-8823F1CE7141}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8035D4B1-BA80-4384-A74A-C87B5FED013D}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Joey\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Joey\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/15 19:59:40 | 000,000,121 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/01 22:22:24 | 000,094,208 | ---- | C] (My© Systems) -- C:\Windows\advauthcfg.exe
[2011/08/31 19:07:27 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Roaming\Remote
[2011/08/31 19:06:15 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/08/31 19:06:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/31 19:06:12 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/08/31 19:06:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/30 01:32:09 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011/08/29 23:09:35 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\{B56F951B-30F9-49D5-BB06-FD1EF8026474}
[2011/08/29 23:09:06 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Roaming\C83171C5602057EA06DCB262ED0230A3
[2011/08/22 20:42:29 | 000,000,000 | ---D | C] -- C:\Users\Joey\Desktop\File Me Singles
[2011/08/14 19:41:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Premium Visio
[2011/08/14 19:41:34 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Premium Visio
[2011/08/14 19:41:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Premium Visio
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/01 22:22:24 | 000,094,208 | ---- | M] (My© Systems) -- C:\Windows\advauthcfg.exe
[2011/09/01 22:21:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/01 22:18:50 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/01 22:18:50 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/01 22:18:06 | 000,609,268 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/01 22:18:06 | 000,105,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/01 22:15:42 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/09/01 22:12:09 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/01 22:11:45 | 004,194,304 | ---- | M] () -- C:\Windows\System32\qnbwvoto.dll
[2011/09/01 21:45:34 | 000,001,356 | ---- | M] () -- C:\Users\Joey\AppData\Local\d3d9caps.dat
[2011/09/01 21:03:37 | 000,000,905 | ---- | M] () -- C:\Users\Joey\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/09/01 00:25:40 | 000,002,141 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/09/01 00:25:08 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/01 00:14:33 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/09/01 00:14:33 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/09/01 00:14:05 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/08/31 19:06:15 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/31 18:56:41 | 254,091,255 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/08/30 07:20:47 | 000,000,120 | ---- | M] () -- C:\Users\Joey\AppData\Local\Gbojohuni.dat
[2011/08/30 01:11:25 | 000,000,000 | ---- | M] () -- C:\Users\Joey\AppData\Local\Pmowadoqevo.bin
[2011/08/28 22:01:21 | 000,508,324 | ---- | M] () -- C:\Users\Joey\Documents\2010 W2 Matt Cherry.pdf
[2011/08/03 20:02:06 | 000,004,155 | ---- | M] () -- C:\Users\Joey\Desktop\Longhorn_RSoD.png
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/01 22:11:45 | 004,194,304 | ---- | C] () -- C:\Windows\System32\qnbwvoto.dll
[2011/09/01 00:14:05 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/08/31 19:06:15 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/29 23:09:37 | 000,000,120 | ---- | C] () -- C:\Users\Joey\AppData\Local\Gbojohuni.dat
[2011/08/29 23:09:37 | 000,000,000 | ---- | C] () -- C:\Users\Joey\AppData\Local\Pmowadoqevo.bin
[2011/08/28 22:01:20 | 000,508,324 | ---- | C] () -- C:\Users\Joey\Documents\2010 W2 Matt Cherry.pdf
[2011/08/03 20:08:44 | 000,004,155 | ---- | C] () -- C:\Users\Joey\Desktop\Longhorn_RSoD.png
[2011/03/21 21:08:34 | 000,166,693 | ---- | C] () -- C:\Windows\hphins28.dat
[2010/08/05 20:38:40 | 000,023,111 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/08/05 20:31:20 | 000,077,375 | ---- | C] () -- C:\Windows\hpqins05.dat
[2009/07/31 19:12:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/31 19:12:43 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/07/31 19:12:17 | 000,185,856 | ---- | C] () -- C:\Windows\System32\drivers\netbt.sys
[2009/04/15 23:23:47 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2008/09/07 22:04:34 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/09/07 22:04:33 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/08/19 19:59:57 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/06/30 22:01:45 | 000,084,480 | ---- | C] () -- C:\Users\Joey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/18 00:57:44 | 000,001,611 | ---- | C] () -- C:\Windows\hphmdl28.dat
[2008/06/17 21:37:23 | 000,001,356 | ---- | C] () -- C:\Users\Joey\AppData\Local\d3d9caps.dat
[2008/06/08 20:45:04 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/08/22 16:51:03 | 000,107,026 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/08/22 16:38:39 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2007/08/22 16:36:06 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2007/08/22 16:36:06 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/05/14 08:28:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/14 02:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 02:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,478,064 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,609,268 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,105,808 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2000/06/12 01:37:18 | 000,045,056 | ---- | C] () -- C:\Windows\System32\mtstack.exe

========== LOP Check ==========

[2009/04/15 22:05:27 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\Autodesk
[2011/08/27 21:11:22 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\Azureus
[2011/08/29 23:10:29 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\C83171C5602057EA06DCB262ED0230A3
[2010/12/05 19:33:18 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\Canneverbe Limited
[2009/04/15 23:25:09 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\EDrawings
[2010/10/05 19:54:24 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\Elluminate
[2010/08/19 22:04:19 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\FileOpen
[2009/07/27 21:56:59 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\GARMIN
[2010/03/14 20:46:38 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\PDF Writer
[2011/08/31 19:07:27 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\Remote
[2008/05/26 17:05:12 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\Snapfish
[2009/04/07 23:10:01 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\WinBatch
[2011/09/01 22:18:41 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

OTL Extras logfile created on: 9/1/2011 10:25:18 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Joey\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 71.25% Memory free
3.98 Gb Paging File | 3.58 Gb Available in Paging File | 89.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 363.75 Gb Total Space | 132.75 Gb Free Space | 36.50% Space Free | Partition Type: NTFS
Drive D: | 8.86 Gb Total Space | 1.21 Gb Free Space | 13.61% Space Free | Partition Type: NTFS

Computer Name: OFFICE | User Name: Joey | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{048B3B0A-5A13-4DE4-9C75-F2675B79FAE8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0786797B-C15E-44E7-A2E6-24B7E898D518}" = lport=10243 | protocol=6 | dir=in | app=system |
"{0C1AA390-72D6-4CCE-B60E-3BC0D9D57311}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0DFB64B0-77C0-4038-A6AA-667891033C1C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1C1C9FFB-123A-43E7-8029-B0A9F65B0D75}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1EF56439-6C5D-4BFC-B07D-B70AE69F771E}" = lport=139 | protocol=6 | dir=in | app=system |
"{33CC4D02-3744-43DA-8E70-4874F1F0786C}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
"{34A9966E-0019-4113-84F2-05D579E1EC05}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{373BB5C8-D870-4E59-92D2-BAC9FFCB5579}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{52F66278-7367-4B89-8ED7-70C38B5E3D3B}" = lport=138 | protocol=17 | dir=in | app=system |
"{5A129886-FE02-40AB-924A-B7C370725202}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5E6D1241-6957-4975-9341-B8D332475CD9}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5EF9F1C7-A170-468F-8F46-ED5344B88B43}" = rport=445 | protocol=6 | dir=out | app=system |
"{6870E1F5-ED93-4128-AFEE-99A22FB46688}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{6B25DCFE-1052-41BF-B1AF-39FD4ABA660F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{731F86FF-AE7D-4068-A367-D49A4A8C27DD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{89F05C19-B76F-4A2B-96B5-DC852B7D0A20}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
"{8F3C178F-A69C-4D62-A17C-05205E6BEB7A}" = rport=137 | protocol=17 | dir=out | app=system |
"{9AF7F0A7-6EA2-4E5D-8940-9AA79CE52D54}" = rport=138 | protocol=17 | dir=out | app=system |
"{C713E234-9D54-4DD8-AF4B-6468E6DD977D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D83691DE-3596-4679-A74B-9B26A781410B}" = lport=445 | protocol=6 | dir=in | app=system |
"{D9ABB628-4689-4C7B-9491-DB87ECF49AE6}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DA5C1C11-A0B8-4185-A425-C4005E0E889A}" = lport=137 | protocol=17 | dir=in | app=system |
"{DE4A625C-6DD6-40A4-8362-7802EDBCEC88}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E1A53A9F-4120-4B94-9E95-DD8A2673AD19}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E832EDA8-422C-437F-9E32-3EF2ECAD0246}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F99B9CFF-E07F-46C7-A81D-AA4C8BC44CDE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FA6C6593-EE0E-4546-9139-E9E9574C9321}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{FCC0C1F6-6AD4-4908-A520-A0BA22573408}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0062F78D-88D0-4265-909D-B2E2D2AC0C0D}" = protocol=58 | dir=in | [email protected],-28545 |
"{0710D09C-5F3B-4D75-BD4A-A69220A5B14B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{1B8325BE-155C-4902-B290-BF4A8A2FF3F3}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{28DB1ECF-D5D3-48DB-860F-E18CC8893767}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{2B626C84-78C7-4EC1-BE1E-BB235BBC050E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{31F71EF0-EE0D-4ED1-BF7B-4C47F8B6BCAE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3E8BA516-7ECD-43ED-9092-6D1B8B56A95A}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{403E503B-EA2C-411A-9518-40078FD57CA9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{42265C86-FD61-4BAF-A9F8-699475FA0CF3}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{462BCDC1-31AF-4BE5-92D4-8D73180CCC69}" = protocol=1 | dir=out | [email protected],-28544 |
"{48B85392-EC94-4B78-B076-58FA08692DBB}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{4F03ADFE-23F8-4318-89AC-FC4CAFE1DE26}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{51ECF16B-6EE0-4EA8-AC7F-22C75B6DFBC2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{54540D2B-096C-4ED5-AFD2-18B578959771}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{567C8DDF-70EA-40F5-BD7A-84B75842B972}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5BAA02A6-6BFD-4EE0-9DEE-8751F2BDE116}" = dir=in | app=c:\program files\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{5E9FA6D3-353A-4F4C-81FD-CC12D98CE7A6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{621AE01B-4545-46A7-87C8-F5FBD62AE641}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6B3050AF-8641-431A-ACB4-87FDAFEF9B92}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6EAB14C5-77E4-4F3F-A885-BCAB654AF636}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{75EE25CB-737F-47B0-80EB-56D390FCD09A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7694C1A4-FFB8-4785-95A4-C1545729BEAD}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{8A1AF8A2-DC9F-47E6-96B6-04E15F50E008}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8B03CE80-6710-4A84-BF7B-4C9D383A03F7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{8C393BB6-997F-4495-A4C5-024DB6468C58}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{8DFC2F3C-E849-4F0E-A18A-53B000F0C2BA}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{8FBA55C2-470A-442B-804E-776120F7D284}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{907FB26A-E294-4608-A77B-2168AAA26908}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{AD908F38-D9F8-4614-A601-E6B57BBC9D52}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{B4872276-0261-49CF-A459-9661789738C6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{B54F4DED-4416-4664-91E9-013C0079B421}" = protocol=58 | dir=out | [email protected],-28546 |
"{B9BF1202-CD13-4A5E-972F-BC8F87850FE4}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{BC426F21-388E-4D0D-A5A2-7D1D16FF9A44}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{BD6540BE-9EC2-426A-AFAA-BE9B5F546AB3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BE54497F-6D9E-4353-A34A-6A7278C1CE84}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{C18A17EE-285C-49FF-8D7C-930C8217D6D5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C6959945-6D43-43E9-93EC-EF4F1FBBDE36}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CC23F018-8136-4AE5-8E1E-2FE41178B9EC}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{CCD94438-5EFC-4F63-B3E0-28C3BB5377A7}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{CD6C5D00-AA69-4085-BA40-7E2C23027783}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CEB93066-1593-4085-9403-C5CDF238182A}" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"{D4A1D67D-25E8-46F9-9894-12A291033F92}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{D4B17A45-CE81-4C1C-B056-15D4BD51FD94}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{DA19F095-2596-4265-9EF7-591CA8E02DA2}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{DDFF5AD2-6975-4349-BD1F-922F85FFE3A4}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{E0ECF169-A50F-4437-90CF-796AAB4EA582}" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"{E583F2D2-2542-4D21-BBF3-F284FDAC3AAF}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{E9117D5E-5931-4129-BC79-8A45B52EC339}" = protocol=1 | dir=in | [email protected],-28543 |
"{E999C536-0AF7-4B36-92E4-D1EB17FBCA46}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{EBA7FE6E-2108-4824-BF03-EB0C9DA0D6E2}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{F13970D3-3BE4-454A-8EDF-85F9D506C62F}" = protocol=6 | dir=out | app=system |
"{F3B3140C-2B18-411C-AF41-5E16108C8F8F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{F8ED52AD-EFEF-4B80-AB90-D922C450A3BD}" = dir=in | app=c:\program files\cyberlink\powerdvd10\powerdvd9.exe |
"TCP Query User{19F0B524-675A-4A04-82C1-9F282D85B612}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{276068B7-57ED-45C3-AA40-EAB451D790DD}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{5C500BA0-8E35-4E68-B23B-753E597B5209}C:\program files\hp games\wheel of fortune\wheel of fortune.exe" = protocol=6 | dir=in | app=c:\program files\hp games\wheel of fortune\wheel of fortune.exe |
"TCP Query User{650BFC76-CECC-46A4-BD41-3125A6B0921C}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{A816ED4B-1765-42DE-B923-7873771FD5D3}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{CBA6B523-A25B-434E-A5C8-CDE504FB68CE}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{174B027B-0DA4-4CC4-8DFD-3ED12039FCE3}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{189B2448-39AC-43C0-A08C-CBCB9349E09E}C:\program files\hp games\wheel of fortune\wheel of fortune.exe" = protocol=17 | dir=in | app=c:\program files\hp games\wheel of fortune\wheel of fortune.exe |
"UDP Query User{5A8431BC-ECD8-46E0-9FEF-CAD13C83092A}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{9CBD8A84-3C16-40BD-ACA3-8189A47C158A}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{D472FEDD-F1B3-407C-9618-191C3D54EDE4}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{FBB3707D-2D61-4901-9699-7CC9287B0D8E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{029B5901-1F27-4347-9923-E8ACC8F54E15}" = Snapfish Picture Mover
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0A47BAFF-D4FF-4BD3-96CA-02A22EA62722}" = HP Active Support Library
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1419A197-F6FB-4129-81B2-0113A3B6A09C}" = Microsoft Expression Encoder 2
"{14AF024E-2E3B-49D0-A175-D1C1A06B155A}" = muvee autoProducer 6.0
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 22
"{26BEE28E-C285-4532-82D3-7CE3C5F805D4}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{2C045D2C-667D-4494-9684-E4B071C2C7FF}" = TurboTax 2010 wohiper
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{3891E1C9-8E9E-43E2-B009-6D008BCD7669}" = Microsoft Expression Blend 2
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3BAC6780-EAA2-012B-AE74-000000000000}" = TurboTax 2009 wohiper
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5783F2D7-0001-0409-0000-0060B0CE6BBA}" = AutoCAD 2000i
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{59ED24CA-25EC-4BB0-99C4-51ABF432BCC7}" = PS_SF_03_D5400_Software_Min
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6CC1EE94-B426-478B-AE83-F83EBB4EF66A}" = HPPhotoSmartDiscLabel_PaperLabel
"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6DA93E66-5FA8-44ED-9CCA-40773444C10D}" = HP Deskjet 3050 J610 series Basic Device Software
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70E1E357-E57C-4284-B04E-58196DC27BC1}" = PanoStandAlone
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7ED180E1-ADE9-4C69-8845-BDF518D763B8}" = hpphotosmartdisclabelplugin
"{83A5A433-C6D9-40EA-AEFE-CF354DE2D669}" = PS_SF_03_D5400_Software
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{842CC0ED-FDC0-4FBF-8C09-2428BFE4FEE1}" = Microsoft Expression Media 2 SP2
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_XWeb_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_XWeb_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_XWeb_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0045-0000-0000-0000000FF1CE}" = Microsoft Expression Web 2
"{90120000-0045-0000-0000-0000000FF1CE}_XWeb_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0045-0409-0000-0000000FF1CE}" = Microsoft Expression Web 2 MUI (English)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_XWeb_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_XWeb_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9ECE13D2-C028-44CB-8A96-A65196E7BBE7}_is1" = Convert AVI to MP4 1.3
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B6ADA0E4-9451-43EB-B86E-878AD9E68D4F}" = LightScribe 1.6.45.1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BCC09E9C-3340-473D-A4FE-8580992CA77A}" = HPPhotoSmartDiscLabelContent1
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C069720D-D6D5-4B02-9CCD-7C2FDA07EAC1}" = Microsoft Expression Studio 2
"{C3498122-091E-4999-9EBE-7513FE904F6A}" = Microsoft Expression Design 2
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{E1497C00-2605-433E-822E-3E82649CE056}" = HP Deskjet 3050 J610 series Product Improvement Study
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF94793F-F6C3-4986-AF6F-2AFC1BBDB84C}" = HP Photosmart D5400 Printer Driver Software 11.0 Rel .3
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3862C8A-B25F-4DB2-AF00-B634FAAF867C}" = DWGgateway
"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Help
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"8461-7759-5462-8226" = Vuze
"Agere Systems Soft Modem" = Agere Systems USB 2.0 Soft Modem
"AnswerWorks" = AnswerWorks Runtime
"Blend_2.0.1523.0" = Microsoft Expression Blend 2
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.1.0.1159
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Design_5.0.1379.0" = Microsoft Expression Design 2
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Shrink_is1" = DVD Shrink 3.2
"Encoder_2.0.1406.0" = Microsoft Expression Encoder 2
"ExpressionStudio_2.0.133.0" = Microsoft Expression Studio 2
"Google Updater" = Google Updater
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photo Creations" = HP Photo Creations
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Premium Visio" = Microsoft Premium Visio 2010
"Microsoft Security Client" = Microsoft Security Essentials
"mIRC" = mIRC
"Mozilla Firefox (3.6.7)" = Mozilla Firefox (3.6.7)
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"Shop for HP Supplies" = Shop for HP Supplies
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent hp Master Uninstall" = My HP Games
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.1.3 final uninstall
"XWeb" = Microsoft Expression Web 2
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/27/2011 3:02:07 AM | Computer Name = Office | Source = MsiInstaller | ID = 11606
Description =

Error - 8/27/2011 3:02:08 AM | Computer Name = Office | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x80070643 Description:Cannot complete the Security Essentials
Upgrade. Security Essentials is not currently monitoring and helping to protect
your computer. Please restart your computer and try again. Error code:0x80070643.
Fatal error during installation.

Error - 8/28/2011 3:00:53 AM | Computer Name = Office | Source = MsiInstaller | ID = 11606
Description =

Error - 8/28/2011 3:00:53 AM | Computer Name = Office | Source = MsiInstaller | ID = 11606
Description =

Error - 8/28/2011 3:02:01 AM | Computer Name = Office | Source = MsiInstaller | ID = 11606
Description =

Error - 8/28/2011 3:02:01 AM | Computer Name = Office | Source = MsiInstaller | ID = 11606
Description =

Error - 8/28/2011 3:02:30 AM | Computer Name = Office | Source = MsiInstaller | ID = 11606
Description =

Error - 8/28/2011 3:02:30 AM | Computer Name = Office | Source = MsiInstaller | ID = 11606
Description =

Error - 8/28/2011 3:02:30 AM | Computer Name = Office | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x80070643 Description:Cannot complete the Security Essentials
Upgrade. Security Essentials is not currently monitoring and helping to protect
your computer. Please restart your computer and try again. Error code:0x80070643.
Fatal error during installation.

Error - 8/29/2011 3:00:45 AM | Computer Name = Office | Source = MsiInstaller | ID = 11606
Description =

[ Media Center Events ]
Error - 6/25/2009 11:40:30 PM | Computer Name = Office | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 7/6/2009 7:35:24 PM | Computer Name = Office | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 9/24/2009 5:29:26 PM | Computer Name = Office | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 10/2/2009 11:14:23 PM | Computer Name = Office | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.WaitForUploadComplete failed. Please
try to ping www.msn.com prior to filing a bug.; Win32 GetLastError returned 10000109
Process: DefaultDomain Object Name: Media Center Guide

Error - 10/5/2009 7:59:33 PM | Computer Name = Office | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 10/12/2009 1:56:39 AM | Computer Name = Office | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/19/2009 7:30:30 PM | Computer Name = Office | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/29/2009 10:26:24 PM | Computer Name = Office | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 12/18/2009 6:37:32 AM | Computer Name = Office | Source = Media Center Guide | ID = 13
Description = Event Info: Failure attempting to download new Guide data. Please
check your Internet connection settings. If you are connecting through a firewall
or proxy, please verify that it has been properly configured. Process: DefaultDomain
Object
Name: Microsoft.Ehome.Epg.EhepgdatSingleton

Error - 12/18/2009 11:02:58 AM | Computer Name = Office | Source = Media Center Guide | ID = 34
Description = Event Info: Discovery Service: Unexpected error. The Guide listings
service is not currently available. Please try again later. Process: DefaultDomain
Object
Name: Microsoft.Ehome.Epg.EhepgdatSingleton

[ System Events ]
Error - 9/1/2011 10:22:05 PM | Computer Name = Office | Source = Microsoft Antimalware | ID = 5101
Description = %%860 grace period has expired. Protection against viruses, spyware,
and other potentially unwanted software is disabled. Expiration Reason: %%873 Expiration
Date (UTC): ?9/?2/?2011 2:22:05 AM Error Code: 0x80092003 Error Description: An error
occurred while reading or writing to a file.

Error - 9/1/2011 10:22:12 PM | Computer Name = Office | Source = DCOM | ID = 10005
Description =

Error - 9/1/2011 10:22:19 PM | Computer Name = Office | Source = DCOM | ID = 10005
Description =

Error - 9/1/2011 10:22:22 PM | Computer Name = Office | Source = DCOM | ID = 10005
Description =

Error - 9/1/2011 10:22:28 PM | Computer Name = Office | Source = DCOM | ID = 10005
Description =

Error - 9/1/2011 10:22:39 PM | Computer Name = Office | Source = DCOM | ID = 10005
Description =

Error - 9/1/2011 10:23:01 PM | Computer Name = Office | Source = Service Control Manager | ID = 7001
Description =

Error - 9/1/2011 10:23:01 PM | Computer Name = Office | Source = Service Control Manager | ID = 7026
Description =

Error - 9/1/2011 10:23:01 PM | Computer Name = Office | Source = Service Control Manager | ID = 7023
Description =

Error - 9/1/2011 10:24:06 PM | Computer Name = Office | Source = Service Control Manager | ID = 7001
Description =


< End of report >
  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello joeveli and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed
Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :processes
    killallprocesses

    :OTL
    DRV - [2009/04/11 00:45:37 | 000,185,856 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\netbt.sys -- (netbt)
    O4 - HKLM..\RunOnce: [*advauthcfg.exe] C:\Windows\advauthcfg.exe (My© Systems)
    [2011/09/01 22:22:24 | 000,094,208 | ---- | C] (My© Systems) -- C:\Windows\advauthcfg.exe
    [2011/09/01 22:11:45 | 004,194,304 | ---- | M] () -- C:\Windows\System32\qnbwvoto.dll
    [2011/08/30 07:20:47 | 000,000,120 | ---- | M] () -- C:\Users\Joey\AppData\Local\Gbojohuni.dat
    [2011/08/30 01:11:25 | 000,000,000 | ---- | M] () -- C:\Users\Joey\AppData\Local\Pmowadoqevo.bin

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 3

Please don't forget to include these items in your reply:

  • OTL fix log
  • Combofix log
It would be helpful if you could post each log in separate post
  • 0

#3
joeveli

joeveli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
OTL log...

========== PROCESSES ==========
All processes killed
========== OTL ==========
Service netbt stopped successfully!
Service netbt deleted successfully!
C:\Windows\System32\drivers\netbt.sys moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*advauthcfg.exe not found.
Invalid CLSID key: *advauthcfg.exe
File C:\Windows\advauthcfg.exe not found.
File C:\Windows\advauthcfg.exe not found.
C:\Windows\System32\qnbwvoto.dll moved successfully.
C:\Users\Joey\AppData\Local\Gbojohuni.dat moved successfully.
C:\Users\Joey\AppData\Local\Pmowadoqevo.bin moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
C:\Users\Joey\Downloads\cmd.bat deleted successfully.
C:\Users\Joey\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.27.0 log created on 09022011_180413
  • 0

#4
joeveli

joeveli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Combofix log...

ComboFix 11-09-02.04 - Joey 09/02/2011 18:16:02.1.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1918.1401 [GMT -4:00]
Running from: c:\users\Joey\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\defender.exe
c:\users\Joey\AppData\Local\{B56F951B-30F9-49D5-BB06-FD1EF8026474}
c:\users\Joey\AppData\Local\{B56F951B-30F9-49D5-BB06-FD1EF8026474}\chrome.manifest
c:\users\Joey\AppData\Local\{B56F951B-30F9-49D5-BB06-FD1EF8026474}\chrome\content\_cfg.js
c:\users\Joey\AppData\Local\{B56F951B-30F9-49D5-BB06-FD1EF8026474}\chrome\content\overlay.xul
c:\users\Joey\AppData\Local\{B56F951B-30F9-49D5-BB06-FD1EF8026474}\install.rdf
c:\users\Joey\AppData\Roaming\Adobe\plugs
c:\users\Joey\AppData\Roaming\Adobe\shed
c:\users\Joey\AppData\Roaming\C83171C5602057EA06DCB262ED0230A3
c:\users\Joey\AppData\Roaming\C83171C5602057EA06DCB262ED0230A3\enemies-names.txt
c:\users\Joey\AppData\Roaming\C83171C5602057EA06DCB262ED0230A3\local.ini
c:\users\Joey\AppData\Roaming\C83171C5602057EA06DCB262ED0230A3\lsrslt.ini
c:\users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Zentom System Guard.lnk
c:\users\Joey\AppData\Roaming\Remote\owlctx
c:\users\Joey\AppData\Roaming\Remote\srjmh47.dll
c:\users\Public\Desktop\Security Protection.lnk
c:\windows\system32\comct332.ocx
c:\windows\system32\jusched.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-08-02 to 2011-09-02 )))))))))))))))))))))))))))))))
.
.
2011-09-02 22:23 . 2011-09-02 22:23 94208 ----a-w- c:\users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\certcachecsc.exe
2011-09-02 22:23 . 2011-09-02 22:23 -------- d-----w- c:\users\Joey\AppData\Local\temp
2011-09-02 22:04 . 2011-09-02 22:04 -------- d-----w- C:\_OTL
2011-09-01 04:13 . 2011-09-01 04:13 22016 ----a-w- c:\program files\Internet Explorer\ExtExport.exe
2011-09-01 04:06 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D0FA63B3-D05C-4096-8548-0CAD7AC052F0}\mpengine.dll
2011-08-31 23:07 . 2011-09-02 22:22 -------- d-----w- c:\users\Joey\AppData\Roaming\Remote
2011-08-31 23:06 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-31 23:06 . 2011-08-31 23:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-31 23:06 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-30 05:32 . 2011-08-30 05:32 -------- d-----w- c:\programdata\WindowsSearch
2011-08-23 23:41 . 2011-07-11 13:25 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-14 23:41 . 2011-08-14 23:41 -------- d-----w- c:\program files\Microsoft Premium Visio
2011-08-10 06:43 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-10 06:43 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-10 06:43 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-10 06:41 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-10 06:41 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-10 06:41 . 2011-06-17 20:13 913296 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-10 06:41 . 2011-06-17 13:31 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2011-08-09 23:16 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A689CC79-A2B3-4A4A-9B4B-3C72B1B53328}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-13 03:39 . 2010-10-29 01:23 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-26 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-03 44168]
"OTL"="c:\users\Joey\Downloads\OTL.exe" [2011-09-02 581120]
"*certcachecsc.exe"="c:\users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\certcachecsc.exe" [2011-09-02 94208]
.
c:\users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
certcachecsc.exe [2011-9-2 94208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk
backup=c:\windows\pss\Snapfish Media Detector.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 20:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2010-04-02 07:11 75048 ------w- c:\program files\CyberLink\Shared files\brs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2007-05-24 20:13 71176 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-03-26 01:27 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2009-08-05 15:27 1644088 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2007-04-18 15:01 65536 ----a-w- c:\hp\support\hpsysdrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 22:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
2010-02-03 05:08 87336 ------w- c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateReg]
2007-04-07 09:56 54936 ----a-w- c:\windows\System32\jureg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R1 MpKsl2cb64f5d;MpKsl2cb64f5d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66007E98-973D-4CF7-AA8A-B9E98EE812F2}\MpKsl2cb64f5d.sys [x]
R1 MpKsl617fbb92;MpKsl617fbb92;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66007E98-973D-4CF7-AA8A-B9E98EE812F2}\MpKsl617fbb92.sys [x]
R1 MpKsl702cf751;MpKsl702cf751;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{60A01233-122F-4AEC-881E-51AC1AF91F5B}\MpKsl702cf751.sys [x]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/12/05 19:12];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-04-02 14:11 87536]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c98b3440c803a0;Google Update Service (gupdate1c98b3440c803a0);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 133104]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 133104]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2007-04-20 265216]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-19 16896]
R3 xcbdaNtsc;ViXS Tuner Card (NTSC);c:\windows\system32\DRIVERS\xcbda.sys [2007-09-07 156928]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2011-09-01 04:14 114176 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-10 05:38]
.
2011-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 04:01]
.
2011-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 04:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\89owoi6f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Move Media Player: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: AIM Toolbar: {c2f863cd-0429-48c7-bb54-db756a951760} - %profile%\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Personas: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
HKU-Default-Run-lpc - c:\users\Joey\AppData\Roaming\Remote\srjmh47.dll
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-Google Update - c:\users\Joey\AppData\Local\Google\Update\GoogleUpdate.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-02 18:23
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: ST340082 rev.3.CH -> Harddisk0\DR0 ->
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x851194D0]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8511f7d0]; MOV EAX, [0x8511f84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x81E83912] -> \Device\Harddisk0\DR0[0x850C9030]
3 CLASSPNP[0x879A88B3] -> ntkrnlpa!IofCallDriver[0x81E83912] -> [0x8419AA60]
5 acpi[0x824156BC] -> ntkrnlpa!IofCallDriver[0x81E83912] -> [0x83D76408]
\Driver\nvstor32[0x850CB030] -> IRP_MJ_CREATE -> 0x851194D0
kernel: MBR read successfully
_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x5d; }
detected disk devices:
\Device\00000055 -> \??\SCSI#Disk&Ven_ST340082&Prod_0AS#4&1904635f&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.netbt]
"ImagePath"="\*"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
Completion time: 2011-09-02 18:27:49
ComboFix-quarantined-files.txt 2011-09-02 22:27
.
Pre-Run: 142,352,826,368 bytes free
Post-Run: 143,108,341,760 bytes free
.
- - End Of File - - DE25948B91447CECC04F31DA88F26A71
  • 0

#5
joeveli

joeveli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I am still having some problems with my computer after posting the logs as instructed. The task manager will not start and I am now unable to access any folders in my personal folder or access the "Computer" icon to browse for files.

I followed the instructions form your last post but ran everything while in safe mode. Could that have made a difference in the results?

THanks for your help.
  • 0

#6
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi joeveli,

Looks like you are still infected. Let's see what we have here...

Step 1

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" should be Cure
    • (If suspicious file is detected please click on it and change it to Skip).
  • Click Continue button
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

Step 2

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply

Step 3

Please don't forget to include these items in your reply:

  • TDSSKiller log
  • aswMBR log
It would be helpful if you could post each log in separate post
  • 0

#7
joeveli

joeveli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Again... thanks for your help. TDS log below...

2011/09/03 01:38:31.0606 0912 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/09/03 01:38:31.0622 0912 ================================================================================
2011/09/03 01:38:31.0622 0912 SystemInfo:
2011/09/03 01:38:31.0622 0912
2011/09/03 01:38:31.0622 0912 OS Version: 6.0.6002 ServicePack: 2.0
2011/09/03 01:38:31.0622 0912 Product type: Workstation
2011/09/03 01:38:31.0622 0912 ComputerName: OFFICE
2011/09/03 01:38:31.0622 0912 UserName: Joey
2011/09/03 01:38:31.0622 0912 Windows directory: C:\Windows
2011/09/03 01:38:31.0622 0912 System windows directory: C:\Windows
2011/09/03 01:38:31.0622 0912 Processor architecture: Intel x86
2011/09/03 01:38:31.0622 0912 Number of processors: 2
2011/09/03 01:38:31.0622 0912 Page size: 0x1000
2011/09/03 01:38:31.0622 0912 Boot type: Safe boot
2011/09/03 01:38:31.0622 0912 ================================================================================
2011/09/03 01:38:32.0355 0912 Initialize success
2011/09/03 01:38:42.0729 1288 ================================================================================
2011/09/03 01:38:42.0729 1288 Scan started
2011/09/03 01:38:42.0729 1288 Mode: Manual;
2011/09/03 01:38:42.0729 1288 ================================================================================
2011/09/03 01:38:43.0431 1288 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/09/03 01:38:43.0509 1288 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/09/03 01:38:43.0540 1288 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/09/03 01:38:43.0587 1288 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/09/03 01:38:43.0618 1288 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/09/03 01:38:43.0712 1288 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/09/03 01:38:43.0790 1288 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/09/03 01:38:43.0884 1288 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/09/03 01:38:43.0915 1288 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/09/03 01:38:43.0946 1288 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/09/03 01:38:43.0977 1288 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/09/03 01:38:44.0024 1288 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/09/03 01:38:44.0071 1288 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/09/03 01:38:44.0118 1288 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/09/03 01:38:44.0242 1288 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/09/03 01:38:44.0305 1288 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/09/03 01:38:44.0352 1288 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/09/03 01:38:44.0383 1288 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/09/03 01:38:44.0492 1288 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/09/03 01:38:44.0601 1288 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/09/03 01:38:44.0648 1288 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/09/03 01:38:44.0664 1288 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/09/03 01:38:44.0726 1288 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/09/03 01:38:44.0757 1288 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/09/03 01:38:44.0788 1288 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/09/03 01:38:44.0820 1288 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/09/03 01:38:44.0898 1288 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/09/03 01:38:44.0960 1288 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS
2011/09/03 01:38:45.0132 1288 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/09/03 01:38:45.0194 1288 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/09/03 01:38:45.0241 1288 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
2011/09/03 01:38:45.0288 1288 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/09/03 01:38:45.0350 1288 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/09/03 01:38:45.0397 1288 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/09/03 01:38:45.0428 1288 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/09/03 01:38:45.0459 1288 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/09/03 01:38:45.0537 1288 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/09/03 01:38:45.0631 1288 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/09/03 01:38:45.0709 1288 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/09/03 01:38:45.0740 1288 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/09/03 01:38:45.0771 1288 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/09/03 01:38:45.0802 1288 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/09/03 01:38:45.0880 1288 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/09/03 01:38:45.0943 1288 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/09/03 01:38:46.0099 1288 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/09/03 01:38:46.0192 1288 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/09/03 01:38:46.0333 1288 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/09/03 01:38:46.0380 1288 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/09/03 01:38:46.0442 1288 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/09/03 01:38:46.0504 1288 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/09/03 01:38:46.0536 1288 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/09/03 01:38:46.0567 1288 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/09/03 01:38:46.0629 1288 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/09/03 01:38:46.0707 1288 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/09/03 01:38:46.0754 1288 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/09/03 01:38:46.0785 1288 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/09/03 01:38:46.0832 1288 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\Windows\system32\drivers\grmnusb.sys
2011/09/03 01:38:46.0910 1288 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/09/03 01:38:46.0957 1288 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/09/03 01:38:47.0004 1288 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/09/03 01:38:47.0019 1288 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
2011/09/03 01:38:47.0066 1288 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
2011/09/03 01:38:47.0113 1288 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/09/03 01:38:47.0191 1288 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/09/03 01:38:47.0222 1288 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/09/03 01:38:47.0284 1288 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/09/03 01:38:47.0316 1288 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/09/03 01:38:47.0362 1288 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/09/03 01:38:47.0472 1288 IntcAzAudAddService (edc37b918e583a5a813c53d4f5588255) C:\Windows\system32\drivers\RTKVHDA.sys
2011/09/03 01:38:47.0550 1288 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/09/03 01:38:47.0581 1288 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/09/03 01:38:47.0643 1288 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/09/03 01:38:47.0706 1288 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/09/03 01:38:47.0737 1288 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/09/03 01:38:47.0784 1288 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/09/03 01:38:47.0830 1288 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/09/03 01:38:47.0877 1288 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/09/03 01:38:47.0908 1288 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/09/03 01:38:47.0940 1288 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/09/03 01:38:47.0971 1288 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/09/03 01:38:48.0002 1288 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/09/03 01:38:48.0049 1288 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/09/03 01:38:48.0127 1288 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/09/03 01:38:48.0174 1288 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/09/03 01:38:48.0220 1288 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/09/03 01:38:48.0252 1288 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/09/03 01:38:48.0283 1288 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/09/03 01:38:48.0345 1288 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\Windows\system32\drivers\mbamswissarmy.sys
2011/09/03 01:38:48.0392 1288 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/09/03 01:38:48.0439 1288 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/09/03 01:38:48.0470 1288 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/09/03 01:38:48.0517 1288 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/09/03 01:38:48.0548 1288 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/09/03 01:38:48.0579 1288 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/09/03 01:38:48.0626 1288 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/09/03 01:38:48.0673 1288 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/09/03 01:38:48.0829 1288 MpKslac4e3bc7 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{40123135-57DE-47C6-BAC1-69FFC66D95BC}\MpKslac4e3bc7.sys
2011/09/03 01:38:48.0891 1288 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/09/03 01:38:48.0922 1288 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/09/03 01:38:48.0969 1288 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/09/03 01:38:49.0032 1288 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/09/03 01:38:49.0094 1288 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/09/03 01:38:49.0141 1288 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/09/03 01:38:49.0172 1288 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/09/03 01:38:49.0203 1288 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/09/03 01:38:49.0234 1288 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/09/03 01:38:49.0297 1288 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/09/03 01:38:49.0328 1288 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/09/03 01:38:49.0375 1288 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/09/03 01:38:49.0406 1288 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/09/03 01:38:49.0422 1288 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/09/03 01:38:49.0453 1288 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/09/03 01:38:49.0515 1288 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/09/03 01:38:49.0546 1288 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/09/03 01:38:49.0578 1288 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/09/03 01:38:49.0640 1288 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/09/03 01:38:49.0718 1288 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/09/03 01:38:49.0749 1288 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/09/03 01:38:49.0780 1288 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/09/03 01:38:49.0843 1288 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/09/03 01:38:49.0874 1288 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/09/03 01:38:49.0921 1288 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/09/03 01:38:49.0983 1288 netr73 (987549e56f122ae7a70a4717c1572b5b) C:\Windows\system32\DRIVERS\netr73.sys
2011/09/03 01:38:50.0030 1288 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/09/03 01:38:50.0077 1288 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/09/03 01:38:50.0155 1288 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/09/03 01:38:50.0202 1288 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/09/03 01:38:50.0295 1288 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/09/03 01:38:50.0373 1288 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/09/03 01:38:50.0404 1288 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/09/03 01:38:50.0467 1288 NVENETFD (74c825c573aa6e115590d94e7bf86901) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/09/03 01:38:50.0670 1288 nvlddmkm (fbba09782f2fac5a57619df378ba9372) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/09/03 01:38:50.0857 1288 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/09/03 01:38:50.0888 1288 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/09/03 01:38:50.0919 1288 nvstor32 (63b7838e9c272baaa7b33a0ca4ebb748) C:\Windows\system32\drivers\nvstor32.sys
2011/09/03 01:38:50.0997 1288 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/09/03 01:38:51.0091 1288 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/09/03 01:38:51.0153 1288 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/09/03 01:38:51.0216 1288 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/09/03 01:38:51.0247 1288 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/09/03 01:38:51.0309 1288 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/09/03 01:38:51.0340 1288 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/09/03 01:38:51.0372 1288 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/09/03 01:38:51.0434 1288 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/09/03 01:38:51.0559 1288 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/09/03 01:38:51.0590 1288 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/09/03 01:38:51.0652 1288 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
2011/09/03 01:38:51.0699 1288 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/09/03 01:38:51.0746 1288 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
2011/09/03 01:38:51.0808 1288 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/09/03 01:38:51.0871 1288 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/09/03 01:38:51.0902 1288 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/09/03 01:38:51.0933 1288 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/09/03 01:38:51.0964 1288 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/09/03 01:38:52.0042 1288 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/09/03 01:38:52.0089 1288 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/09/03 01:38:52.0167 1288 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/09/03 01:38:52.0198 1288 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/09/03 01:38:52.0230 1288 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/09/03 01:38:52.0261 1288 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/09/03 01:38:52.0323 1288 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/09/03 01:38:52.0386 1288 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/09/03 01:38:52.0432 1288 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/09/03 01:38:52.0495 1288 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/09/03 01:38:52.0526 1288 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/09/03 01:38:52.0573 1288 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/09/03 01:38:52.0620 1288 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/09/03 01:38:52.0666 1288 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
2011/09/03 01:38:52.0698 1288 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
2011/09/03 01:38:52.0713 1288 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
2011/09/03 01:38:52.0744 1288 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/09/03 01:38:52.0776 1288 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/09/03 01:38:52.0822 1288 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/09/03 01:38:52.0854 1288 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/09/03 01:38:52.0916 1288 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/09/03 01:38:52.0978 1288 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/09/03 01:38:53.0056 1288 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/09/03 01:38:53.0119 1288 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/09/03 01:38:53.0134 1288 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/09/03 01:38:53.0181 1288 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
2011/09/03 01:38:53.0259 1288 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/09/03 01:38:53.0306 1288 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/09/03 01:38:53.0337 1288 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/09/03 01:38:53.0368 1288 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/09/03 01:38:53.0462 1288 Tcpip (6647fce6fc4970daafe5c64c794513d3) C:\Windows\system32\drivers\tcpip.sys
2011/09/03 01:38:53.0509 1288 Tcpip6 (6647fce6fc4970daafe5c64c794513d3) C:\Windows\system32\DRIVERS\tcpip.sys
2011/09/03 01:38:53.0571 1288 tcpipreg (36606b165d04a397bdf613096986d85d) C:\Windows\system32\drivers\tcpipreg.sys
2011/09/03 01:38:53.0618 1288 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/09/03 01:38:53.0649 1288 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/09/03 01:38:53.0712 1288 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/09/03 01:38:53.0743 1288 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/09/03 01:38:53.0821 1288 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/09/03 01:38:53.0852 1288 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/09/03 01:38:53.0899 1288 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/09/03 01:38:53.0946 1288 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/09/03 01:38:53.0992 1288 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/09/03 01:38:54.0039 1288 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/09/03 01:38:54.0070 1288 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/09/03 01:38:54.0117 1288 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/09/03 01:38:54.0133 1288 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/09/03 01:38:54.0180 1288 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/09/03 01:38:54.0211 1288 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
2011/09/03 01:38:54.0258 1288 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/09/03 01:38:54.0289 1288 usbcir (47b9770ea21436de4ad5aea7926e0900) C:\Windows\system32\DRIVERS\usbcir.sys
2011/09/03 01:38:54.0336 1288 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/09/03 01:38:54.0382 1288 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/09/03 01:38:54.0460 1288 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/09/03 01:38:54.0476 1288 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/09/03 01:38:54.0538 1288 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/09/03 01:38:54.0585 1288 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/09/03 01:38:54.0616 1288 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/09/03 01:38:54.0648 1288 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/09/03 01:38:54.0679 1288 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/09/03 01:38:54.0710 1288 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/09/03 01:38:54.0741 1288 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/09/03 01:38:54.0757 1288 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/09/03 01:38:54.0804 1288 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/09/03 01:38:54.0850 1288 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/09/03 01:38:54.0913 1288 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/09/03 01:38:55.0006 1288 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/09/03 01:38:55.0053 1288 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/09/03 01:38:55.0084 1288 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/03 01:38:55.0084 1288 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/03 01:38:55.0131 1288 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/09/03 01:38:55.0178 1288 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/09/03 01:38:55.0287 1288 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/09/03 01:38:55.0381 1288 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/09/03 01:38:55.0428 1288 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/09/03 01:38:55.0459 1288 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
2011/09/03 01:38:55.0521 1288 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/09/03 01:38:55.0552 1288 xcbdaNtsc (da57c74aaeabd6f97f404151069be42e) C:\Windows\system32\DRIVERS\xcbda.sys
2011/09/03 01:38:55.0693 1288 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} (74ec37b9eaf9fca015b933a526825c7a) C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl
2011/09/03 01:38:55.0724 1288 MBR (0x1B8) (13af81ffe36981a6a5910f5f7a43b4f8) \Device\Harddisk0\DR0
2011/09/03 01:38:55.0740 1288 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/09/03 01:38:55.0755 1288 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk5\DR5
2011/09/03 01:38:55.0771 1288 Boot (0x1200) (651c9ba9e1e8b107afc2e76ce5dcb3e1) \Device\Harddisk0\DR0\Partition0
2011/09/03 01:38:55.0818 1288 Boot (0x1200) (e6dea129c97b56573550eb7b801725f9) \Device\Harddisk0\DR0\Partition1
2011/09/03 01:38:55.0833 1288 Boot (0x1200) (07631d65c70917f989bdef8bfa95cf0b) \Device\Harddisk5\DR5\Partition0
2011/09/03 01:38:55.0849 1288 ================================================================================
2011/09/03 01:38:55.0849 1288 Scan finished
2011/09/03 01:38:55.0849 1288 ================================================================================
2011/09/03 01:38:55.0864 1264 Detected object count: 1
2011/09/03 01:38:55.0864 1264 Actual detected object count: 1
2011/09/03 01:39:15.0708 1264 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/09/03 01:39:15.0708 1264 \Device\Harddisk0\DR0 - ok
2011/09/03 01:39:15.0708 1264 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/09/03 01:39:47.0781 1136 Deinitialize success
  • 0

#8
joeveli

joeveli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
aswMBR log below...


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-03 01:42:59
-----------------------------
01:42:59.618 OS Version: Windows 6.0.6002 Service Pack 2
01:42:59.618 Number of processors: 2 586 0x6B01
01:42:59.618 ComputerName: OFFICE UserName: Joey
01:43:11.489 Initialize success
01:43:47.993 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000055
01:43:47.993 Disk 0 Vendor: ST340082 3.CH Size: 381554MB BusType: 6
01:43:50.021 Disk 0 MBR read successfully
01:43:50.021 Disk 0 MBR scan
01:43:50.021 Disk 0 unknown MBR code
01:43:50.021 Disk 0 scanning sectors +781416720
01:43:50.068 Disk 0 scanning C:\Windows\system32\drivers
01:43:57.556 Service scanning
01:43:58.383 Service .netbt \* **LOCKED** 123
01:43:58.726 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
01:43:59.584 Modules scanning
01:44:02.189 Disk 0 trace - called modules:
01:44:02.205 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
01:44:02.205 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84ccfac8]
01:44:02.205 3 CLASSPNP.SYS[879a78b3] -> nt!IofCallDriver -> [0x84735a60]
01:44:02.220 5 acpi.sys[8720d6bc] -> nt!IofCallDriver -> \Device\00000055[0x84776b88]
01:44:02.220 Scan finished successfully
01:44:25.683 Disk 0 MBR has been saved successfully to "J:\MBR.dat"
01:44:25.792 The log file has been saved successfully to "J:\aswMBR.txt"
  • 0

#9
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Nice. TDSSKiller removed main infection. How is your system now? Problems?
  • 0

#10
joeveli

joeveli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
My system is working a lot better now. I have one remaining problem though. I still cannot use my task manager. It starts up but is quickly shutdown within 2 seconds. I have never had this problem until I was infected.

Anymore suggestions?

Edited by joeveli, 03 September 2011 - 06:59 PM.

  • 0

Advertisements


#11
joeveli

joeveli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I would alse like to note that Microsoft Security Essentials deteced a threat on my next startup. It detected the FakeYak infection again. I did not let Security Essentials take any action though.
  • 0

#12
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi joeveli,

There is still something hiding from us.

Can you tell me location of the infection MSE has found. It should be on History tab when you open MSE interface.

Step 1

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post

Step 2

  • Run OTL.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the "Scan All User" checkbox
  • Change "Extra Registry" option to "SafeList"
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows OTL.txt and Extra.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this files, and post it with your next reply.
Step 3

Please don't forget to include these items in your reply:

  • AVPTool log
  • OTL.txt log
  • OTL Extras log
It would be helpful if you could post each log in separate post
  • 0

#13
joeveli

joeveli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
This is what I found under the History tab of MSE...

file:C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\scanautocab.exe

Problem here is that MSE automatically tried to remove the virus. I hope this doesn't cause any problems as you mention above not to run any scans outside of what is being instructed.

Logs as instructed to follow.

Edited by joeveli, 05 September 2011 - 04:31 PM.

  • 0

#14
joeveli

joeveli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Wow the AVP took a long time to run!!!

Log below...

Status: Deleted (events: 5)
9/5/2011 7:28:35 PM Deleted Trojan program Trojan.Win32.Monder.mqty C:\Documents and Settings\Joey\Desktop\RK_Quarantine\srjmh47.dll.vir High
9/5/2011 11:52:47 PM Deleted Trojan program Trojan.Win32.Monder.mqty C:\Qoobox\Quarantine\C\Users\Joey\AppData\Roaming\Remote\srjmh47.dll.vir High
9/5/2011 11:52:50 PM Deleted Trojan program Trojan-Downloader.JS.Agent.ggy C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SRUDKKH3\index[1].htm High
9/6/2011 7:41:38 AM Deleted Trojan program Rootkit.Win32.ZAccess.e C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys High
9/6/2011 7:41:38 AM Deleted Trojan program Rootkit.Win32.ZAccess.e C:\_OTL\MovedFiles\09022011_180413\C_Windows\System32\drivers\netbt.sys High
Status: Disinfected (events: 2)
9/5/2011 11:55:01 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.ch C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\1eb29aec-6d205a8c/buildService/MailAgent.class High
9/5/2011 11:55:01 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.ch C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\1eb29aec-6d205a8c High
  • 0

#15
joeveli

joeveli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
OTL.txt

OTL logfile created on: 9/6/2011 6:38:48 PM - Run 2
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Joey\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 57.23% Memory free
3.99 Gb Paging File | 2.65 Gb Available in Paging File | 66.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 363.75 Gb Total Space | 131.13 Gb Free Space | 36.05% Space Free | Partition Type: NTFS
Drive D: | 8.86 Gb Total Space | 1.21 Gb Free Space | 13.61% Space Free | Partition Type: NTFS

Computer Name: OFFICE | User Name: Joey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/05 18:44:14 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Joey\Desktop\OTL.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/01/15 11:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/02/15 07:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


========== Modules (No Company Name) ==========

MOD - [2009/11/03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/04/15 23:23:48 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - [2011/09/06 07:41:38 | 000,001,296 | -HS- | M] () [File_System | Unknown | Running] -- C:\Windows\3193965drv.spi -- (3193965drv)
DRV - [2011/09/06 00:59:58 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\87301693.sys -- (87301693)
DRV - [2011/09/06 00:59:58 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\43523117.sys -- (43523117)
DRV - [2011/09/05 18:52:40 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E9909A06-AD54-463B-AD77-4A7BBD78D372}\MpKsl531a4405.sys -- (MpKsl531a4405)
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/06/30 04:27:08 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2010/04/02 10:11:16 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/12/05 19:12:20] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})
DRV - [2008/05/22 14:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/01/19 02:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/10/26 11:51:22 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/09/07 06:36:08 | 000,156,928 | ---- | M] (ViXS Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\xcbda.sys -- (xcbdaNtsc) ViXS Tuner Card (NTSC)
DRV - [2007/05/03 14:29:10 | 001,065,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/04/20 13:21:18 | 000,265,216 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2006/11/28 11:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/12/12 13:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3073320548-3696611991-3719670124-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-3073320548-3696611991-3719670124-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3073320548-3696611991-3719670124-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-3073320548-3696611991-3719670124-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3073320548-3696611991-3719670124-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3073320548-3696611991-3719670124-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.20.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.2.20080910
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://search.yahoo....-8&fr=ytff-&p="


FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Users\Joey\AppData\Roaming\nprhapengine.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/05 20:38:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/24 22:53:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/01 22:16:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/05 20:38:53 | 000,000,000 | ---D | M]

[2008/06/20 16:44:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joey\AppData\Roaming\Mozilla\Extensions
[2010/12/27 22:52:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\89owoi6f.default\extensions
[2009/08/07 17:46:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\89owoi6f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/04/03 22:35:47 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\89owoi6f.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/04/03 23:12:58 | 000,000,000 | ---D | M] ("AIM Toolbar") -- C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\89owoi6f.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2009/01/14 22:38:28 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\89owoi6f.default\extensions\[email protected]
[2010/03/14 17:18:53 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\89owoi6f.default\extensions\[email protected]
[2009/04/03 23:13:04 | 000,001,739 | ---- | M] () -- C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\89owoi6f.default\searchplugins\aim-search.xml
[2010/12/27 22:52:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/04 22:58:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/28 18:59:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2009/11/06 12:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/06 12:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_43523117.lnk = C:\Users\Joey\AppData\Local\temp\_uninst_43523117.bat ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3073320548-3696611991-3719670124-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3073320548-3696611991-3719670124-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3073320548-3696611991-3719670124-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3073320548-3696611991-3719670124-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3073320548-3696611991-3719670124-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-3073320548-3696611991-3719670124-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{12042BB1-7D46-4DFE-8ECB-8823F1CE7141}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8035D4B1-BA80-4384-A74A-C87B5FED013D}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Joey\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Joey\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/15 19:59:40 | 000,000,121 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/05 18:53:06 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\87301693.sys
[2011/09/05 18:46:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/09/05 18:45:01 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\43523117.sys
[2011/09/05 18:44:11 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Joey\Desktop\OTL.exe
[2011/09/03 01:38:04 | 000,000,000 | ---D | C] -- C:\Users\Joey\Desktop\tdsskiller
[2011/09/03 01:37:56 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Joey\Desktop\aswMBR.exe
[2011/09/02 18:27:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/09/02 18:27:52 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\temp
[2011/09/02 18:23:06 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/09/02 18:12:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/09/02 18:12:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/09/02 18:12:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/09/02 18:12:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/02 18:10:42 | 004,194,078 | R--- | C] (Swearware) -- C:\Users\Joey\Desktop\ComboFix.exe
[2011/09/02 18:04:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/01 22:35:56 | 000,000,000 | ---D | C] -- C:\Users\Joey\Desktop\RK_Quarantine
[2011/09/01 00:14:09 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/09/01 00:14:09 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/09/01 00:14:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/09/01 00:14:08 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/09/01 00:14:08 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/09/01 00:14:08 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/09/01 00:14:08 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/09/01 00:14:08 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/09/01 00:14:06 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/09/01 00:14:06 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/09/01 00:14:06 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/09/01 00:14:06 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/09/01 00:14:05 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/09/01 00:14:05 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/09/01 00:14:05 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/09/01 00:14:05 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/09/01 00:14:05 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/09/01 00:14:05 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/09/01 00:14:04 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/09/01 00:14:04 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/09/01 00:14:04 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/09/01 00:14:03 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/09/01 00:14:03 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/09/01 00:14:03 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/09/01 00:14:02 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/09/01 00:14:02 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/09/01 00:14:02 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/09/01 00:14:01 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/09/01 00:14:01 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/09/01 00:14:01 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/09/01 00:14:01 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/09/01 00:14:01 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/09/01 00:14:00 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/09/01 00:14:00 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/09/01 00:14:00 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/09/01 00:14:00 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/09/01 00:14:00 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/08/31 19:07:27 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Roaming\Remote
[2011/08/31 19:06:15 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/08/31 19:06:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/31 19:06:12 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/08/31 19:06:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/30 01:32:09 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011/08/23 19:41:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/08/22 20:42:29 | 000,000,000 | ---D | C] -- C:\Users\Joey\Desktop\File Me Singles
[2011/08/14 19:41:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Premium Visio
[2011/08/14 19:41:34 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Premium Visio
[2011/08/14 19:41:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Premium Visio
[2011/08/10 02:43:36 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/08/10 02:41:42 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/08/10 02:41:42 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/06 18:25:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/06 16:52:10 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/06 16:52:10 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/06 11:36:10 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/09/06 07:41:38 | 000,001,296 | -HS- | M] () -- C:\Windows\3193965drv.spi
[2011/09/06 00:59:58 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\87301693.sys
[2011/09/06 00:59:58 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\43523117.sys
[2011/09/05 23:25:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/05 18:57:59 | 000,609,268 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/05 18:57:59 | 000,105,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/05 18:51:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/05 18:46:29 | 000,000,842 | ---- | M] () -- C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_43523117.lnk
[2011/09/05 18:44:14 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Joey\Desktop\OTL.exe
[2011/09/05 18:43:06 | 105,573,704 | ---- | M] () -- C:\Users\Joey\Desktop\setup_11.0.0.1245.x01_2011_09_06_01_00.exe
[2011/09/03 01:34:52 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Joey\Desktop\aswMBR.exe
[2011/09/02 20:19:31 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/09/02 18:07:02 | 004,194,078 | R--- | M] (Swearware) -- C:\Users\Joey\Desktop\ComboFix.exe
[2011/09/01 21:45:34 | 000,001,356 | ---- | M] () -- C:\Users\Joey\AppData\Local\d3d9caps.dat
[2011/09/01 21:03:37 | 000,000,905 | ---- | M] () -- C:\Users\Joey\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/09/01 00:14:33 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/09/01 00:14:33 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/09/01 00:14:09 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/09/01 00:14:09 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/09/01 00:14:08 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/09/01 00:14:08 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/09/01 00:14:08 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/09/01 00:14:08 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/09/01 00:14:08 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/09/01 00:14:08 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/09/01 00:14:06 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/09/01 00:14:06 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/09/01 00:14:06 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/09/01 00:14:06 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/09/01 00:14:06 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/09/01 00:14:05 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/09/01 00:14:05 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/09/01 00:14:05 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/09/01 00:14:05 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/09/01 00:14:05 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/09/01 00:14:05 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/09/01 00:14:04 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/09/01 00:14:04 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/09/01 00:14:04 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/09/01 00:14:03 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/09/01 00:14:03 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/09/01 00:14:03 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/09/01 00:14:02 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/09/01 00:14:02 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/09/01 00:14:02 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/09/01 00:14:01 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/09/01 00:14:01 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/09/01 00:14:01 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/09/01 00:14:01 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/09/01 00:14:01 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/09/01 00:14:00 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/09/01 00:14:00 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/09/01 00:14:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/09/01 00:14:00 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/09/01 00:14:00 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/08/31 19:06:15 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/31 18:56:41 | 254,091,255 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/08/28 22:01:21 | 000,508,324 | ---- | M] () -- C:\Users\Joey\Documents\2010 W2 Matt Cherry.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/05 19:28:34 | 000,001,296 | -HS- | C] () -- C:\Windows\3193965drv.spi
[2011/09/05 18:46:29 | 000,000,842 | ---- | C] () -- C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_43523117.lnk
[2011/09/05 18:23:26 | 105,573,704 | ---- | C] () -- C:\Users\Joey\Desktop\setup_11.0.0.1245.x01_2011_09_06_01_00.exe
[2011/09/02 20:18:43 | 000,001,726 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/09/02 18:12:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/02 18:12:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/02 18:12:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/02 18:12:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/02 18:12:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/01 00:14:05 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/08/31 19:06:15 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/28 22:01:20 | 000,508,324 | ---- | C] () -- C:\Users\Joey\Documents\2010 W2 Matt Cherry.pdf
[2011/03/21 21:08:34 | 000,166,693 | ---- | C] () -- C:\Windows\hphins28.dat
[2010/08/05 20:38:40 | 000,023,111 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/08/05 20:31:20 | 000,077,375 | ---- | C] () -- C:\Windows\hpqins05.dat
[2009/07/31 19:12:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/31 19:12:43 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/04/15 23:23:47 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2008/09/07 22:04:34 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/09/07 22:04:33 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/08/19 19:59:57 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/06/30 22:01:45 | 000,084,480 | ---- | C] () -- C:\Users\Joey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/18 00:57:44 | 000,001,611 | ---- | C] () -- C:\Windows\hphmdl28.dat
[2008/06/17 21:37:23 | 000,001,356 | ---- | C] () -- C:\Users\Joey\AppData\Local\d3d9caps.dat
[2008/06/08 20:45:04 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/08/22 16:51:03 | 000,107,026 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/08/22 16:38:39 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2007/08/22 16:36:06 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2007/08/22 16:36:06 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/05/14 08:28:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/14 02:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 02:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,478,064 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,609,268 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,105,808 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2000/06/12 01:37:18 | 000,045,056 | ---- | C] () -- C:\Windows\System32\mtstack.exe

< End of report >
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP